Ivanti Patch Tuesday for March 2020

Patch Tuesday Webinar
Wednesday, March 11, 2020
Hosted by: Chris Goettl & Todd Schell
Dial in: 1-877-668-4490 (US)
Event ID: 808 882 610

Copyright©2019Ivanti.Allrightsreserved
Agenda
March 2020 Patch Tuesday Overview
In the News
Bulletins
Q & A
1
2
3
4

 Overview

 In the News

In The News . . .
 SMBGhost
 https://www.zdnet.com/article/details-about-new-smb-wormable-bug-leak-in-
microsoft-patch-tuesday-snafu/
 https://portal.msrc.microsoft.com/en-US/security-
guidance/advisory/adv200005
 Coronavirus being used to socially engineer attacks
 https://threatpost.com/coronavirus-themed-cyberattacks-persists/153493/
 Congressional committee makes 75 recommendations to improve US cyber
defense to respond to and recover from cyberattacks
 https://www.nytimes.com/2020/03/11/us/politics/congress-cyber-solarium.html
 https://www.politico.com/news/2020/03/11/panel-outlines-massive-federal-
cybersecurity-overhaul-125287

Vulnerability of Interest
 CVE-2020-0796 ADV200005 Microsoft Guidance for Disabling SMBv3
Compression
 Microsoft is aware of a remote code execution vulnerability in the way that the Microsoft Server
Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully
exploited the vulnerability could gain the ability to execute code on the target SMB Server or
SMB Client.
 To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a
specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an
SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server
and convince a user to connect to it.
 We will update this advisory when updates are available. If you wish to be notified when this
advisory is updated, we recommend that you register for the security notifications mailer to be
alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
 Affects Win 10Server 1903 and 1909 versions
 Steps to disable and re-enable SMBv3 are outlined in the advisory
Source: Microsoft

Vulnerability of Interest
 CVE-2020-0765 Remote Desktop Connection Manager Information
Disclosure Vulnerability
 An information disclosure vulnerability exists in the Remote Desktop Connection Manager
(RDCMan) application when it improperly parses XML input containing a reference to an
external entity. An attacker who successfully exploited this vulnerability could read arbitrary
files via an XML external entity (XXE) declaration.
 To exploit the vulnerability, an attacker could create an RDG file containing specially crafted
XML content and convince an authenticated user to open the file.
 Microsoft is not planning on fixing this vulnerability in RDCMan and has deprecated the
application. Microsoft recommends using supported Remote Desktop clients and exercising
caution when opening RDCMan configuration files (.rdg).
Source: Microsoft

Microsoft Patch Tuesday Updates of Interest
 Advisory 990001 Latest Servicing Stack Updates (SSU)
 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001
 Many SSUs this month
 Win 7 and Server 20082008 R2 updated
 Microsoft KB did not reflect this
 Development Tool and Other Updates
 Azure DevOps Server 2019
 ChakraCore
 Microsoft Dynamics NAV 2013-2019
 Microsoft Visual Studio 2015-2019
 Service Fabric
 Team Foundation Server 2018-2019
Source: Microsoft

Windows 10 Lifecycle Awareness
 Windows 10 Branch Support
Source: Microsoft

Windows 10 Lifecycle Awareness (cont)
 Enterprise LTSB/LTSC Support
 Complete Lifecycle Fact Sheet
 https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
Source: Microsoft

Weekly Patch BLOG
 Latest Patch Releases
 Microsoft and Third-party
 Security and non-Security
 CVE Analysis
 Security Events of Interest
 Host: Brian Secrist
 https://www.ivanti.com/blog/
topics/patch-tuesday

Patch Content Announcement System
Announcements Now Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

 Bulletins

MS20-03-W10: Windows 10 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 10 Versions 1607, 1703, 1709, 1803, 1809,
1903, 1909, Server 2016, Server 2019, Server 1709, Server 1803, IE 11 and Microsoft
Edge
 Description: This bulletin references 10 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Tampering, Denial of Service, Elevation of Privilege
and Information Disclosure
 Fixes 96 Vulnerabilities: No vulnerabilities are reported Publicly Disclosed or
Exploited. See Details column of Security Update Guide for the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next slides

