SlideShare a Scribd company logo

February Patch Tuesday 2019

Download as PPTX, PDF
Ivanti
Ivanti

The average spent on Valentine’s Day is a topic that’s been making the rounds on social media. It’s generated shock and awe—but it’s nothing compared to the damage one exploited vulnerability can unleash on your organization. So, let’s keep the money in February flowing into flower stores and candlelit dinners, rather than into the pockets of those we’d never choose to date. For February the men (and women) of Patch Tuesday recommend you lavish attention upon Microsoft. Patch the exploited zero day, public disclosures, and privilege escalation vulnerability. Also, make time for the ever-popular target, Adobe. Because nothing leaves a worse taste in your mouth than a breach you could have prevented—unless, perhaps, it’s those chalky conversation hearts.

Software
1 of 51
Patch Tuesday Webinar Wednesday, Feb 13, 2019 Hosted by: Chris Goettl & Todd Schell Dial in: 1-877-668-4490 (US) Event ID: 807 787 640
 https://go.ivanti.com/Webinar-2019-Patch-Tuesday.html
Copyright©2019Ivanti.Allrightsreserved Agenda February 2019 Patch Tuesday Overview In the News Bulletins Q & A 1 2 3 4
Copyright©2019Ivanti.Allrightsreserved  Overview
Copyright©2019Ivanti.Allrightsreserved
Copyright©2019Ivanti.Allrightsreserved  In the News
Copyright©2019Ivanti.Allrightsreserved In the News  PrivExchange  Abusing Exchange – writeup with proof of concept by Dirk-jan Mollema  ZDNet Microsoft Exchange vulnerable to ‘PrivExchange’ zero-day  ADV190007  Unconstrained Delegation Advisory  ADV190006  Updates to TGT delegation across incoming trusts in Windows Server  PatchManagment.org Update coming  Moving from Listserver to Google Groups  DMARC support and other security concerns
Copyright©2019Ivanti.Allrightsreserved Zero-day Exploited Vulnerability  CVE-2019-0676 - Internet Explorer Information Disclosure Vulnerability  An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.  An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website.  The security update addresses the vulnerability by changing the way Internet Explorer handles objects in memory.
Copyright©2019Ivanti.Allrightsreserved Publicly Disclosed Vulnerability  CVE-2019-0636 - Windows Information Disclosure Vulnerability  An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.  To exploit the vulnerability, an attacker would have to log onto an affected system and run a specially crafted application.  The update addresses the vulnerability by changing the way Windows discloses file information.
Copyright©2019Ivanti.Allrightsreserved Publicly Disclosed Vulnerability  CVE-2019-0686 - Exchange Server Elevation of Privilege Vulnerability  An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users.  Exploitation of this vulnerability requires Exchange Web Services (EWS) and Push Notifications to be enabled and in use in an affected environment. To exploit the vulnerability, an attacker would need to execute a man-in-the-middle attack to forward an authentication request to a Microsoft Exchange Server, thereby allowing impersonation of another Exchange user.  To address this vulnerability, Microsoft has changed the notifications contract established between EWS clients and Exchange Servers to not allow authenticated notifications to be streamed by the server. Instead, these notifications will be streamed using anonymous authentication mechanisms.
Copyright©2019Ivanti.Allrightsreserved Publicly Disclosed Vulnerability  CVE-2019-0724 - Exchange Server Elevation of Privilege Vulnerability  An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as a Domain Administrator.  Exploitation of this vulnerability requires Exchange Web Services (EWS) and Push Notifications to be enabled and in use in an affected environment. To exploit the vulnerability, an attacker would need to execute a man-in-the-middle attack to forward an authentication request to a Microsoft Active Directory domain controller, thereby facilitating gaining of increased privileges on the domain controller.  To address this vulnerability, Microsoft has evaluated the rights granted to Exchange Servers and Exchange Administrators in the identified scenarios and determined changes are possible which lower the permissions granted within an Active Directory domain. The actual permission changes will vary based upon the version of Exchange Server in use. Please see https://support.microsoft.com/kb/4490059 for more information.
Copyright©2019Ivanti.Allrightsreserved Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001  February Releases  KB 4485447 - Windows 10 Version 1607/Server 2016  KB 4487327 - Windows 10 Version 1703  KB 4485448 - Windows 10 1709/Windows Server, version 1709  KB 4485449 - Windows 10 1803/Windows Server, version 1803  Updates for Visual Studio versions 2017, 2017 version 15.9  Updates for Team Foundation Server 2018 version 3.2  Updated Development Components/Packages  ChakraCore  .NET Core 1.0, 1.1, 2.1, 2.2  Java SDK for Azure IoT
Copyright©2019Ivanti.Allrightsreserved Windows 10 Lifecycle Awareness  Windows 10 Branch Support  Complete Lifecycle Fact Sheet  https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet Source: Microsoft
Copyright©2019Ivanti.Allrightsreserved Weekly Patch BLOG  Latest Patch Releases  Microsoft and Third-party  Security and non-Security  CVE Analysis  Security Events of Interest  Host: Brian Secrist  https://www.ivanti.com/blog/ topics/patch-tuesday
Copyright©2019Ivanti.Allrightsreserved Patch Content Announcement System Announcements Posted on Community Pages  https://community.ivanti.com/community/other/bulletins/patch-content- notifications  Subscribe to receive email or RSS notifications for desired product(s)
Copyright©2019Ivanti.Allrightsreserved  Bulletins
Copyright©2019Ivanti.Allrightsreserved APSB19-07: Security Update for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (all current versions)  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.  Impact: Remote Code Execution, Privilege Escalation, and Information Disclosure  Fixes 71 Vulnerabilities: https://helpx.adobe.com/security/products/acrobat/apsb19- 07.html  Restart Required: Requires application restart
Copyright©2019Ivanti.Allrightsreserved MS19-02-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1703, 1709, 1803, 1809, Server 2016, Server 2019, Server 1709, Server 1803, IE 11 and Microsoft Edge  Description: This bulletin references 9 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of Privilege, and Information Disclosure  Fixes 52 Vulnerabilities: CVE-2019-0676 is known to be exploited in the wild and CVE-2019-636 is publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide.
Copyright©2019Ivanti.Allrightsreserved February Known Issues for Windows 10  KB 4487026 – Windows 10, Version 1607 and Server 2016  For hosts managed by System Center Virtual Machine Manager (SCVMM), SCVMM cannot enumerate and manage logical switches deployed on the host after installing the update. Additionally, if you do not follow the best practices, a stop error may occur in vfpext.sys on the hosts. Workaround: 1.Run mofcomp on the following mof files on the affected host: Scvmmswitchportsettings.mof and VMMDHCPSvr.mof. Follow the best practices.  After installing KB4467691, Windows may fail to startup on certain Lenovo laptops that have less than 8 GB of RAM. Workaround: Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart. If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled. Microsoft is working with Lenovo to resolve.  After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. Workaround: Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution.
Copyright©2019Ivanti.Allrightsreserved February Known Issues for Windows 10 (cont)  KB 4487017 – Windows 10, Version 1803  After installing this update, some users cannot pin a web link on the Start menu or the taskbar. Workaround: None. Microsoft is still working on a resolution for this issue.
Copyright©2019Ivanti.Allrightsreserved MS19-02-IE: Security Updates for Internet Explorer  Maximum Severity: Critical  Affected Products: Microsoft Internet Explorer 9,10,11  Description: The fixes that are included in the cumulative Security Update for Internet Explorer are also included in the February 2019 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in the cumulative update. This bulletin references 11 KB articles.  Impact: Remote Code Execution, Spoofing, and Information Disclosure  Fixes 3 Vulnerabilities: CVE-2019-0606, CVE-2019-06546, CVE-2019-0676  Restart Required: Requires browser restart  Known Issues: None reported
