SlideShare a Scribd company logo

March 2018 Patch Tuesday Ivanti

Download as PPTX, PDF
Ivanti
Ivanti

March is synonymous with luck, and this March Patch Tuesday luck is on your side. There are some Critical updates. And Microsoft resolved two publicly disclosed vulnerabilities, so you'll want to patch those holes before someone turns your luck from good to bad. And of course - because they're far from as rare as a four-leaf clover - the Meltdown and Spectre updates continue to roll out. But all in all, it looks like you'll get your pot of gold this month in the form of time back to focus on core business goals.

Software
1 of 38
Patch Tuesday Webinar Wednesday, March 14, 2018 Hosted by: Chris Goettl & Todd Schell Dial in: 1-877-668-4490 (US) Event ID: 800 479 916
Agenda March 2018 Patch Tuesday Overview In the News Bulletins Q & A 1 2 3 4
 Overview
 In the News
In the News -  Update on Meltdown and Spectre:  https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its- own/  Updated - https://portal.msrc.microsoft.com/en-US/security- guidance/advisory/ADV180002  Ivanti Product Related Articles:  https://community.shavlik.com/docs/DOC-24510 (Shavlik)  https://community.ivanti.com/docs/DOC-66046 (LANDESK)  https://community.ivanti.com/docs/DOC-63022 (HEAT)
Known Issues Things to be aware of  Windows 10 Branch Support: End of Service for 2018  Branch 1607 scheduled for April 10 (extended from March 2018)  Branch 1703 scheduled for October 9 (extended from September 2018)  Windows 10 Version 1511, 1607, 1703, and 1709 will continue to receive security-only updates for 6 months past EOS dates  Version 1511 final update on April 10  Supported Editions  Windows 10 Education  Windows 10 Enterprise  Unsupported Editions  Windows 10 Home  Windows 10 Pro  Everyone strongly urged to update to latest version of Windows 10  Windows lifecycle fact sheet
Known Issues Things to be aware of  https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve- 2018-0886-march-13-2018  Microsoft lifted the regkey check in Windows 10 to protect additional devices  Microsoft still limits patch installation based on AV regkey in Windows 7, 8.1, Server 2008, and Server 2012  Because of an issue that affects some versions of antivirus software, this fix applies only to computers on which the antivirus ISV updated the ALLOW REGKEY.  Contact your antivirus manufacturer to verify that their software is compatible and that they have set the following REGKEY on the computer: Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWAREMicrosoftWindowsCurrentVersionQualityCompat" Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD” Data="0x00000000”  Multiple KBs referenced in today’s webinar slides
Public Disclosures  CVE-2018-0808 - ASP.NET Core Denial of Service Vulnerability  A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.  A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core application.  CVE-2018-0940 - Microsoft Exchange Elevation of Privilege Vulnerability  An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly sanitize links presented to users. An attacker who successfully exploited this vulnerability could override the OWA interface with a fake login page and attempt to trick the user into disclosing sensitive information.  To exploit the vulnerability, an attacker could send a specially crafted email message containing a malicious link to a user. The user would have to click the malicious link in order to be susceptible to the vulnerability.
 Bulletins
MS18-03-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1511, 1607, 1703, 1709, Server 2016, IE 11 and Microsoft Edge  Description: This bulletin references 5 KB articles. See KBs for list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 49 Vulnerabilities: There are no publicly disclosed or known exploited vulnerabilities this month. See Details column of Security Update Guide for complete list.  Restart Required: Requires restart  Known Issues: See next slide  NOTE: Education and Enterprise versions of Windows 10 will be supported 6 months beyond EOS date. Windows 10 version 1511 support ends April 10, 2018.
March’s Known Issues for Windows 10  KB 4088776 - Windows 10 version 1709  Windows Update History reports that KB 4054517 failed to install because of error 0x80070643. Even though the update was successfully installed, Windows Update incorrectly reports that the update failed to install. Select Check for Updates to confirm that there are no additional updates available. Recommended action is to ignore message for now as it is installing properly.  Users with Windows 10 Version 1709 Enterprise that have installed the January 2018 Delta package may encounter failure issues when installing the February and March 2018 updates from the Microsoft Update Catalog. Specifically, the Windows 10, version 1709 February Delta Update may silently fail. Recommended action is to uninstall the Windows 10 version 1709 January KB 4056892 Delta Update package and install the March 2018 full latest cumulative update, KB 4088776. Customers may resume using Delta Update packages with the April 2018 Windows 10 version 1709 monthly cumulative update.
