The document is a summary of the Patch Tuesday webinar held on July 11, 2018, detailing updates on vulnerabilities, guidance for mitigating risks related to Spectre and Meltdown, and notable updates across various Microsoft products. It details specific security vulnerabilities categorized by their CVE numbers along with the potential impacts and mitigation strategies. Additional updates on Adobe security fixes and issues related to Windows and third-party software are also highlighted.

1. Patch Tuesday Webinar
Wednesday, Jul 11, 2018
Hosted by: Chris Goettl & Todd Schell
Dial in: 1-877-668-4490 (US)
Event ID: 809 039 342

2. Agenda
July 2018 Patch Tuesday Overview
In the News
Bulletins
Q & A
1
2
3
4

3.  Overview

5.  In the News

6. In the News
 Over 800 e-commerce sites exposed to digital card skimming
 https://www.darkreading.com/attacks-breaches/ticketmaster-breach-part-of-
massive-payment-card-hacking-campaign/d/d-id/1332266
 Two new SpectreMeltdown sub variants discovered
 https://thehackernews.com/2018/07/intel-spectre-vulnerability.html
 Spectre and Meltdown Update
 ADV180002 - Guidance to mitigate speculative execution side-channel
vulnerabilities
 ADV180012 - Microsoft Guidance for Speculative Store Bypass
 ADV180016 - Microsoft Guidance for Lazy FP State Restore
 Oracle CPU due to release Tuesday July 17th
 Watch for a Java update! April release had 14 CVEs, 12 were remotely
exploitable without authentication. 3 were rated at 8.3 on CVSSv3

7. Publicly Disclosed Vulnerabilities
 CVE-2018-8278 - Microsoft Edge Spoofing Vulnerability
 A spoofing vulnerability exists when Microsoft Edge improperly handles specific
HTML content. An attacker who successfully exploited this vulnerability could
trick a user into believing that the user was on a legitimate website. The specially
crafted website could either spoof content or serve as a pivot to chain an attack
with other vulnerabilities in web services. To exploit the vulnerability, the user
must either browse to a malicious website or be redirected to it. In an email
attack scenario, an attacker could send an email message in an attempt to
convince the user to click a link to a malicious site.
 CVE-2018-8313 - Windows Elevation of Privilege Vulnerability
 An elevation of privilege vulnerability exists in the way that the Windows Kernel
API enforces permissions. An attacker who successfully exploited the
vulnerability could impersonate processes, interject cross-process
communication, or interrupt system functionality. To exploit the vulnerability, a
locally authenticated attacker could run a specially crafted application.

8. Publicly Disclosed Vulnerabilities
 CVE-2018-8214 - Windows Elevation of Privilege Vulnerability
 An elevation of privilege vulnerability exists when Windows fails a check, allowing
a sandbox escape. An attacker who successfully exploited the vulnerability could
use the sandbox escape to elevate privileges on an affected system. This
vulnerability by itself does not allow arbitrary code execution. However, the
vulnerability could allow arbitrary code to run if an attacker uses it in combination
with another vulnerability, such as a remote code execution vulnerability or
another elevation of privilege vulnerability, that can leverage the elevated
privileges when code execution is attempted.

9. Microsoft Notable June Out-of-Band Releases
 ADV180010 - June 2018 Oracle Outside In Library Security Update
 Released June 19th
 Addressed Oracle Outside In Library vulnerabilities
 CVE-2018-2768, CVE-2018-2806, CVE-2018-2801
 Microsoft Exchange Server 2010, 2013, 2016

10. Windows 10 Lifecycle Awareness
 Windows 10 Branch Support: End of Service for 2018
 Branch 1703 scheduled for October 9
 Windows 10 Version 1607, 1703, and 1709 will continue to receive security-
only updates for 6 months past EOS dates
 Supported Editions
 Windows 10 Education
 Windows 10 Enterprise
 Unsupported Editions
 Windows 10 Home
 Windows 10 Pro
 Windows 10 Version 1607 is in extended support now until October 9
 Everyone strongly urged to update to latest version of Windows 10
 Windows lifecycle fact sheet