Copyright©2019Ivanti.Allrightsreserved MS19-02-MR2K8: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: This security update includes improvements and fixes that were a part of update KB 4480974 (released January 17, 2019). Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4487023.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 24 Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019- 0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE-2019-0615, CVE- 2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019-0636, CVE-2019- 0660, CVE-2019-0661, CVE-2019-0662, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See next slide
Copyright©2019Ivanti.Allrightsreserved February Known Issues for Server 2008  KB 4487023 – Windows Server 2008 Service Pack 2 (Monthly Rollup)  KB 4487019 – Windows Server 2008 Service Pack 2 (Security-only update)  After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”  This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.  Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft anticipates a resolution by mid-February.
Copyright©2019Ivanti.Allrightsreserved MS19-02-SO2K8: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4487019.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 24 Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019- 0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE-2019-0615, CVE- 2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019-0636, CVE-2019- 0660, CVE-2019-0661, CVE-2019-0662, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See previous slide
Copyright©2019Ivanti.Allrightsreserved MS19-02-MR7: Monthly Rollup for Win 7 and Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4480955 (released January 17, 2019). Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4486563.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 24 (shown) + 3 (IE) Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019- 0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE- 2019-0615, CVE-2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019- 0636, CVE-2019-0660, CVE-2019-0661, CVE-2019-0662, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See next slide
Copyright©2019Ivanti.Allrightsreserved February Known Issues for Windows 7 and Server 2008 R2  KB 4486563 – Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)  KB 4486564 – Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)  After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”  This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.  Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft anticipates a resolution by mid-February.  After installing this update, the Event Viewer may not show some event descriptions for network interface cards (NIC).  Workaround: None. Microsoft working on resolution for March 2019.
Copyright©2019Ivanti.Allrightsreserved MS19-02-SO7: Security-only Update for Win 7 and Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2  Description: Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4486564.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 24 Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019- 0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE-2019-0615, CVE- 2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019-0636, CVE-2019- 0660, CVE-2019-0661, CVE-2019-0662, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See previous slide
Copyright©2019Ivanti.Allrightsreserved MS19-02-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB 4480971 (released January 15, 2019). Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4487025.  Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure  Fixes 25 (shown) + 3 (IE) Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019- 0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE- 2019-0615, CVE-2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019- 0636, CVE-2019-0660, CVE-2019-0661, CVE-2019-0662, CVE-2019-0663, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See next slide
Copyright©2019Ivanti.Allrightsreserved February Known Issues for Server 2012  KB 4487025 – Windows Server 2012 (Monthly Rollup)  KB 4486993 – Windows Server 2012 (Security-only update)  After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”  This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.  Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft anticipates a resolution by mid-February.  After installing this update, the Event Viewer may not show some event descriptions for network interface cards (NIC).  Workaround: None. Microsoft working on resolution for March 2019.
Copyright©2019Ivanti.Allrightsreserved MS19-02-SO8: Security-only Update for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Server 2012  Description: Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4486993.  Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure  Fixes 25 Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019- 0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE-2019-0615, CVE- 2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019-0636, CVE-2019- 0660, CVE-2019-0661, CVE-2019-0662, CVE-2019-0663, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See previous slide.
Copyright©2019Ivanti.Allrightsreserved MS19-02-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4480969 (released January 15, 2019). Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4487000.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 25 (shown) + 3 (IE) Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019- 0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE- 2019-0615, CVE-2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019- 0636, CVE-2019-0656, CVE-2019-0660, CVE-2019-0662, CVE-2019-0663, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See next slide.
Copyright©2019Ivanti.Allrightsreserved February Known Issues for Windows 8.1 and Server 2012 R2  KB 4487000 – Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)  KB 4487028 – Windows 8.1, Windows Server 2012 R2 (Security-only update)  After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”  This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.  Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft anticipates a resolution by mid-February.
Copyright©2019Ivanti.Allrightsreserved MS19-02-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4487028.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 25 Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019- 0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE-2019-0615, CVE- 2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019-0636, CVE-2019- 0656, CVE-2019-0660, CVE-2019-0662, CVE-2019-0663, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See previous slide.
Copyright©2019Ivanti.Allrightsreserved MS19-02-SPT: Security Updates for SharePoint Server  Maximum Severity: Critical  Affected Products: Microsoft Enterprise SharePoint Server 2010-2019  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on 5 KB articles.  Impact: Remote Code Execution, Spoofing, and Elevation of Privilege  Fixes 4 Vulnerabilities: CVE-2019-0594, CVE-2019-0604, CVE-2019-0668, CVE- 2019-0670  Restart Required: Requires Restart  Known Issues: None reported
Copyright©2019Ivanti.Allrightsreserved MS19-02-EX: Security Updates for Exchange Server  Maximum Severity: Critical  Affected Products: Microsoft Exchange Server 2010-2019  Description: Security updates address Exchange Web Services Push Notifications which can be used to gain unauthorized access and reduction of permissions required to run Exchange Server using Shared Permissions Model. See https://support.microsoft.com/en-us/help/4490059/using-shared-permissions-model-to- run-exchange-server for more details. This bulletin is based on KBs 4345836, 4471392, 4471391 and 4487052.  Impact: Elevation of Privilege  Fixes 2 Vulnerabilities: CVE-2019-0686 and CVE-2019-0724  Restart Required: Requires Restart  Known Issues: See next slide.
