February Patch Tuesday

Hosted by Chris Goettl and Todd Schell
Patch Tuesday Webinar
Wednesday, February 12, 2025

Copyright © 2025 Ivanti. All rights reserved. 2
Agenda
▪ February 2025 Patch Tuesday Overview
▪ In the News
▪ Bulletins and Releases
▪ Between Patch Tuesdays
▪ Q & A

February Patch Tuesday is ramping up with releases
from Adobe, Microsoft and an expected release from
Google. Adobe has released updates for InCopy,
InDesign and Illustrator. Microsoft is coming down off of
a huge January release and only resolving 56 new
CVEs this February. There are two new zero-day
exploits and a revised Secure Boot zero-day in the mix
making the Windows OS a top priority this month.
For more details check out this month's Patch Tuesday
blog.
February Patch Tuesday 2025

In the News

In the News
▪ Apple Releases Urgent Patch for USB Vulnerability
▪ How to Steer AI Adoption: A CISO Guide
▪ North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack
▪ CISAAdds Actively Exploited Linux Kernel Vulnerability to Known Exploited Vuln Catalog
▪ Older Exchange Servers Fail to Update Security Bugs
▪ Impacts Exchange versions older than March 2023
▪ Exchange Emergency Mitigation Service (EEMS) fails due to certificate deprecation
▪ Update to newer version than March 2023
▪ Exchange 2016 and 2019 Server EoL Oct 2025
▪ Migrate to Exchange Online or upgrade to Exchange Server Subscription Edition (SE)

▪ CVE-2025-21391 Windows Storage Elevation of Privilege Vulnerability
▪ CVSS 3.1 Scores: 7.1 / 6.6
▪ Severity: Important
▪ Impact: Elevation of Privilege
▪ Affected Systems: All currently supported versions of Windows and Windows Server operating systems
▪ Per Microsoft: This vulnerability does not allow disclosure of any confidential information but could allow an
attacker to delete data that could include data that results in the service being unavailable.
▪ CVE-2025-21418 Windows Ancillary Function Driver for WinSock Elevation of Privilege
Vulnerability
▪ CVSS 3.1 Scores: 7.8 / 7.2
▪ Impact: Elevation of Privilege
▪ Affected Systems: All currently supported versions of Windows and Windows Server operating systems plus
older servers under ESU support
▪ Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Known Exploited Vulnerabilities

▪ CVE-2023-24932 Secure Boot Security Feature Bypass Vulnerability
▪ CVSS 3.1 Scores: 6.7 / 6.2
▪ Impact: Security Feature Bypass
▪ Per Microsoft:
✓ To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device
could install an affected boot policy. Successful exploitation of this vulnerability requires an attacker to
compromise admin credentials on the device.
✓ The security update addresses the vulnerability by updating the Windows Boot Manager but is not enabled
by default. Additional steps are required at this time to mitigate the vulnerability. Please refer to the following
for steps to determine impact on your environment:
✓ How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-
2023-24932 - Microsoft Support
Known Exploited and Publicly Disclosed Vulnerabilities

▪ CVE-2025-21194 Microsoft Surface Security Feature Bypass Vulnerability
▪ CVSS 3.1 Scores: 7.1 / 6.2
▪ Impact: Security Feature Bypass
▪ Affected Systems: All currently supported versions of Surface including Surface Hub, Surface Pro, Surface
Laptop Go, and others
▪ Per Microsoft: Successful exploitation of this vulnerability requires multiple conditions to be met, such as
specific application behavior, user actions, manipulation of parameters passed to a function, and
impersonation of an integrity level token. This Hypervisor vulnerability relates to Virtual Machines within a
Unified Extensible Firmware Interface (UEFI) host machine. On some specific hardware it might be possible
to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel.
Publicly Disclosed Vulnerabilities