11. Other Microsoft Information
 Service Stack Update (SSU) KB 4132216 must be installed before installing
the latest cumulative update KB 4338814 on Windows 10 Version 1607. The
cumulative update will not be reported as applicable until the SSU is
installed.
 Development Tool Security Releases
 ASP.NET Core versions 1.0, 1.1 and 2.0
 ASP.NET Web Pages and MVC for Visual Studio
 Visual Studio 2010-2017

12. Weekly Patch BLOG
 Latest Patch Releases
 Microsoft and Third-party
 Security and non-Security
 CVE Analysis
 Security Events of Interest
 Host: Brian Secrist
 https://www.ivanti.com/blog/
topics/patch-tuesday

13. New Patch Content Announcement System
 Announcements Posted on Community Pages
 https://community.ivanti.com/community/other/bulletins/patch-content-
notifications
 Separate pages by product
NOTE: Linux/UNIX/Mac still under construction

14. Automated Patch Content Notification
 Email and RSS Feed Notification Options Available
 Subscription Managed from the News Page
 https://community.ivanti.com/news?channel=news
 Complete instructions at https://community.ivanti.com/docs/DOC-68623
 Subscribe to one or more products
 Include Brian’s BLOG in your Subscription to get the Latest Info!
 NOTE: Legacy Notifications from Listserv end after August Patch Tuesday

15.  Bulletins

16. APSB18-21: Security Update for Adobe Acrobat and Reader
 Maximum Severity: Critical
 Affected Products: Adobe Acrobat and Reader (all current versions)
 Description: Adobe has released security updates for Adobe Acrobat and Reader for
Windows and macOS. These updates address critical and important vulnerabilities.
Successful exploitation could lead to arbitrary code execution in the context of the
current user.
 Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
 Fixes 104 Vulnerabilities: See APSB18-21 for complete list.
 Restart Required: Requires application restart
 NOTE: Support for Adobe Acrobat 11.x and Adobe Reader 11.x ended on October 15,
2017. Version 11.0.23 is the final release for Adobe Acrobat 11.x and Adobe Reader
11.x.

17. APSB18-24: Security Update for Adobe Flash Player
 Maximum Severity: Critical
 Affected Products: Adobe Flash Player for Desktop Runtime, Google Chrome,
Internet Explorer 11 and Edge
 Description: Adobe has released security updates for Adobe Flash Player for
Windows, macOS, Linux and Chrome OS. These updates address critical
vulnerabilities in Adobe Flash Player 30.0.0.113 and earlier versions. Successful
exploitation could lead to arbitrary code execution in the context of the current user.
 Impact: Remote Code Execution and Information Disclosure
 Fixes 2 Vulnerabilities: CVE-2018-5007, CVE-2018-5008
 Restart Required: Requires application restart

18. MS18-07-AFP: Security Update for Adobe Flash Player
 Maximum Severity: Critical
 Affected Products: Adobe Flash Player
 Description: This security update resolves vulnerabilities in Adobe Flash Player that is
installed on any supported edition of Windows Server Version 1803, Windows 10
Version 1803, Windows Server 2016 Version 1709, Windows 10 Version 1709,
Windows 10 Version 1703, Windows Server 2016, Windows 10 Version 1607, Windows
10 (RTM), Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. This bulletin is
based on KB 4338832 and ADV180017.
 Impact: Remote Code Execution
 Fixes 2 Vulnerabilities: CVE-2018-5007, CVE-2018-5008
 Restart Required: Requires application restart

19. MS18-07-W10: Windows 10 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 10 Versions 1607, 1703, 1709, 1803, Server
2016, Server 1709, Server 1803, IE 11 and Microsoft Edge
 Description: This bulletin references 8 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing, Elevation of Privilege, and Information Disclosure
 Fixes 31 Vulnerabilities: CVE-2018-8278, CVE-2018-8313, and CVE-2018-8314
are publicly disclosed. See Details column of Security Update Guide for complete list of
CVEs.
 Restart Required: Requires restart
 Known Issues: See next slide