Copyright©2019Ivanti.Allrightsreserved February Known Issues for Exchange Server Updates  KB 4487052 – Exchange Server 2010 U26  KB 4345836 – Exchange Server 2013 U22  KB 4471392 – Exchange Server 2016 U12  KB 4471391 – Exchange Server 2019 U1  After you install Cumulative Update 1 for Exchange Server 2019, the Accept button disappears in the invitation email message of a shared calendar in the Outlook on the web client (previously known as Outlook Web App). Therefore, you cannot add the shared calendar by clicking the Accept button directly. Workaround: See KBs  In multidomain Active Directory forests in which Exchange is installed or has been prepared previously by using the /PrepareDomain option in SETUP, this action must be completed after the /PrepareAD command for this cumulative update has been completed and the changes are replicated to all domains. Setup will try to execute the /PrepareAD command during the first server installation. Installation will finish only if the user who initiated SETUP has the appropriate permissions.  Exchange Server 2010 requires some additional manual steps for setup. See KB 4490059 for more details. Also ensure the update is run as administrator.
Copyright©2019Ivanti.Allrightsreserved MS19-02-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Excel 2010-2016, Office 2010-2016, Office 2016 and 2019 for Mac  Description: This security update resolves vulnerabilities in most Microsoft Office applications. This bulletin references 19 KB articles and Release Notes.  Impact: Remote Code Execution and Security Feature Bypass  Fixes 7 Vulnerabilities: CVE-2019-0540, CVE-2019-0669, CVE-2019-0671, CVE- 2019-0672, CVE-2019-0673, CVE-2019-0674, CVE-2019-0675  Restart Required: Requires application restart  Known Issues: None reported
Copyright©2019Ivanti.Allrightsreserved MS19-02-O365: Security Updates for Office 365 ProPlus  Maximum Severity: Important  Affected Products: Office 365 ProPlus, Office 2019  Description: This security update resolves vulnerabilities in most Microsoft Office 365 applications. Information on Office 365 ProPlus updates is available at https://docs.microsoft.com/en-us/officeupdates/release-notes-office365-proplus  Impact: Remote Code Execution and Security Feature Bypass  Fixes 6 Vulnerabilities: CVE-2019-0540, CVE-2019-0669, CVE-2019-0671, CVE- 2019-0672, CVE-2019-0673, CVE-2019-0674  Restart Required: Requires application restart  Known Issues: None reported
Copyright©2019Ivanti.Allrightsreserved MS19-02-MRNET: Monthly Rollup for Microsoft .Net  Maximum Severity: Important  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7.2  Description: This security update resolves a vulnerability in Microsoft .NET Framework that where the software does not check the source markup of a file resulting in code execution and also a URL parsing vulnerability that could result in privileged communication to an untrusted service as if it were a trusted service. This bulletin references 11 KB articles.  Impact: Remote Code Execution and Spoofing  Fixes 2 Vulnerabilities: CVE-2019-0613 and CVE-2019-0657  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.
Copyright©2019Ivanti.Allrightsreserved MS19-01-SONET: Security-only Update for Microsoft .Net  Maximum Severity: Important  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7.2  Description: This security update resolves a vulnerability in Microsoft .NET Framework that where the software does not check the source markup of a file resulting in code execution and also a URL parsing vulnerability that could result in privileged communication to an untrusted service as if it were a trusted service. This bulletin references 10 KB articles.  Impact: Remote Code Execution and Spoofing  Fixes 2 Vulnerabilities: CVE-2019-0613 and CVE-2019-0657  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.
Copyright©2019Ivanti.Allrightsreserved MS19-02-AFP: Security Update for Adobe Flash Player  Maximum Severity: Important  Affected Products: Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player that is installed on any supported edition of Windows Server 2016, Windows 10 Version 1809, Windows 10 Version 1803, Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 (RTM), Windows Server 2012, Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. This bulletin is based on ADV190003.  Impact: Information Disclosure  Fixes 1 Vulnerability: CVE-2019-7090  Restart Required: Requires application restart
Copyright©2019Ivanti.Allrightsreserved APSB19-06: Security Update for Adobe Flash Player  Maximum Severity: Important  Affected Products: Adobe Flash Player for Desktop Runtime, Google Chrome, Internet Explorer 11 and Edge  Description: Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address one important vulnerability in Adobe Flash Player. Successful exploitation could lead to information disclosure in the context of the current user.  Impact: Information Disclosure  Fixes 1 Vulnerability: CVE-2019-7090  Restart Required: Requires application restart
Copyright©2019Ivanti.Allrightsreserved Between Patch Tuesday’s New Product Support: Citrix Workspace App, Office 2019, Nitro Pro Enterprise Security Updates: Apple iCloud (1), Apple iTunes (1), CCleaner (1), Google Chrome (2), Dropbox (3), Evernote (3), Firefox (2), Firefox ESR (1), FileZilla (1), GOM Player (2), Java Runtime Environment (1), Java Development Kit (1), LibreOffice (2), Microsoft (3), Nitro Pro (2), Node.JS (4), Notepad++ (1), Opera (2), Oracle VirtualBox (2), PeaZip (1), Skype (3), Slack Machine-Wide Installer (1), Splunk Universal Forwarder (1), Thunderbird (1), Tomcat (2), TortoiseSVN (2), TeamViewer (1), Visual Studio Code (2), VLC Player (1), Wireshark (2) Non-Security Updates: : Beyond Compare (1), Blue Jeans (1), Box Sync (1), Citrix Workspace App (1), Google Drive (2), GoodSync (2), Google Backup and Sync (1), Inkscape (1), Java Runtime Environment (1), Java Development Kit (1), KeePass Pro (1), LogMeIn (2), Power BI Desktop (1), PDF-Xchange PRO (1), Plex Media Player (3), Royal TS (5), RealVNC Connect (1), Treesize Free (1), Cisco Webex Meeting Center (1), XnView (1), Zoom Client (3), Zoom Outlook Plugin (1)
Copyright©2019Ivanti.Allrightsreserved Third Party CVE Information  iTunes 12.9.3.3  AI19-001, QAI12933  Fixes 14 Vulnerabilities: CVE-2018-20346, CVE-2018-20505, CVE-2018- 20506, CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6221, CVE-2019-6226, CVE-2019-6227, CVE-2019-6229, CVE- 2019-6233, CVE-2019-6234, CVE-2019-6235  Apple iCloud 7.10.0.9  ICLOUD-017, QICLOUD71009  Fixes 12 Vulnerabilities: CVE-2018-20346, CVE-2018-20505, CVE-2018- 20506, CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226, CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, CVE- 2019-6234
Copyright©2019Ivanti.Allrightsreserved Third Party CVE Information (cont)  Firefox 65.0  FF19-002, QFF6500  Fixes 7 Vulnerabilities: CVE-2018-18500, CVE-2018-18501, CVE-2018- 18502, CVE-2018-18503, CVE-2018-18504, CVE-2018-18505, CVE-2018- 18506  Firefox ESR 60.5.0  FFE19-6050, QFFE6050  Fixes 3 Vulnerabilities: CVE-2018-18500, CVE-2018-18501, CVE-2018-18505  Thunderbird 60.5.0  TB19-6050, QTB6050  Fixes 4 Vulnerabilities: CVE-2016-5824, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505
Copyright©2019Ivanti.Allrightsreserved Third Party CVE Information (cont)  Java 8 Update 201  JAVA8-201, QJAVA8U201  Fixes 3 Vulnerabilities: CVE-2018-11212, CVE-2019-2422, CVE-2019-2426  Java 8 Update 202  JAVA8-202, QJAVA8U202  Fixes 4 Vulnerabilities: CVE-2018-11212,CVE-2019-2422,CVE-2019- 2426,CVE-2019-2449  Java Development Kit 8 Update 201  JDK8-201, QJDK8U201  Fixes 3 Vulnerabilities: CVE-2018-11212, CVE-2019-2422, CVE-2019-2426  Java Development Kit 8 Update 202  JDK8-202, QJDK8U202  Fixes 4 Vulnerabilities: CVE-2018-11212,CVE-2019-2422,CVE-2019- 2426,CVE-2019-2449
Copyright©2019Ivanti.Allrightsreserved Third Party CVE Information (cont)  Wireshark 2.4.12  WIRES-087, QWIRES2412  Fixes 3 Vulnerabilities: CVE-2019-5717, CVE-2019-5718, CVE-2019-5719  Wireshark 2.6.6  WIRES-088, QWIRES266  Fixes 4 Vulnerabilities: CVE-2019-5716, CVE-2019-5717, CVE-2019-5718, CVE-2019-5719
Copyright©2019Ivanti.Allrightsreserved
Madrid | March 11-14, 2019 | Interchange.ivanti.com Engage in Deep-Dive Technical Training Meet One-on-One with Product Experts Gain Product Roadm ap Insights Hear from IT Industry Experts Network with Leaders and Peers Early Bird: €695 til February 13 €50 off with code INTWEBMAD19
Nashville | April 29-May 2, 2019 | Interchange.ivanti.com Engage in Deep-Dive Technical Training Meet One-on-One with Product Experts Gain Product Roadm ap Insights Hear from IT Industry Experts Network with Leaders and Peers Early Bird: $1,495 til March 29 $100 off with code INTWEBNASH19
Thank You