March Known Issues for Windows 10
 KB 4540670 – Windows 10, Version 1607 and Server 2016
 [Min Password] After installing KB4467684, the cluster service may fail to start with the error
“2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is
configured with greater than 14 characters. Workaround: Set the domain default "Minimum
Password Length" policy to less than or equal to 14 characters. Microsoft is working on a
resolution.
 [32-bit Containers] When using Windows Server containers with the March 10, 2020 updates,
you might encounter issues with 32-bit applications and processes. Workaround: For important
guidance on updating Windows containers, please see Windows container version compatibility.
 KB 4538461 – Windows 10, Version 1809, Server 2019 All Versions
 [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed
may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“
Workaround: Uninstall and reinstall any recently added language packs or select Check for
Updates and install the April 2019 Cumulative Update. See KB for more recovery details.
Microsoft is working on a resolution.
 [32-bit Containers]

March Known Issues for Windows 10
 KB 4540673 – Windows 10 version 1903, Windows Server version 1903,
Windows 10 version 1909
 [32-bit Containers]

MS20-03-IE: Security Updates for Internet Explorer
 Affected Products: Microsoft Internet Explorer 9 (Server 2008 only) and 11
 Description: The fixes that are included in the cumulative Security Update for Internet
Explorer are also included in the March 2020 Security Monthly Quality Rollup. Installing
either the Security Update for Internet Explorer or the Security Monthly Quality Rollup
installs the fixes that are in the cumulative update. This bulletin references 11 KB
articles.
 Impact: Remote Code Execution
 Fixes 6 Vulnerabilities: CVE-2020-0768, CVE-2020-0824, CVE-2020-0830, CVE-
2020-0832, CVE-2020-0833, and CVE-2020-0847.
 Restart Required: Requires browser restart
 Known Issues: [ESU Fail] See next slide.

March Known Issues for Internet Explorer
 KB 4540671 – Internet Explorer 11 on Windows Server 2012 R2, Internet
Explorer 11 on Windows Server 2012, Internet Explorer 11 on Windows Server
2008 R2 SP1, Internet Explorer 11 on Windows 8.1 Update, Internet Explorer
11 on Windows 7 SP1, Internet Explorer 9 on Windows Server 2008 SP2
 [ESU Fail] After installing this update and restarting your device, you might receive the error,
“Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and
the update might show as Failed in Update History.
Workaround: his is expected in the following circumstances:
• If you are installing this update on a device that is running an edition that is not supported
for ESU. For a complete list of which editions are supported, see KB4497181.
• If you do not have an ESU MAK add-on key installed and activated.
If you have purchased an ESU key and have encountered this issue, please verify you have
applied all prerequisites and that your key is activated. For information on activation, please
see this blog post. For information on the prerequisites, see the "How to get this update"
section of this article.

MS20-03-MR2K8-ESU: Monthly Rollup for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008 and IE 9
 Description: This security update includes improvements and fixes that were a part of
update KB 4537810 (released February 11, 2020). Bulletin is based on KB 4541506.
Security updates to Windows App Platform and Frameworks, Microsoft Graphics
Component, Windows Fundamentals, Windows Authentication, Windows Peripherals,
Windows Storage and Filesystems, and Windows Server.
 Impact: Remote Code Execution, Tampering, Elevation of Privilege, and Information
Disclosure
 Fixes 25 + 2 (IE 9) Vulnerabilities: No vulnerabilities are reported Publicly
Disclosed or Exploited. See Details column of Security Update Guide for the complete
list of CVEs.
 Known Issues: See next slide

March Known Issues for Server 2008
 KB 4541506 – Server 2008 (Monthly Rollup)
 KB 4541504 – Server 2008 (Security-only Update)
 [File Rename] Certain operations, such as rename, that you perform on files or folders that are
on a Cluster Shared Volume (CSV) may fail with the error,
“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the
operation on a CSV owner node from a process that doesn’t have administrator privilege.
Workaround: Perform the operation from a process that has administrator privilege or perform
the operation from a node that doesn’t have CSV ownership. Microsoft is working on a
resolution.
 [ESU Fail]