▪ CVE-2025-21377 NTLM Hash Disclosure Spoofing Vulnerability
▪ CVSS 3.1 Scores: 6.5 / 6.0
▪ Impact: Spoofing
▪ Per Microsoft: This vulnerability discloses a user's NTLMv2 hash to the attacker who could use this to
authenticate as the user. Minimal interaction with a malicious file by a user such as selecting (single-click),
inspecting (right-click), or performing an action other than opening or executing the file could trigger this
vulnerability. Customers who install Security Only updates on older servers must also install the IE
Cumulative updates for this vulnerability.
Publicly Disclosed Vulnerabilities (cont)

Ivanti Cloud Service Appliance Ivanti Neurons for MDM (N-MDM)
Security Advisory: Ivanti
Cloud Service Appliance
Connect Secure (ICS), Policy Secure
(IPS), Secure Access Client (ISAC)
Ivanti February Security Updates
Special thanks to the security researchers, ethical hackers, and the broader security community for partnering
with us to improve the security of our products.
Neurons for MDM
Vulnerability:
• CVE NA CVSS: 5.4
NOTE: This vulnerability did not meet
the criteria for reserving a CVE
number. We are disclosing the fix to
ensure responsible transparency for
our customers
Affected Products:
• N-MDM R108 and prior
ICS, IPS, and ISAC Products
Vulnerabilities:
• Multiple Resolved CVEs
(see SA for list and details)
Affected Versions:
• ICS: 22.7R2.5 and prior
• IPS: 22.7R1.2 and prior
• ISAC: 22.7R4 and prior
NOTE: Pulse Connect Secure 9.X
reached EOS in December 2024.
Upgrade to ICS 22.7 for latest fixes.
Vulnerabilities:
• CVE-2024-47908 CVSS: 9.1
• CVE-2024-11771 CVSS: 5.3
Affected Versions:
• CSA 5.0.4 and prior
NOTE: All customers should update to
CSA 5.0.5 to address these
vulnerabilities.

CVE-2024-12084
CVSS 3: 9.8
Impact: All Linux distributions
▪ A remotely exploitable bug was found in the
implementation of rsync daemon mode.
▪ An attacker can forge a checksum to be larger
than a fixed length expected by rsync daemon,
which in turn leads to a memory write out-of-
bounds.
▪ This mode is not commonly used manually but is
a component of third-party CI/CD systems and
backup software (a system could be exposed
even if not deliberately configured to work in
rsync daemon mode).
Mitigation
If you are using a prior version of rsync, update to
version 3.4.0 as soon as possible.
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare

CVE-2024-12085
CVSS 3: 7.5
Impact: All Linux distributions
▪ A different but also important flaw in rsync was
identified when comparing checksums of files (to
avoid replacing exact copies), which can lead to
(very slow) memory exfiltration.
▪ This is particularly important in systems where
unprivileged users have access to rsync (a
default tool in most distributions).
Mitigation
Again, if you are using a prior version of rsync,
update to version 3.4.0 as soon as possible.
NOTE on rsync: these vulnerabilities, and several
others, were disclosed on January 14/15. There are
other potential issues with link traversal,
replacement of unwanted files, etc. It is *strongly*
recommended that rsync is updated to the latest
version available on the specific distribution for each
system. Rsync is a component that is often used
behind-the-scenes by other tools, so be careful
when assessing the risk of a particular system, as it
is not always obvious if rsync is indeed in use or not.

An Update on Kernel CVE
Volumes
▪ There are already 233 CVEs affecting the Linux
kernel since January 1st of this year. This is
going to be a recurring feature, but if you’re not
patching the kernel often, you’re going to be
exposed to so many potential problems that
other types of remediation are not able to cope.
Risk scores for individual kernel vulnerabilities
lose meaning when there are simply so many.
Mitigation
Always run the latest version of the kernel available
for any particular Linux distribution. If said update is
more than a couple of weeks old, assume the
system is a security liability until patched.