20. July’s Known Issues for Windows 10
 KB 4338825 - Windows 10 version 1709
 Some non-English platforms may display the following string in English instead of the localized
language: ”Reading scheduled jobs from file is not supported in this language mode.” This error
appears when you try to read the scheduled jobs you've created and Device Guard is enabled.
 When Device Guard is enabled, some non-English platforms may display the following strings in
English instead of the localized language:
 "Cannot use '&' or '.' operators to invoke a module scope command across language boundaries."
 "'Script' resource from 'PSDesiredStateConfiguration' module is not supported when Device Guard is
enabled. Please use 'Script' resource published by PSDscResources module from PowerShell Gallery."
 Workaround – None. Microsoft is working on a resolution.
 KB 4338814 - Windows 10 version 1607, Windows Server 2016
 After installing this update on a DHCP Failover Server, Enterprise clients may receive an invalid
configuration when requesting a new IP address. This may result in loss of connectivity as
systems fail to renew their leases.
 Workaround – None. Microsoft is working on a resolution.

21. MS18-07-IE: Security Updates for Internet Explorer
 Maximum Severity: Critical
 Affected Products: Microsoft Internet Explorer 9, 10 and 11
 Description: These security updates resolve several reported vulnerabilities in Internet
Explorer. The fixes that are included in this Security Update for Internet Explorer (KB
4339093) are also included in the July 2018 Security Monthly Quality Rollup. Installing
either the Security Update for Internet Explorer or the Security Monthly Quality Rollup
installs the fixes that are in this update. This bulletin references 9 KB articles.
 Impact: Remote Code Execution and Security Feature Bypass
 Fixes 6 vulnerabilities: CVE-2018-0949, CVE-2018-8242, CVE-2018-8287, CVE-
2018-8288, CVE-2018-8291, CVE-2018-8296
 Restart Required: Requires browser restart
 Known Issues: None reported

22. MS18-07-2K8: Windows Server 2008
 Maximum Severity: Important
 Affected Products: Microsoft Windows Server 2008
 Description: Security updates to Windows apps, Windows graphics, Windows Shell,
Windows datacenter networking, Windows wireless networking, and Windows
virtualization. Provides protections from an additional subclass of speculative execution
side channel vulnerability known as Speculative Store Bypass (CVE-2018-3639).
Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) on some
AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2. This
bulletin references 7 KB articles.
 Impact: Security Feature Bypass, Denial of Service, and Elevation of Privilege
 Fixes 7 Vulnerabilities: CVE-2018-8206, CVE-2018-8282, CVE-2018-8304, CVE-
2018-8307, CVE-2018-8308, CVE-2018-8309, CVE-2018-8314
 Restart Required: Requires restart
 Known Issues: None reported

23. MS18-07-MR7: Monthly Rollup for Win 7 and Server 2008 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 4284842 (released June 21, 2018). It includes security updates for Internet
Explorer, Windows apps, Windows graphics, Windows Shell, Windows datacenter
networking, Windows wireless networking, and Windows virtualization. Provides
protections for an additional vulnerability involving side-channel speculative execution
known as Lazy Floating Point (FP) State Restore (CVE-2018-3665) for 64-Bit (x64)
versions of Windows. This bulletin is based on KB 4338818.
 Impact: Security Feature Bypass, Denial of Service and Elevation of Privilege
 Fixes 7 (shown) + 6 (IE) Vulnerabilities: CVE-2018-8206, CVE-2018-8282, CVE-
2018-8304, CVE-2018-8307, CVE-2018-8308, CVE-2018-8309, CVE-2018-8314
 Restart Required: Requires restart
 Known Issues: See next slide

24. July’s Known Issue for Windows 7 and Server 2008 R2
 KB 4338818 - Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
 There is an issue with Windows and third-party software that is related to a missing file
(oem<number>.inf). Because of this issue, after you apply this update, the network interface
controller will stop working.
 Workaround –
1.To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
2.To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes
from the Action menu.
a. Alternatively, install the drivers for the network device by right-clicking the device and
selecting Update. Then select Search automatically for updated driver software or Browse
my computer for driver software.