MS20-03-SO2K8-ESU: Security-only Update for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: This bulletin is based on KB 4541504. Security updates to Windows App
Platform and Frameworks, Microsoft Graphics Component, Windows Fundamentals,
Windows Authentication, Windows Peripherals, Windows Storage and Filesystems, and
Windows Server.
Disclosure
 Known Issues: See previous slide

MS20-03-MR7-ESU: Monthly Rollup for Win 7
MS20-03-MR2K8R2-ESU Monthly Rollup for Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11
 Description: his security update includes improvements and fixes that were a part of
update KB 4537820 (released February 11, 2020) . Bulletin is based on KB 4540688.
Security updates to the Microsoft Scripting Engine, Internet Explorer, Windows App
Platform and Frameworks, Microsoft Graphics Component, Windows Fundamentals,
Windows Authentication, Windows Cryptography, Windows Core Networking, Windows
Storage and Filesystems, Windows Peripherals, and Windows Server .
Disclosure
 Fixes 39 + 6 IE Vulnerabilities: No vulnerabilities are reported Publicly Disclosed or
 Known Issues: [File Rename] and [ESU Fail]

MS20-03-SO7-ESU: Security-only Update for Win 7
MS20-03-SO2K8R2-ESU: Security-only Update for Server 2008 R2
 Affected Products: Microsoft Windows 7 SP1, Server 2008 R2 SP1
 Description: Bulletin is based on KB 4541500. Security updates to the Microsoft
Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Microsoft
Graphics Component, Windows Fundamentals, Windows Authentication, Windows
Cryptography, Windows Core Networking, Windows Storage and Filesystems,
Windows Peripherals, and Windows Server .
Disclosure
 Known Issues: [File Rename] and [ESU Fail]

MS20-03-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Server 2012 and IE 11
Platform and Frameworks, Microsoft Graphics Component, Windows Silicon Platform,
Windows Fundamentals, Windows Authentication, Windows Cryptography, Windows
Core Networking, Windows Storage and Filesystems, Windows Peripherals, and
Windows Server.
Disclosure
 Known Issues: [File Rename]

MS20-03-SO8: Security-only Update for Server 2012
 Affected Products: Microsoft Server 2012
 Description: Bulletin is based on KB 4540694. Security updates to Windows App
Core Networking, Windows Storage and Filesystems, Windows Peripherals, and
Windows Server.
Disclosure

MS20-03-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
Kernel, Windows Core Networking, Windows Peripherals, Windows Network Security
and Containers, Windows Storage and Filesystems, and Windows Server.
Disclosure

MS20-03-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
 Description: Bulletin is based on KB 4541505. Security updates to the Microsoft
Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Microsoft
Graphics Component, Windows Silicon Platform, Windows Fundamentals, Windows
Authentication, Windows Cryptography, Windows Kernel, Windows Core Networking,
Windows Peripherals, Windows Network Security and Containers, Windows Storage
and Filesystems, and Windows Server.
Disclosure

MS20-03-OFF: Security Updates for Microsoft Office
 Affected Products: Office 2010-2016, Office 2016 and 2019 for Mac, Word 2010-
2016
 Description: This security update resolves vulnerabilities in several Microsoft Office
applications. This bulletin references 4 KB articles plus release notes for MacOS.
2020-0855 and CVE-2020-0892
 Restart Required: Requires application restart
 Known Issues: None reported

MS20-03-O365: Security Updates for Office 365 ProPlus and
Office 2019
 Affected Products: Office 365 ProPlus, Office 2019
 Description: This month’s update resolved various bugs and performance issues in
Microsoft Office 365 and Office 2019 applications. Information on Office 365 ProPlus
updates is available at https://docs.microsoft.com/en-us/officeupdates/release-notes-
office365-proplus
2020-0855 and CVE-2020-0892
 Restart Required: Requires application restart