Recommended

November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday Analysis
Ivanti
 
January Patch Tuesday 2019
January Patch Tuesday 2019January Patch Tuesday 2019
January Patch Tuesday 2019
Ivanti
 
There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806
Ivanti
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
Ivanti
 
October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018
Ivanti
 
Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019
Ivanti
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slides
Ivanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
Ivanti
 

Recommended

November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday Analysis
Ivanti
 
January Patch Tuesday 2019
January Patch Tuesday 2019January Patch Tuesday 2019
January Patch Tuesday 2019
Ivanti
 
There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806
Ivanti
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
Ivanti
 
October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018
Ivanti
 
Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019
Ivanti
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slides
Ivanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
Ivanti
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021
Ivanti
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
Ivanti
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch Tuesday
Ivanti
 
January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018
Ivanti
 
October 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisOctober 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday Analysis
Ivanti
 
February 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisFebruary 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday Analysis
Ivanti
 
August 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisAugust 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday Analysis
Ivanti
 
Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017
Ivanti
 
Windows 10 - Insights for the Enterprise Series (January)
Windows 10 - Insights for the Enterprise Series (January)Windows 10 - Insights for the Enterprise Series (January)
Windows 10 - Insights for the Enterprise Series (January)
Ivanti
 
May Patch Tuesday Analysis 2019
May Patch Tuesday Analysis 2019May Patch Tuesday Analysis 2019
May Patch Tuesday Analysis 2019
Ivanti
 
June Patch Tuesday 2019
June Patch Tuesday 2019June Patch Tuesday 2019
June Patch Tuesday 2019
Ivanti
 
How to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability ManagementHow to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability Management
Ivanti
 
July Patch Tuesday 2019
July Patch Tuesday 2019July Patch Tuesday 2019
July Patch Tuesday 2019
Ivanti
 
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Ivanti
 
September Patch Tuesday Analysis 2018
September Patch Tuesday Analysis 2018September Patch Tuesday Analysis 2018
September Patch Tuesday Analysis 2018
Ivanti
 
Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019
Ivanti
 
Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015
Ivanti
 
July 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - IvantiJuly 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - Ivanti
Ivanti
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday Analysis
Ivanti
 
Ivanti May 2020 Patch Tuesday
Ivanti May 2020 Patch TuesdayIvanti May 2020 Patch Tuesday
Ivanti May 2020 Patch Tuesday
Ivanti
 
March 2019 Patch Tuesday Analysis
March 2019 Patch Tuesday AnalysisMarch 2019 Patch Tuesday Analysis
March 2019 Patch Tuesday Analysis
Ivanti
 

More Related Content

What's hot

French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021
Ivanti
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
Ivanti
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch Tuesday
Ivanti
 
January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018
Ivanti
 
October 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisOctober 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday Analysis
Ivanti
 
February 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisFebruary 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday Analysis
Ivanti
 
August 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisAugust 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday Analysis
Ivanti
 
Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017
Ivanti
 
Windows 10 - Insights for the Enterprise Series (January)
Windows 10 - Insights for the Enterprise Series (January)Windows 10 - Insights for the Enterprise Series (January)
Windows 10 - Insights for the Enterprise Series (January)
Ivanti
 
May Patch Tuesday Analysis 2019
May Patch Tuesday Analysis 2019May Patch Tuesday Analysis 2019
May Patch Tuesday Analysis 2019
Ivanti
 
June Patch Tuesday 2019
June Patch Tuesday 2019June Patch Tuesday 2019
June Patch Tuesday 2019
Ivanti
 
How to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability ManagementHow to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability Management
Ivanti
 
July Patch Tuesday 2019
July Patch Tuesday 2019July Patch Tuesday 2019
July Patch Tuesday 2019
Ivanti
 
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Ivanti
 
September Patch Tuesday Analysis 2018
September Patch Tuesday Analysis 2018September Patch Tuesday Analysis 2018
September Patch Tuesday Analysis 2018
Ivanti
 
Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019
Ivanti
 
Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015
Ivanti
 
July 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - IvantiJuly 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - Ivanti
Ivanti
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday Analysis
Ivanti
 

What's hot (20)

French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch Tuesday
 
January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018
 
October 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisOctober 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday Analysis
 
February 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisFebruary 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday Analysis
 
August 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisAugust 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday Analysis
 
Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017
 
Windows 10 - Insights for the Enterprise Series (January)
Windows 10 - Insights for the Enterprise Series (January)Windows 10 - Insights for the Enterprise Series (January)
Windows 10 - Insights for the Enterprise Series (January)
 
May Patch Tuesday Analysis 2019
May Patch Tuesday Analysis 2019May Patch Tuesday Analysis 2019
May Patch Tuesday Analysis 2019
 
June Patch Tuesday 2019
June Patch Tuesday 2019June Patch Tuesday 2019
June Patch Tuesday 2019
 
How to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability ManagementHow to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability Management
 
July Patch Tuesday 2019
July Patch Tuesday 2019July Patch Tuesday 2019
July Patch Tuesday 2019
 
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
 
September Patch Tuesday Analysis 2018
September Patch Tuesday Analysis 2018September Patch Tuesday Analysis 2018
September Patch Tuesday Analysis 2018
 
Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019
 
Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015
 
July 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - IvantiJuly 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - Ivanti
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday Analysis
 