25. MS18-07-SO7: Security-only Update for Win 7 and Server 2008 R2
 Maximum Severity: Important
 Affected Products: Microsoft Windows 7 and Server 2008 R2
 Description: Security updates to Windows apps, Windows graphics, Windows Shell,
Windows datacenter networking, Windows wireless networking, and Windows
virtualization. Provides protections for an additional vulnerability involving side-channel
speculative execution known as Lazy Floating Point (FP) State Restore (CVE-2018-3665)
for 64-Bit (x64) versions of Windows. This bulletin is based on KB 4338823.
 Impact: Security Feature Bypass, Denial of Service and Elevation of Privilege
 Fixes 7 Vulnerabilities: CVE-2018-8206, CVE-2018-8282, CVE-2018-8304, CVE-2018-
8307, CVE-2018-8308, CVE-2018-8309, CVE-2018-8314
 Restart Required: Requires restart
 Known Issues: No known issues

26. MS18-07-MR8: Monthly Rollup for Server 2012
 Maximum Severity: Critical
 Affected Products: Microsoft Server 2012 and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 4284852 (released June 21, 2018). Security updates to Internet Explorer,
Windows apps, Windows graphics, Windows datacenter networking, Windows
virtualization, and Windows kernel. Includes additional protections for Spectre Variant
2 and Meltdown vulnerabilities. This bulletin is based on KB 4338830.
 Impact: Security Feature Bypass, Denial of Service and Elevation of Privilege
 Fixes 8 (shown) + 6 (IE) Vulnerabilities: CVE-2018-8206, CVE-2018-8282, CVE-
2018-8304, CVE-2018-8307, CVE-2018-8308, CVE-2018-8309, CVE-2018-8313, CVE-
2018-8314
 Restart Required: Requires restart
 Known Issues: None reported

27. MS18-07-SO8: Security-only Update for Server 2012
 Maximum Severity: Important
 Affected Products: Microsoft Server 2012
 Description: Security updates to Windows apps, Windows graphics, Windows
datacenter networking, Windows virtualization, and Windows kernel. Includes
additional protections for Spectre Variant 2 and Meltdown vulnerabilities. This bulletin is
based on KB 4338820.
 Impact: Security Feature Bypass, Denial of Service and Elevation of Privilege
 Fixes 8 Vulnerabilities: CVE-2018-8206, CVE-2018-8282, CVE-2018-8304, CVE-
2018-8307, CVE-2018-8308, CVE-2018-8309, CVE-2018-8313, CVE-2018-8314
 Restart Required: Requires restart
 Known Issues: None reported

28. MS18-07-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 4284863 (released June 21, 2018). Security updates to Internet Explorer,
Windows apps, Windows graphics, Windows Shell, Windows datacenter networking,
Windows virtualization, and Windows kernel. Includes additional protections for Spectre
Variant 2 and Meltdown vulnerabilities. This bulletin is based on KB 4338815.
 Impact: Security Feature Bypass, Denial of Service and Elevation of Privilege
 Fixes 8 (shown) + 6 (IE) Vulnerabilities: CVE-2018-8206, CVE-2018-8282, CVE-
2018-8304, CVE-2018-8307, CVE-2018-8308, CVE-2018-8309, CVE-2018-8313, CVE-
2018-8314
 Restart Required: Requires restart
 Known Issues: None reported

29. MS18-07-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Maximum Severity: Important
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
 Description: Security updates to Windows apps, Windows graphics, Windows Shell,
Windows datacenter networking, Windows virtualization, and Windows kernel.
Includes additional protections for Spectre Variant 2 and Meltdown vulnerabilities. This
bulletin is based on KB 4338824.
 Impact: Security Feature Bypass, Denial of Service and Elevation of Privilege
 Fixes 8 Vulnerabilities: CVE-2018-8206, CVE-2018-8282, CVE-2018-8304, CVE-
2018-8307, CVE-2018-8308, CVE-2018-8309, CVE-2018-8313, CVE-2018-8314
 Restart Required: Requires restart
 Known Issues: None reported