Microsoft Patch Tuesday Updates of Interest
Advisory 990001
Latest Servicing Stack Updates (SSU)
▪ https://msrc.microsoft.com/update-
guide/en-US/vulnerability/ADV990001
▪ Server 2012/2012 R2 ESU
▪ Windows 10
Azure and Development Tool Updates
▪ Azure Network Watcher VM Extension
▪ CBL Mariner 2.0
▪ Visual Studio 2017 (15.0 – 15.9)
▪ Visual Studio 2019 (16.0 – 16.11)
▪ Visual Studio 2022 (17.8 – 17.12)
▪ Visual Studio Code
Source: Microsoft

Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 10 Home and Pro
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
24H2 10/1/2024 10/13/2026
23H2 10/31/2023 11/11/2025
Windows 11 Enterprise and Education
24H2 10/1/2024 10/12/2027
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows

Microsoft Support Ivanti Support
Windows 10 22H2 reaches EOS Oct 2025
Three years of ESU support
• Year 1 October 15, 2025 – October 13, 2026
Licensing and Pricing
• Full-year purchase only
• Price doubles each year
• Cloud-based licensing via Windows 365 and
Intune
• 5 by 5 licensing via manual key download
Windows 10 Extended Security Updates (ESU)
ESU support based on Microsoft releases
Available for three major patch products
• Neurons for Patch Management
• Endpoint Manager
• Security Controls
Familiar model
• Concurrent with Microsoft support years
• Offered as special content
• Requires signed EULA addendum
• Tiered pricing based on required endpoints
• Fixed price throughout life of program

Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2025 Datacenter and Standard 11/01/2024 10/09/2029 10/10/2034
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
▪ Focused on server long-term stability
▪ Major version releases every 2-3 years
▪ 5 years mainstream and 5 years extended support
▪ Server core or server with desktop experience available
Source: Microsoft

Patch Content Announcements
Announcements Posted on Community Forum Pages
▪ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
▪ Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune

Bulletins and Releases

Copyright © 2025 Ivanti. All rights reserved.
APSB25-10: Security Update for Adobe InCopy
▪ Maximum Severity: Critical
▪ Affected Products: Adobe InCopy 19 and InCopy 20
▪ Description: Adobe has released an update for InCopy for Windows and macOS. This update
resolves one critical vulnerability. See https://helpx.adobe.com/security/products/incopy/apsb25-
10.html for more details.
▪ Impact: Arbitrary Code Execution
▪ Fixes 1 Vulnerability: CVE-2025-21156
▪ Restart Required: Requires application restart
1

APSB25-01: Security Update for Adobe InDesign
▪ Affected Products: Adobe InDesign 19 and InDesign 20
▪ Description: Adobe has released an update for Adobe InDesign. This update resolves 4 critical
and 3 important vulnerabilities. See https://helpx.adobe.com/security/products/indesign/apsb25-
01.html for more details.
▪ Impact: Arbitrary Code Execution, Denial of Service, Information Disclosure
▪ Fixes 7 Vulnerabilities: CVE-2025-21157, CVE-2025-21158, CVE-2025-21121, CVE-2025-
21123, CVE-2025-21124, CVE-2025-21125, CVE-2025-21126
1

APSB25-11: Security Update for Adobe Illustrator
▪ Affected Products: Adobe Illustrator 2024 and Illustrator 2025
▪ Description: Adobe has released an update for Adobe Illustrator. This update resolves 3 critical
vulnerabilities. See https://helpx.adobe.com/security/products/illustrator/apsb25-11.html for more
details.
▪ Impact: Arbitrary Code Execution
▪ Fixes 3 Vulnerabilities: CVE-2025-21159, CVE-2025-21160, CVE-2025-21163
1

MS25-02-W11: Windows 11 Update
▪ Affected Products: Microsoft Windows 11 Version 22H2, 23H2, 24H2, Server 2025 and Edge
Chromium
▪ Description: This bulletin references KB 5051989 (22H2/23H2), and KB 5051987 (24H2 and
Server 2025). See KBs for details of all changes.
▪ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
▪ Fixes 37 Vulnerabilities: CVE-2023-24932, CVE-2025-21391, and CVE-2025-21418 are known
exploited. CVE-2023-24932 and CVE-2025-21377 are publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
▪ Restart Required: Requires restart
▪ Known Issues: See next slides
1

February Known Issues for Windows 11
▪ KB 5051989 – Windows 11 Enterprise and Education version 22H2, Windows 11 version 23H2,
all editions
▪ [OpenSSH] Following the installation of the October 2024 security update, some customers
report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH
connections.
▪ Workaround: Customers can temporarily resolve the issue by updating permissions (ACLs)
on the affected directories. See KB for details.
▪ [Citrix_SRA] Devices that have certain Citrix components installed might be unable to
complete installation of the January 2025 Windows security update. This has been noted
with the Citrix Session Recording Agent installed.
▪ Workaround: Citrix has provided several workaround options until they resolve the issue
with Microsoft. See KB for details.