Similar to February Patch Tuesday 2019

Ivanti May 2020 Patch Tuesday
Ivanti May 2020 Patch TuesdayIvanti May 2020 Patch Tuesday
Ivanti May 2020 Patch Tuesday
Ivanti
 
March 2019 Patch Tuesday Analysis
March 2019 Patch Tuesday AnalysisMarch 2019 Patch Tuesday Analysis
March 2019 Patch Tuesday Analysis
Ivanti
 
April 2019 Patch Tuesday
April 2019 Patch TuesdayApril 2019 Patch Tuesday
April 2019 Patch Tuesday
Ivanti
 
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
Ivanti
 
September Patch Tuesday- 2020
September Patch Tuesday- 2020September Patch Tuesday- 2020
September Patch Tuesday- 2020
Ivanti
 
July Patch Tuesday 2020
July Patch Tuesday 2020July Patch Tuesday 2020
July Patch Tuesday 2020
Dan Lalli
 
September 2019 Patch Tuesday
September 2019 Patch TuesdaySeptember 2019 Patch Tuesday
September 2019 Patch Tuesday
Ivanti
 
Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020
Ivanti
 
Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020
Ivanti
 
March 2018 Patch Tuesday Ivanti
March 2018 Patch Tuesday IvantiMarch 2018 Patch Tuesday Ivanti
March 2018 Patch Tuesday Ivanti
Ivanti
 
2023 Mars Patch Tuesday
2023 Mars Patch Tuesday2023 Mars Patch Tuesday
2023 Mars Patch Tuesday
Ivanti
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch Tuesday
Ivanti
 
2023 March Patch Tuesday
2023 March Patch Tuesday2023 March Patch Tuesday
2023 March Patch Tuesday
Ivanti
 
Ivanti Patch Tuesday for February 2020
Ivanti Patch Tuesday for February 2020Ivanti Patch Tuesday for February 2020
Ivanti Patch Tuesday for February 2020
Ivanti
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
Ivanti
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch Tuesday
Ivanti
 
Patch Tuesday August 2020
Patch Tuesday August 2020 Patch Tuesday August 2020
Patch Tuesday August 2020
Ivanti
 
April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018
Ivanti
 
Fr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slidesFr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slides
Ivanti
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
Ivanti
 

Similar to February Patch Tuesday 2019 (20)

Ivanti May 2020 Patch Tuesday
Ivanti May 2020 Patch TuesdayIvanti May 2020 Patch Tuesday
Ivanti May 2020 Patch Tuesday
 
March 2019 Patch Tuesday Analysis
March 2019 Patch Tuesday AnalysisMarch 2019 Patch Tuesday Analysis
March 2019 Patch Tuesday Analysis
 
April 2019 Patch Tuesday
April 2019 Patch TuesdayApril 2019 Patch Tuesday
April 2019 Patch Tuesday
 
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
 
September Patch Tuesday- 2020
September Patch Tuesday- 2020September Patch Tuesday- 2020
September Patch Tuesday- 2020
 
July Patch Tuesday 2020
July Patch Tuesday 2020July Patch Tuesday 2020
July Patch Tuesday 2020
 
September 2019 Patch Tuesday
September 2019 Patch TuesdaySeptember 2019 Patch Tuesday
September 2019 Patch Tuesday
 
Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020
 
Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020
 
March 2018 Patch Tuesday Ivanti
March 2018 Patch Tuesday IvantiMarch 2018 Patch Tuesday Ivanti
March 2018 Patch Tuesday Ivanti
 
2023 Mars Patch Tuesday
2023 Mars Patch Tuesday2023 Mars Patch Tuesday
2023 Mars Patch Tuesday
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch Tuesday
 
2023 March Patch Tuesday
2023 March Patch Tuesday2023 March Patch Tuesday
2023 March Patch Tuesday
 
Ivanti Patch Tuesday for February 2020
Ivanti Patch Tuesday for February 2020Ivanti Patch Tuesday for February 2020
Ivanti Patch Tuesday for February 2020
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch Tuesday
 
Patch Tuesday August 2020
Patch Tuesday August 2020 Patch Tuesday August 2020
Patch Tuesday August 2020
 
April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018
 
Fr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slidesFr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slides
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
 

More from Ivanti

Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
Ivanti
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
Ivanti
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
Ivanti
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
Ivanti
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
Ivanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
Ivanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
Ivanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
Ivanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
Ivanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
Ivanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
Ivanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
Ivanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
Ivanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
Ivanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
Ivanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
Ivanti
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
Ivanti
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
Ivanti
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
Ivanti
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
Ivanti
 

More from Ivanti (20)

Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
 

Recently uploaded

Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
TheSMSPoint
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
Google
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
Aftab Hussain
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
Hornet Dynamics
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 

Recently uploaded (20)

Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 

February Patch Tuesday 2019

  • 1. Patch Tuesday Webinar Wednesday, Feb 13, 2019 Hosted by: Chris Goettl & Todd Schell Dial in: 1-877-668-4490 (US) Event ID: 807 787 640
  • 3. Copyright©2019Ivanti.Allrightsreserved Agenda February 2019 Patch Tuesday Overview In the News Bulletins Q & A 1 2 3 4
  • 7. Copyright©2019Ivanti.Allrightsreserved In the News  PrivExchange  Abusing Exchange – writeup with proof of concept by Dirk-jan Mollema  ZDNet Microsoft Exchange vulnerable to ‘PrivExchange’ zero-day  ADV190007  Unconstrained Delegation Advisory  ADV190006  Updates to TGT delegation across incoming trusts in Windows Server  PatchManagment.org Update coming  Moving from Listserver to Google Groups  DMARC support and other security concerns
  • 8. Copyright©2019Ivanti.Allrightsreserved Zero-day Exploited Vulnerability  CVE-2019-0676 - Internet Explorer Information Disclosure Vulnerability  An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.  An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website.  The security update addresses the vulnerability by changing the way Internet Explorer handles objects in memory.
  • 9. Copyright©2019Ivanti.Allrightsreserved Publicly Disclosed Vulnerability  CVE-2019-0636 - Windows Information Disclosure Vulnerability  An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.  To exploit the vulnerability, an attacker would have to log onto an affected system and run a specially crafted application.  The update addresses the vulnerability by changing the way Windows discloses file information.
  • 10. Copyright©2019Ivanti.Allrightsreserved Publicly Disclosed Vulnerability  CVE-2019-0686 - Exchange Server Elevation of Privilege Vulnerability  An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users.  Exploitation of this vulnerability requires Exchange Web Services (EWS) and Push Notifications to be enabled and in use in an affected environment. To exploit the vulnerability, an attacker would need to execute a man-in-the-middle attack to forward an authentication request to a Microsoft Exchange Server, thereby allowing impersonation of another Exchange user.  To address this vulnerability, Microsoft has changed the notifications contract established between EWS clients and Exchange Servers to not allow authenticated notifications to be streamed by the server. Instead, these notifications will be streamed using anonymous authentication mechanisms.
  • 11. Copyright©2019Ivanti.Allrightsreserved Publicly Disclosed Vulnerability  CVE-2019-0724 - Exchange Server Elevation of Privilege Vulnerability  An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as a Domain Administrator.  Exploitation of this vulnerability requires Exchange Web Services (EWS) and Push Notifications to be enabled and in use in an affected environment. To exploit the vulnerability, an attacker would need to execute a man-in-the-middle attack to forward an authentication request to a Microsoft Active Directory domain controller, thereby facilitating gaining of increased privileges on the domain controller.  To address this vulnerability, Microsoft has evaluated the rights granted to Exchange Servers and Exchange Administrators in the identified scenarios and determined changes are possible which lower the permissions granted within an Active Directory domain. The actual permission changes will vary based upon the version of Exchange Server in use. Please see https://support.microsoft.com/kb/4490059 for more information.
  • 12. Copyright©2019Ivanti.Allrightsreserved Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001  February Releases  KB 4485447 - Windows 10 Version 1607/Server 2016  KB 4487327 - Windows 10 Version 1703  KB 4485448 - Windows 10 1709/Windows Server, version 1709  KB 4485449 - Windows 10 1803/Windows Server, version 1803  Updates for Visual Studio versions 2017, 2017 version 15.9  Updates for Team Foundation Server 2018 version 3.2  Updated Development Components/Packages  ChakraCore  .NET Core 1.0, 1.1, 2.1, 2.2  Java SDK for Azure IoT
  • 13. Copyright©2019Ivanti.Allrightsreserved Windows 10 Lifecycle Awareness  Windows 10 Branch Support  Complete Lifecycle Fact Sheet  https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet Source: Microsoft
  • 14. Copyright©2019Ivanti.Allrightsreserved Weekly Patch BLOG  Latest Patch Releases  Microsoft and Third-party  Security and non-Security  CVE Analysis  Security Events of Interest  Host: Brian Secrist  https://www.ivanti.com/blog/ topics/patch-tuesday
  • 15. Copyright©2019Ivanti.Allrightsreserved Patch Content Announcement System Announcements Posted on Community Pages  https://community.ivanti.com/community/other/bulletins/patch-content- notifications  Subscribe to receive email or RSS notifications for desired product(s)
  • 17. Copyright©2019Ivanti.Allrightsreserved APSB19-07: Security Update for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (all current versions)  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.  Impact: Remote Code Execution, Privilege Escalation, and Information Disclosure  Fixes 71 Vulnerabilities: https://helpx.adobe.com/security/products/acrobat/apsb19- 07.html  Restart Required: Requires application restart
  • 18. Copyright©2019Ivanti.Allrightsreserved MS19-02-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1703, 1709, 1803, 1809, Server 2016, Server 2019, Server 1709, Server 1803, IE 11 and Microsoft Edge  Description: This bulletin references 9 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of Privilege, and Information Disclosure  Fixes 52 Vulnerabilities: CVE-2019-0676 is known to be exploited in the wild and CVE-2019-636 is publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide.
  • 19. Copyright©2019Ivanti.Allrightsreserved February Known Issues for Windows 10  KB 4487026 – Windows 10, Version 1607 and Server 2016  For hosts managed by System Center Virtual Machine Manager (SCVMM), SCVMM cannot enumerate and manage logical switches deployed on the host after installing the update. Additionally, if you do not follow the best practices, a stop error may occur in vfpext.sys on the hosts. Workaround: 1.Run mofcomp on the following mof files on the affected host: Scvmmswitchportsettings.mof and VMMDHCPSvr.mof. Follow the best practices.  After installing KB4467691, Windows may fail to startup on certain Lenovo laptops that have less than 8 GB of RAM. Workaround: Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart. If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled. Microsoft is working with Lenovo to resolve.  After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. Workaround: Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution.
  • 20. Copyright©2019Ivanti.Allrightsreserved February Known Issues for Windows 10 (cont)  KB 4487017 – Windows 10, Version 1803  After installing this update, some users cannot pin a web link on the Start menu or the taskbar. Workaround: None. Microsoft is still working on a resolution for this issue.
  • 21. Copyright©2019Ivanti.Allrightsreserved MS19-02-IE: Security Updates for Internet Explorer  Maximum Severity: Critical  Affected Products: Microsoft Internet Explorer 9,10,11  Description: The fixes that are included in the cumulative Security Update for Internet Explorer are also included in the February 2019 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in the cumulative update. This bulletin references 11 KB articles.  Impact: Remote Code Execution, Spoofing, and Information Disclosure  Fixes 3 Vulnerabilities: CVE-2019-0606, CVE-2019-06546, CVE-2019-0676  Restart Required: Requires browser restart  Known Issues: None reported
  • 22. Copyright©2019Ivanti.Allrightsreserved MS19-02-MR2K8: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: This security update includes improvements and fixes that were a part of update KB 4480974 (released January 17, 2019). Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4487023.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 24 Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019- 0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE-2019-0615, CVE- 2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019-0636, CVE-2019- 0660, CVE-2019-0661, CVE-2019-0662, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See next slide