30. MS18-07-OFF: Security Updates for Microsoft Office
 Maximum Severity: Important
 Affected Products: Office 2010-2016, Office 2016 for Mac, Access 2013-2016, Word
2010-2016. Lync 2013, Skype for Business 2016
 Description: This security update resolves vulnerabilities in most Microsoft Office
applications. This bulletin references 13 KB articles and Release Notes.
 Impact: Remote Code Execution, Security Feature Bypass, Tampering
 Fixes 5 Vulnerabilities: CVE-2018-8238, CVE-2018-8281, CVE-2018-8310, CVE-
2018-8311, CVE-2018-8312
 Restart Required: Requires application restart
 Known Issues: None reported

31. MS18-07-O365: Security Updates for Microsoft Office 365
 Maximum Severity: Important
 Affected Products: Office 2016
 Description: This security update resolves vulnerabilities in most Microsoft Office 365
applications. Information on Office 365 updates is available at
https://technet.microsoft.com/en-us/office/mt465751
 Impact: Remote Code Execution, Tampering
 Fixes 3 Vulnerabilities: CVE-2018-8281, CVE-2018-8310, CVE-2018-8312
 Restart Required: Requires application restart
 Known Issues: None reported

32. MS18-07-SPT: Security Updates for SharePoint Server
 Maximum Severity: Important
 Affected Products: Microsoft Enterprise SharePoint Server 2013, 2016
 Description: This security update resolves vulnerabilities in Microsoft Office that could
allow remote code execution if a user opens a specially crafted Office file. This update
contains many non-security fixes as well. This bulletin is based on KBs 4022228,
4022235 and 4022243.
 Impact: Remote Code Execution, Elevation of Privilege
 Fixes 3 Vulnerabilities: CVE-2018-8299, CVE-2018-8300, CVE-2018-8323
 Restart Required: Requires Restart
 Known Issues: None reported

33. MS18-07-MRNET: Monthly Rollup for Microsoft .Net
 Maximum Severity: Important
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7.2
 Description: This security update resolves a remote code execution vulnerability by
correcting how .NET Framework validates input; it addresses the elevation of privilege
vulnerability by correcting how .NET Framework enables COM objects, and addresses
the security feature bypass vulnerability by making sure that .NET Framework
components correctly validate certificates. This bulletin references 9 KB articles.
 Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege
 Fixes 3 vulnerabilities: CVE-2018-8202, CVE-2018-8260, CVE-2018-8284
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

34. MS18-07-SONET: Security-only Update for Microsoft .Net
 Maximum Severity: Important
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7.2
 Description: This security update resolves a remote code execution vulnerability by
correcting how .NET Framework validates input; it addresses the elevation of privilege
vulnerability by correcting how .NET Framework enables COM objects, and addresses
the security feature bypass vulnerability by making sure that .NET Framework
components correctly validate certificates. This bulletin references 10 KB articles.
 Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege
 Fixes 3 vulnerabilities: CVE-2018-8202, CVE-2018-8260, CVE-2018-8284
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

35. AI18-005: Security Update for Apple iTunes
 Maximum Severity: Not Rated by Apple
 Affected Products: iTunes for Windows releases prior to version 12.8
 Description: iTunes 12.8 for Windows provides security fixes and new features.
 Impact: Remote Code Execution, Denial of Service, Information Disclosure
 Fixes 14 Vulnerabilities: CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-
2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-
2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-
2018-4293
 Restart Required: Requires restart

36. ICLOUD-012: Security Update for Apple iCloud
 Maximum Severity: Not Rated by Apple
 Affected Products: iCloud for Windows releases prior to version 7.6
 Description: iCloud for Windows 7.6 provides security fixes and new features.
 Impact: Remote Code Execution, Denial of Service, Information Disclosure
 Fixes 14 Vulnerabilities: CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-
2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-
2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-
2018-4293
 Restart Required: Requires restart

37. Non-Security Updates
 Maximum Severity: Recommended
 Affected Products: Apple Mobile Device Support
 Description: Non-Security updates may include critical bug fixes and feature
updates. Depending on what version you are updating from a Non-Security
update could include security fixes from previous updates you have not yet
applied. Ivanti recommends updating 3rd party applications as regularly as
possible to ensure additional security threats are not exposed.