February Known Issues for Windows 11 (cont)
▪ KB 5051987 – Windows 11 version 24H2, all editions
▪ [Roblox] We’re aware of an issue where players on Arm devices are unable to download
and play Roblox via the Microsoft Store on Windows.
▪ Workaround: Download Roblox directly from vendor.
▪ [OpenSSH]
▪ [Citrix_SRA]

MS25-02-W10: Windows 10 Update
▪ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 22H2, Server 2016, Server
2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
▪ Description: This bulletin references multiple KB articles. See Windows 10 and associated
server KBs for details of all changes.
▪ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
▪ Fixes 33 Vulnerabilities: CVE-2023-24932, CVE-2025-21391, and CVE-2025-21418 are known
exploited. CVE-2023-24932 and CVE-2025-21377 are publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
▪ Restart Required: Requires restart
▪ Known Issues: See next slides
1

February Known Issues for Windows 10
▪ KB 5052000 – Win 10 Ent LTSC 2019, Win 10 IoT Ent LTSC 2019, Windows 10 IoT Core LTSC,
Windows Server 2019
▪ [OpenSSH]
▪ [Citrix_SRA]
▪ KB 5051974 – Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021,
Windows 10, version 22H2, all editions
▪ [OpenSSH]
▪ [Citrix_SRA]
▪ [Broker] The Windows Event Viewer might display an error related to SgrmBroker.exe, on
devices that have installed Windows updates released January 14, 2025 or later. This error
can be found under Windows Logs > System as Event 7023, with text similar to ‘The
System Guard Runtime Monitor Broker service terminated with the following error:
%%3489660935’.
▪ Workaround: This is an error due to a Windows Defender service being disabled. Ignore it
and it will be corrected in a future release. See KB for more details.

February Known Issues for Windows 10 (cont)
▪ KB 5051979 – Windows Server 2022
▪ [OpenSSH]
▪ [Citrix_SRA]
▪ [Broker]
▪ KB 5051980 – Windows Server, version 23H2
▪ [OpenSSH]

▪ Affected Products: Excel 2016, Auto Update for Mac, Office 2016,Office LTSC for Mac 2021 &
2024, Office Online Server
▪ Description: This security update addresses 8 vulnerabilities in Microsoft Office and supporting
products.
▪ Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
▪ Fixes 8 Vulnerabilities: No vulnerabilities are known exploited or publicly disclosed. See the
Security Update Guide for the complete list of CVEs.
▪ Known Issues: None reported
MS25-02-OFF: Security Updates for Microsoft Office
1

▪ Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021 and Office LTSC 2024
▪ Description: This security update addresses several vulnerabilities in Microsoft Office.
Information on the security updates is available at https://learn.microsoft.com/en-
us/officeupdates/microsoft365-apps-security-updates.
▪ Impact: Remote Code Execution, Security Feature Bypass
▪ Fixes 8 Vulnerabilities: No vulnerabilities are known exploited or publicly disclosed. See the
Security Update Guide for the complete list of CVEs.
▪ Known Issues: None reported
MS25-02-O365: Security Updates for Microsoft 365 Apps
1

▪ Maximum Severity: Important
▪ Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
▪ Description: This security update resolves one Microsoft SharePoint Server remote code
execution vulnerability. This bulletin is based on 3 KB articles.
▪ Impact: Remote Code Execution
▪ Fixes 1 Vulnerability: CVE-2025-21400 which is not reported exploited or publicly disclosed.
▪ Known Issues: See next slide
MS25-02-SPT: Security Updates for Sharepoint Server
1
2