MS20-03-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft Enterprise SharePoint Server 2010-2019 and Office
Online Server
 Description: This security update resolves resolves a vulnerability that occurs if
SharePoint Server does not correctly sanitize a specially crafted request to an affected
SharePoint server and also resolves a remote code execution vulnerability that exists
in Microsoft Word software if the program does not correctly handle objects in memory.
This bulletin is based on 11 KB articles.
 Impact: Remote Code Execution and Spoofing
2020-0891, CVE-2020-0892, CVE-2020-0893 and CVE-2020-0894
 Restart Required: Requires Restart

MS20-03-EX: Security Updates for Exchange Server
 Maximum Severity: Important
 Affected Products: Microsoft Exchange Server 2016 - 2019
 Description: This security update fixes across-site-scripting (XSS) vulnerability where
Microsoft Exchange Server does not properly sanitize a specially crafted web request.
This bulletin is based on KB 4540123.
 Impact: Spoofing
 Fixes 1 Vulnerability: CVE-2020-0903
 Known Issues: Must install update with administrator privileges. See KB for
additional details.

FF-200310: Security Update for Firefox
 Affected Products: Mozilla Firefox
 Description: This update provides fixes for 12 vulnerabilities in Firefox 74.
 Impact: Remote Code Execution, Spoofing and Information Disclosure
 Fixes 12 Vulnerabilities: See https://www.mozilla.org/en-
US/security/advisories/mfsa2020-08/ for a list and description of CVEs remediated.

FFE-200310: Security Update for Firefox ESR
 Affected Products: Mozilla Firefox ESR
 Description: This update provides fixes for 7 vulnerabilities in Firefox 68.6.
 Impact: Remote Code Execution and Information Disclosure
 Fixes 7 Vulnerabilities: See https://www.mozilla.org/en-
US/security/advisories/mfsa2020-09/ for a list and description of CVEs remediated.

Between Patch Tuesday’s
New Product Support: .Net Core Runtime, ASP.Net Core Runtime
Security Updates: CCleaner (1), CoreFTP (1), Crowdstrike Falcon Sensor (2), Dropbox
(2), Evernote (1), Firefox (1), FileZilla (1), GIMP (1), GIT for Windows (1), GoodSync (5),
Google Chrome (5), GoToMeeting (1), LibreOffice (1), LogMeIn (1), Microsoft (17), Nitro
Pro (2), Node.JS (4), Notepad++ (1), Opera (5), Oracle VirtualBox (3), Plex Media Player
(3), Plex Media Server (2), PeaZip (1), RealPlayer (1), Skype (1), Splunk Forwarder (1),
Tableau (10), TortoiseGit (1), Tomcat (3), TeamViewer (1), UltraVNC (1), WinSCP (2),
Wireshark (3)
Non-Security Updates: AIM (1), Azure Information Protection Client (1), Allway Sync
(1), Bandicut (1), Beyond Compare (1), CutePDF (1), GOM Player (2), Microsoft (34),
Paint.net (1), R for Windows (1), Royal TS (2), RealVNC Viewer (1), Zoom Client (3)

Third Party CVE Information
 SeaMonkey 2.53.1
 SM20-200228, QSM2531
2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363,
CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-
12368, CVE-2018-12371
 Google Chrome 80.0.3987.122
 CHROME-200224, QGC8003987122
 Fixes 2 Vulnerabilities: CVE-2020-6407, CVE-2020-6418
 Google Chrome 80.0.3987.132
 CHROME-200303, QGC8003987132

Third Party CVE Information (cont)
 Microsoft Edge 80.0.361.62
 MEDGE-200225, QMEDGE80036162
2020-6407, CVE-2020-6418
 Microsoft Edge 80.0.361.66
 MEDGE-200304, QMEDGE80036166

Ivanti Patch Tuesday for March 2020

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Ivanti Patch Tuesday for March 2020

Similar to Ivanti Patch Tuesday for March 2020 (20)

More from Ivanti

More from Ivanti (20)

Recently uploaded

Recently uploaded (11)

Ivanti Patch Tuesday for March 2020