38. Between Patch Tuesday’s
New Product Support: Visual Studio Code, VMware Horizon Client 4
Security Updates: CCleaner (1), Google Chrome (1), Firefox (4), FileZilla (1), GIMP
(1), LibreOffice (1), Notepad++ (1), Opera (5), Thunderbird (1), Apache Tomcat (4),
UltraVNC (1), WinRAR (1)
Non-Security Updates: AIMP (1), Allway Sync (1), Beyond Compare (1), Blue Jeans
(1), Dropbox (1), Evernote (1), GOM Player (1), GoodSync (1), Microsoft (34), Oracle
VirtualBox (1), Power BI Desktop (2), PDF-XChange Pro (1), Plex Media Player (2),
RealVNC (1), Skype (2), Snagit (2), TortoiseHG (1), VMWare Horizon Client (1), Webex
Meeting Center (1), Zoom Client (3)

39. Third Party CVE Information
 Firefox ESR 52.9.0
 FFE18-5290, QFFE5290
 Fixes 15 Vulnerabilities: CVE-2018-5156, CVE-2018-5187, CVE-2018-5188,
CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-
2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-
12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12371
 Thunderbird 52.9.0
 TB18-5290, QTB5290
 Fixes 12 Vulnerabilities: CVE-2018-5188, CVE-2018-12359, CVE-2018-12360,
CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-
2018-12366, CVE-2018-12368, CVE-2018-12372, CVE-2018-12373, CVE-2018-
12374

40. Third Party CVE Information (cont)
 Firefox ESR 60.1
 FFE18-5290, QFFE5290
 Fixes 10 Vulnerabilities: CVE-2018-5156, CVE-2018-5188, CVE-2018-12359,
CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-
2018-12365, CVE-2018-12366, CVE-2018-12368
 Firefox 61
 TB18-012, QFF610
 Fixes 18 Vulnerabilities: CVE-2018-5156, CVE-2018-5186, CVE-2018-5187,
CVE-2018-5188, CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-
2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-
12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369,
CVE-2018-12370, CVE-2018-12371

41. Third Party CVE Information (cont)
 Opera 54.0.2952.41
 Bulletin OPERA-172, QOP540295241
 Fixes 1 Vulnerability: CVE-2018-6149
 Apache Tomcat 7.0.90
 Bulletin TOMCAT-114, QTOMCAT7090
 Fixes 1 Vulnerability: CVE-2018-8014
 Apache Tomcat 8.5.32
 Bulletin TOMCAT-112, QTOMCAT8532
 Fixes 1 Vulnerability: CVE-2018-8014
 Apache Tomcat 9.0.10
 Bulletin TOMCAT-113, QTOMCAT9010
 Fixes 1 Vulnerability: CVE-2018-8014

42. New Webinars
 Second ‘Patch Tuesday Webinar’ recording at a Europe-friendly time
 Hosted by Chris Goettl and Todd Schell
 July 12 at 1pm BST | 2pm CEST
 https://go.ivanti.com/Webinar-July-Patch-Tuesday-071218.html
 New bi-monthly series - Insights for Windows 10 in the Enterprise Series
 Hosted by Rex McMillan and Adam Smith
 Insider preview of upcoming changes at Microsoft, interview industry experts and
customers, migration tips, best practices, Q&A
 August 22nd at 8am PT | 11am ET
 https://go.ivanti.com/Webinar-0822-Windows-10-Enterprise-Beast.html

44. Thank You