Between
Patch Tuesdays

Windows Release Summary
▪ Security Updates (with CVEs): Adobe Premiere Pro (2), Azul Zulu (3), Google Chrome (3), Corretto
(3), Firefox (1), Firefox ESR (1), Foxit PDF Editor (2), Java 8 (1), Java Development Kit 11 (1), Java
Development Kit 17 (1), Java Development Kit 21 (1), Node.JS (Current) (1), Node.JS (LTS Lower) (1),
Node.JS (LTS Upper) (2), VirtualBox (2), Snagit (1), Thunderbird ESR (1)
▪ Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (2), Azul Zulu (1), Box Edit
(1), CCleaner (1), Cisco Webex Meetings Desktop App (1), Corretto (1), Google Chrome (1), Citrix
Workspace App (1), Devolutions Remote Desktop Manager (2), Docker For Windows (1), Dropbox (1),
Eclipse Adoptium (4), Falcon Sensor for Windows (1), Firefox (1), Git for Windows (1), Grammarly for
Windows (3), Jabra Direct (1), Node.JS (Current) (1), Notepad++ (1), Omnissa Horizon Client (1),
Opera (1), PDF-Xchange PRO (1), Pidgin (1), Python (1), RedHat OpenJDK (1), Skype (2), Slack
Machine-Wide Installer (2), TeamViewer (1), Ultra Edit (1), VSCodium (3), Zoom Workplace VDI App (1)
▪ Non-Security Updates: 1Password (2), AIMP (1), Bandicut (1), Bitwarden (4), Camtasia (2), Cisco
Duo Desktop (2), Client for Open Enterprise Server (1), draw.io (2), Evernote (7), Google Drive File
Stream (1), GoodSync (2), GeoGebra Classic (2), PSPad (1), ShareX (1), TortoiseHg (1), WatchGuard
Mobile VPN with SSL (1)

Windows Third Party CVE Information
▪ Adobe Premiere Pro 24
▪ APSB24-104, QPPRO2464
▪ Adobe Premiere Pro 25
▪ APSB24-104, QPPRO251
▪ Snagit 2024.3.2
▪ SNAG24-250205, QSNAG202432
▪ Fixes 4 Vulnerabilities: CVE-2021-26701, CVE-2024-21319, CVE-2024-30105, CVE-2024-45302

Windows Third Party CVE Information (cont)
▪ Google Chrome 132.0.6834.111
▪ CHROME-250122, QGC13206834111
▪ Fixes 2 Vulnerabilities: CVE-2025-0611, CVE-2025-0612
▪ CHROME-250129, QGC13206834160
▪ CHROME-250205, QGC1330694354

▪ Node.JS 23.6.1 (Current)
▪ NOJSC-250130, QNODEJSC2361
▪ Node.JS 20.18.2 (LTS Upper)
▪ NOJSLU-250122, QNODEJSLU20182
▪ Node.JS 22.13.1 (LTS Upper)
▪ NOJSLU-250129, QNODEJSLU22131
▪ Node.JS 18.20.6 (LTS Lower)
▪ NOJSLL-250122, QNODEJSLL18206

▪ Foxit PDF Editor 11.2.12.54161
▪ FPDFE11-250121, QFPDFE11212MSP
▪ Foxit PDF Editor 12.1.9.15762
▪ FPDFE12-250121, QFPDFE1219MSP
▪ VirtualBox 7.0.24
▪ OVB70-250122, QOVB7024
▪ VirtualBox 7.1.6
▪ OVB71-250122, QOVB716

▪ Firefox 135.0
▪ FF-250205, QFF1350
▪ Fixes 11 Vulnerabilities: CVE-2025-1009, CVE-2025-1010, CVE-2025-1011, CVE-2025-1012,
CVE-2025-1013, CVE-2025-1014, CVE-2025-1016, CVE-2025-1017, CVE-2025-1018, CVE-2025-
1019, CVE-2025-1020
▪ Firefox 128.7.0 ESR
▪ FFE128-250204, QFFE12870
CVE-2025-1012, CVE-2025-1013, CVE-2025-1014, CVE-2025-1016, CVE-2025-1017
▪ Thunderbird 128.7.0 ESR
▪ TB-250205, QTB12870
1015, CVE-2025-1016, CVE-2025-1017