  • 23. Copyright©2019Ivanti.Allrightsreserved February Known Issues for Server 2008  KB 4487023 – Windows Server 2008 Service Pack 2 (Monthly Rollup)  KB 4487019 – Windows Server 2008 Service Pack 2 (Security-only update)  After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”  This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.  Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft anticipates a resolution by mid-February.
  • 24. Copyright©2019Ivanti.Allrightsreserved MS19-02-SO2K8: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4487019.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 24 Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019- 0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE-2019-0615, CVE- 2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019-0636, CVE-2019- 0660, CVE-2019-0661, CVE-2019-0662, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See previous slide
  • 25. Copyright©2019Ivanti.Allrightsreserved MS19-02-MR7: Monthly Rollup for Win 7 and Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4480955 (released January 17, 2019). Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4486563.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 24 (shown) + 3 (IE) Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019- 0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE- 2019-0615, CVE-2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019- 0636, CVE-2019-0660, CVE-2019-0661, CVE-2019-0662, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See next slide
  • 26. Copyright©2019Ivanti.Allrightsreserved February Known Issues for Windows 7 and Server 2008 R2  KB 4486563 – Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)  KB 4486564 – Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)  After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”  This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.  Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft anticipates a resolution by mid-February.  After installing this update, the Event Viewer may not show some event descriptions for network interface cards (NIC).  Workaround: None. Microsoft working on resolution for March 2019.
  • 27. Copyright©2019Ivanti.Allrightsreserved MS19-02-SO7: Security-only Update for Win 7 and Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2  Description: Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4486564.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 24 Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019- 0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE-2019-0615, CVE- 2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019-0636, CVE-2019- 0660, CVE-2019-0661, CVE-2019-0662, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See previous slide
  • 28. Copyright©2019Ivanti.Allrightsreserved MS19-02-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB 4480971 (released January 15, 2019). Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4487025.  Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure  Fixes 25 (shown) + 3 (IE) Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019- 0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE- 2019-0615, CVE-2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019- 0636, CVE-2019-0660, CVE-2019-0661, CVE-2019-0662, CVE-2019-0663, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See next slide
  • 29. Copyright©2019Ivanti.Allrightsreserved February Known Issues for Server 2012  KB 4487025 – Windows Server 2012 (Monthly Rollup)  KB 4486993 – Windows Server 2012 (Security-only update)  After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”  This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.  Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft anticipates a resolution by mid-February.  After installing this update, the Event Viewer may not show some event descriptions for network interface cards (NIC).  Workaround: None. Microsoft working on resolution for March 2019.
  • 30. Copyright©2019Ivanti.Allrightsreserved MS19-02-SO8: Security-only Update for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Server 2012  Description: Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4486993.  Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure  Fixes 25 Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019- 0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE-2019-0615, CVE- 2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019-0636, CVE-2019- 0660, CVE-2019-0661, CVE-2019-0662, CVE-2019-0663, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See previous slide.
  • 31. Copyright©2019Ivanti.Allrightsreserved MS19-02-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4480969 (released January 15, 2019). Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4487000.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 25 (shown) + 3 (IE) Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019- 0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE- 2019-0615, CVE-2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019- 0636, CVE-2019-0656, CVE-2019-0660, CVE-2019-0662, CVE-2019-0663, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See next slide.
  • 32. Copyright©2019Ivanti.Allrightsreserved February Known Issues for Windows 8.1 and Server 2012 R2  KB 4487000 – Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)  KB 4487028 – Windows 8.1, Windows Server 2012 R2 (Security-only update)  After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”  This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.  Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft anticipates a resolution by mid-February.
  • 33. Copyright©2019Ivanti.Allrightsreserved MS19-02-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine. This bulletin is based on KB 4487028.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 25 Vulnerabilities: CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019- 0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE-2019-0615, CVE- 2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0628, CVE-2019-0630, CVE-2019-0635, CVE-2019-0636, CVE-2019- 0656, CVE-2019-0660, CVE-2019-0662, CVE-2019-0663, CVE-2019-0664, Advisory 190006  Restart Required: Requires restart  Known Issues: See previous slide.
  • 34. Copyright©2019Ivanti.Allrightsreserved MS19-02-SPT: Security Updates for SharePoint Server  Maximum Severity: Critical  Affected Products: Microsoft Enterprise SharePoint Server 2010-2019  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on 5 KB articles.  Impact: Remote Code Execution, Spoofing, and Elevation of Privilege  Fixes 4 Vulnerabilities: CVE-2019-0594, CVE-2019-0604, CVE-2019-0668, CVE- 2019-0670  Restart Required: Requires Restart  Known Issues: None reported
  • 35. Copyright©2019Ivanti.Allrightsreserved MS19-02-EX: Security Updates for Exchange Server  Maximum Severity: Critical  Affected Products: Microsoft Exchange Server 2010-2019  Description: Security updates address Exchange Web Services Push Notifications which can be used to gain unauthorized access and reduction of permissions required to run Exchange Server using Shared Permissions Model. See https://support.microsoft.com/en-us/help/4490059/using-shared-permissions-model-to- run-exchange-server for more details. This bulletin is based on KBs 4345836, 4471392, 4471391 and 4487052.  Impact: Elevation of Privilege  Fixes 2 Vulnerabilities: CVE-2019-0686 and CVE-2019-0724  Restart Required: Requires Restart  Known Issues: See next slide.
  • 36. Copyright©2019Ivanti.Allrightsreserved February Known Issues for Exchange Server Updates  KB 4487052 – Exchange Server 2010 U26  KB 4345836 – Exchange Server 2013 U22  KB 4471392 – Exchange Server 2016 U12  KB 4471391 – Exchange Server 2019 U1  After you install Cumulative Update 1 for Exchange Server 2019, the Accept button disappears in the invitation email message of a shared calendar in the Outlook on the web client (previously known as Outlook Web App). Therefore, you cannot add the shared calendar by clicking the Accept button directly. Workaround: See KBs  In multidomain Active Directory forests in which Exchange is installed or has been prepared previously by using the /PrepareDomain option in SETUP, this action must be completed after the /PrepareAD command for this cumulative update has been completed and the changes are replicated to all domains. Setup will try to execute the /PrepareAD command during the first server installation. Installation will finish only if the user who initiated SETUP has the appropriate permissions.  Exchange Server 2010 requires some additional manual steps for setup. See KB 4490059 for more details. Also ensure the update is run as administrator.