▪ Java Development Kit 21 Update 21.0.6
▪ JDK21-250122, QJDK2106
▪ JDK17-250122, QJDK17014
▪ JDK11-250122, QJDK11026
▪ Java 8 Update 441 – JRE and JDK
▪ JAVA8-250122, QJDK8U441 and QJRE8U441

▪ Azul Zulu 21.40.17 (21.0.6) Note: FX version of JDK also supported
▪ ZULU21-250122, QZULUJDK214017
▪ ZULU17-250122, QZULUJDK175615 and QZULUJRE175615
▪ ZULU11-250122, QZULUJDK117815 and QZULUJRE117815

▪ Corretto 21.0.6.7.1
▪ CRTO21-250122, QCRTOJDK2106
▪ Corretto 17.0.14.7.1
▪ Corretto 11.0.26.4.1

Apple Release Summary
▪ Security Updates (with CVEs): Apple macOS Sequoia (1), Apple macOS Sonoma (1), Apple
macOS Ventura (1), Apple Safari (1), Google Chrome (3), Firefox (1), Firefox ESR (1),
Microsoft Edge (3), Thunderbird (1), Thunderbird ESR (1)
▪ Security Updates (w/o CVEs): None
▪ Non-Security Updates: 1Password for Mac (2), Adobe Acrobat DC and Acrobat Reader DC
(1), Brave (3), Devolutions Remote Desktop Manager Mac (1), Docker Desktop (1), draw.io (2),
Evernote (5), Microsoft Office Excel (1), Firefox (1), Grammarly (3), Krisp for Mac (1),
LibreOffice (1), Microsoft Edge (1), Obsidian for Mac (1), OneDrive for Mac (1), Microsoft Office
2019 Outlook (1), Microsoft Office Outlook (1), PyCharm Professional (1), Microsoft Office
PowerPoint (1), Skype (2), Slack (2), Spotify (2), Sublime Text Build (1), Thunderbird ESR (1),
Microsoft Teams (Mac) (1), Visual Studio Code (2), VSCodium for Mac (3), WatchGuard Mobile
VPN with SSL 12.10.4 for macOS (1)

Apple Updates with CVE Information
▪ macOS Ventura 13.7.3
▪ Fixes 30 Vulnerabilities: See Apple security bulletin for details
▪ macOS Sonoma 14.7.3
▪ macOS Sequoia 15.3
▪ Safari 18.3 for Ventura and Sonoma
▪ Fixes 7 Vulnerabilities: CVE-2025-24113, CVE-2025-24128, CVE-2025-24143, CVE-
2025-24150, CVE-2025-24158, CVE-2025-24162, CVE-2025-24169

Apple Third Party CVE Information
▪ CHROMEMAC-250123

Apple Third Party CVE Information (cont)
▪ Firefox 135.0
▪ FF-250204
1017, CVE-2025-1018, CVE-2025-1019, CVE-2025-1020
▪ Firefox 128.7.0 ESR
▪ FFE128-250204
1015, CVE-2025-1016, CVE-2025-1017
▪ Thunderbird 128.7.0 ESR
▪ TB-250205
1015, CVE-2025-1016, CVE-2025-1017

▪ Thunderbird 135
▪ TB-250205
1017, CVE-2025-1018, CVE-2025-1019, CVE-2025-1020
▪ Microsoft Edge 132.0.2957.115
▪ MEDGEMAC-250120
0443, CVE-2025-0446, CVE-2025-0447, CVE-2025-0448, CVE-2025-21185, CVE-2025-21399
▪ Microsoft Edge 132.0.2957.127
▪ MEDGEMAC-250124

Q & A

Thank You!

February Patch Tuesday

More Related Content

Similar to February Patch Tuesday

More from Ivanti

Recently uploaded

February Patch Tuesday