  • 37. Copyright©2019Ivanti.Allrightsreserved MS19-02-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Excel 2010-2016, Office 2010-2016, Office 2016 and 2019 for Mac  Description: This security update resolves vulnerabilities in most Microsoft Office applications. This bulletin references 19 KB articles and Release Notes.  Impact: Remote Code Execution and Security Feature Bypass  Fixes 7 Vulnerabilities: CVE-2019-0540, CVE-2019-0669, CVE-2019-0671, CVE- 2019-0672, CVE-2019-0673, CVE-2019-0674, CVE-2019-0675  Restart Required: Requires application restart  Known Issues: None reported
  • 38. Copyright©2019Ivanti.Allrightsreserved MS19-02-O365: Security Updates for Office 365 ProPlus  Maximum Severity: Important  Affected Products: Office 365 ProPlus, Office 2019  Description: This security update resolves vulnerabilities in most Microsoft Office 365 applications. Information on Office 365 ProPlus updates is available at https://docs.microsoft.com/en-us/officeupdates/release-notes-office365-proplus  Impact: Remote Code Execution and Security Feature Bypass  Fixes 6 Vulnerabilities: CVE-2019-0540, CVE-2019-0669, CVE-2019-0671, CVE- 2019-0672, CVE-2019-0673, CVE-2019-0674  Restart Required: Requires application restart  Known Issues: None reported
  • 39. Copyright©2019Ivanti.Allrightsreserved MS19-02-MRNET: Monthly Rollup for Microsoft .Net  Maximum Severity: Important  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7.2  Description: This security update resolves a vulnerability in Microsoft .NET Framework that where the software does not check the source markup of a file resulting in code execution and also a URL parsing vulnerability that could result in privileged communication to an untrusted service as if it were a trusted service. This bulletin references 11 KB articles.  Impact: Remote Code Execution and Spoofing  Fixes 2 Vulnerabilities: CVE-2019-0613 and CVE-2019-0657  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.
  • 40. Copyright©2019Ivanti.Allrightsreserved MS19-01-SONET: Security-only Update for Microsoft .Net  Maximum Severity: Important  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7.2  Description: This security update resolves a vulnerability in Microsoft .NET Framework that where the software does not check the source markup of a file resulting in code execution and also a URL parsing vulnerability that could result in privileged communication to an untrusted service as if it were a trusted service. This bulletin references 10 KB articles.  Impact: Remote Code Execution and Spoofing  Fixes 2 Vulnerabilities: CVE-2019-0613 and CVE-2019-0657  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.
  • 41. Copyright©2019Ivanti.Allrightsreserved MS19-02-AFP: Security Update for Adobe Flash Player  Maximum Severity: Important  Affected Products: Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player that is installed on any supported edition of Windows Server 2016, Windows 10 Version 1809, Windows 10 Version 1803, Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 (RTM), Windows Server 2012, Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. This bulletin is based on ADV190003.  Impact: Information Disclosure  Fixes 1 Vulnerability: CVE-2019-7090  Restart Required: Requires application restart
  • 42. Copyright©2019Ivanti.Allrightsreserved APSB19-06: Security Update for Adobe Flash Player  Maximum Severity: Important  Affected Products: Adobe Flash Player for Desktop Runtime, Google Chrome, Internet Explorer 11 and Edge  Description: Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address one important vulnerability in Adobe Flash Player. Successful exploitation could lead to information disclosure in the context of the current user.  Impact: Information Disclosure  Fixes 1 Vulnerability: CVE-2019-7090  Restart Required: Requires application restart
  • 43. Copyright©2019Ivanti.Allrightsreserved Between Patch Tuesday’s New Product Support: Citrix Workspace App, Office 2019, Nitro Pro Enterprise Security Updates: Apple iCloud (1), Apple iTunes (1), CCleaner (1), Google Chrome (2), Dropbox (3), Evernote (3), Firefox (2), Firefox ESR (1), FileZilla (1), GOM Player (2), Java Runtime Environment (1), Java Development Kit (1), LibreOffice (2), Microsoft (3), Nitro Pro (2), Node.JS (4), Notepad++ (1), Opera (2), Oracle VirtualBox (2), PeaZip (1), Skype (3), Slack Machine-Wide Installer (1), Splunk Universal Forwarder (1), Thunderbird (1), Tomcat (2), TortoiseSVN (2), TeamViewer (1), Visual Studio Code (2), VLC Player (1), Wireshark (2) Non-Security Updates: : Beyond Compare (1), Blue Jeans (1), Box Sync (1), Citrix Workspace App (1), Google Drive (2), GoodSync (2), Google Backup and Sync (1), Inkscape (1), Java Runtime Environment (1), Java Development Kit (1), KeePass Pro (1), LogMeIn (2), Power BI Desktop (1), PDF-Xchange PRO (1), Plex Media Player (3), Royal TS (5), RealVNC Connect (1), Treesize Free (1), Cisco Webex Meeting Center (1), XnView (1), Zoom Client (3), Zoom Outlook Plugin (1)
  • 44. Copyright©2019Ivanti.Allrightsreserved Third Party CVE Information  iTunes 12.9.3.3  AI19-001, QAI12933  Fixes 14 Vulnerabilities: CVE-2018-20346, CVE-2018-20505, CVE-2018- 20506, CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6221, CVE-2019-6226, CVE-2019-6227, CVE-2019-6229, CVE- 2019-6233, CVE-2019-6234, CVE-2019-6235  Apple iCloud 7.10.0.9  ICLOUD-017, QICLOUD71009  Fixes 12 Vulnerabilities: CVE-2018-20346, CVE-2018-20505, CVE-2018- 20506, CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226, CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, CVE- 2019-6234
  • 45. Copyright©2019Ivanti.Allrightsreserved Third Party CVE Information (cont)  Firefox 65.0  FF19-002, QFF6500  Fixes 7 Vulnerabilities: CVE-2018-18500, CVE-2018-18501, CVE-2018- 18502, CVE-2018-18503, CVE-2018-18504, CVE-2018-18505, CVE-2018- 18506  Firefox ESR 60.5.0  FFE19-6050, QFFE6050  Fixes 3 Vulnerabilities: CVE-2018-18500, CVE-2018-18501, CVE-2018-18505  Thunderbird 60.5.0  TB19-6050, QTB6050  Fixes 4 Vulnerabilities: CVE-2016-5824, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505
  • 46. Copyright©2019Ivanti.Allrightsreserved Third Party CVE Information (cont)  Java 8 Update 201  JAVA8-201, QJAVA8U201  Fixes 3 Vulnerabilities: CVE-2018-11212, CVE-2019-2422, CVE-2019-2426  Java 8 Update 202  JAVA8-202, QJAVA8U202  Fixes 4 Vulnerabilities: CVE-2018-11212,CVE-2019-2422,CVE-2019- 2426,CVE-2019-2449  Java Development Kit 8 Update 201  JDK8-201, QJDK8U201  Fixes 3 Vulnerabilities: CVE-2018-11212, CVE-2019-2422, CVE-2019-2426  Java Development Kit 8 Update 202  JDK8-202, QJDK8U202  Fixes 4 Vulnerabilities: CVE-2018-11212,CVE-2019-2422,CVE-2019- 2426,CVE-2019-2449
  • 47. Copyright©2019Ivanti.Allrightsreserved Third Party CVE Information (cont)  Wireshark 2.4.12  WIRES-087, QWIRES2412  Fixes 3 Vulnerabilities: CVE-2019-5717, CVE-2019-5718, CVE-2019-5719  Wireshark 2.6.6  WIRES-088, QWIRES266  Fixes 4 Vulnerabilities: CVE-2019-5716, CVE-2019-5717, CVE-2019-5718, CVE-2019-5719
  • 49. Madrid | March 11-14, 2019 | Interchange.ivanti.com Engage in Deep-Dive Technical Training Meet One-on-One with Product Experts Gain Product Roadm ap Insights Hear from IT Industry Experts Network with Leaders and Peers Early Bird: €695 til February 13 €50 off with code INTWEBMAD19
  • 50. Nashville | April 29-May 2, 2019 | Interchange.ivanti.com Engage in Deep-Dive Technical Training Meet One-on-One with Product Experts Gain Product Roadm ap Insights Hear from IT Industry Experts Network with Leaders and Peers Early Bird: $1,495 til March 29 $100 off with code INTWEBNASH19

Editor's Notes

  1. Current versions are Classic 2015, Classic 2017, and DC Continuous.
  2. Note: Server 2008 limited to .NET 2.0 thru 4.6. Windows 7 and newer use 3.5.1 thru 4.7.2.
  3. Note: Server 2008 limited to .NET 2.0 thru 4.6. Windows 7 and newer use 3.5.1 thru 4.7.2.
  4. 1- Engage in Deep-Dive Technical Training 2- Meet One-on-One with Product Experts 3- Gain Product Roadmap Insights 4- Hear from IT Industry Experts- Keynotes 5- Network with Leaders and Peers
  5. 1- Engage in Deep-Dive Technical Training 2- Meet One-on-One with Product Experts 3- Gain Product Roadmap Insights 4- Hear from IT Industry Experts- Keynotes 5- Network with Leaders and Peers