MS18-03-IE: Security Updates for Internet Explorer  Maximum Severity: Critical  Affected Products: Microsoft Internet Explorer 9, 10 and 11  Description: These security updates resolve several reported vulnerabilities in Internet Explorer. The fixes that are included in Security Update for Internet Explorer KB 4089187 are also included in the March 2018 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in the cumulative update. This bulletin references 9 KB articles.  Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure  Fixes 7 vulnerabilities: CVE-2018-0889, CVE-2018-0891, CVE-2018-0927, CVE- 2018-0929, CVE-2018-0932, CVE-2018-0935, CVE-2018-0942  Restart Required: Requires browser restart  Known Issues: These fixes can be installed only on systems that have the AV ALLOW REGKEY properly set, except IE 11 updates on Windows 10
MS18-03-AFP: Security Update for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player that is installed on any supported edition of Windows Server Version 1709, Windows Server 2016, Windows 10 Version 1709 (Fall Creators Update), Windows 10 Version 1703 (Creators Update), Windows 10 Version 1607, Windows 10 Version 1511, Windows 10 RTM, Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. This bulletin is based on KB 4088785.  Impact: Remote Code Execution  Fixes 2 Vulnerabilities: CVE-2018-4919, CVE-2018-4920  Restart Required: Requires application restart
APSB18-05: Security Update for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to remote code execution in Adobe Flash Player 28.0.0.161 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution  Fixes 2 Vulnerabilities: CVE-2018-4919, CVE-2018-4920  Restart Required: Requires application restart
MS18-03-EX: Security Updates for Exchange Server  Maximum Severity: Important (Elevated to Critical by Ivanti)  Affected Products: Microsoft Exchange Server 2010-2016  Description: This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). This bulletin is based on KB 4073392 and KB 4073537.  Impact: Elevation of Privilege and Information Disclosure  Fixes 3 Vulnerabilities: CVE-2018-0924, CVE-2018-0940, CVE-2018-0941  Restart Required: Requires Restart  Known Issues: See next slide
March’s Known Issues for Exchange Server  KB 4073392 - Exchange Server 2013 Service Pack 1, Exchange Server 2016 Enterprise Edition, Exchange Server 2013 Enterprise  Exchange services may remain in a disabled state after you install this security update. Use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually.  When you try to manually install this security update in "normal mode" (not running the update as an administrator) and by double-clicking the update file (.msp), some files are not correctly updated. When this issue occurs, you do not receive an error message or any indication that the security update is not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using UAC (user account control). The issue occurs because the security update does not correctly stop certain Exchange-related services. To avoid this issue, run the security update in elevated mode as an administrator. To do this, right click the update file, and then click Run as Administrator.  KB 4073537 – Exchange Server 2010 Service Pack 3  Same disabled state as mentioned above.  In addition, the fix for KB4054456 caused an issue in which EWS impersonation may no longer work when you try to access resource mailboxes in a different site. This issue will be fixed in a future update in Exchange Server 2010 Service Pack 3.
MS18-03-MR7: Monthly Rollup for Win 7 and Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4075211 (released February 21, 2018). This bulletin includes updates for IE. This bulletin is based on KB 4088875.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 22 (shown) + 7 (IE) Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE- 2018-0814, CVE-2018-0815, CVE-2018-0816, CVE-2018-0817, CVE-2018-0868, CVE- 2018-0878, CVE-2018-0881, CVE-2018-0883, CVE-2018-0885, CVE-2018-0886, CVE- 2018-0888, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE- 2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904  Restart Required: Requires restart  Known Issues: See upcoming slide
MS18-03-SO7: Security-only Update for Win 7 and Server 2008 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Security updates to the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V. This bulletin is based on KB 4088878.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 22 Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE- 2018-0815, CVE-2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE- 2018-0881, CVE-2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE- 2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE- 2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904  Restart Required: Requires restart  Known Issues: See next slide
March’s Known Issues for Windows 7 and Server 2008 R2  KB 4088875 - Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1  After installing this update, SMB servers may leak memory. Microsoft is investigating.  A Stop error occurs if this update is applied to a 32-Bit (x86) machine with the Physical Address Extension (PAE) mode disabled. Enable PAE as workaround. Microsoft is investigating.  A Stop error occurs on machines that don't support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2). Microsoft is investigating.  This fix applies only to computers on which the antivirus ISV updated the ALLOW REGKEY. See In the News earlier for details on setting the ALLOW REGKEY.  KB 4088878 – Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1  Same four issues for the Security Only update as listed above for Monthly Rollup
MS18-03-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB 4075213 (released February 21, 2018). This bulletin includes updates for IE. This bulletin is based on KB 4088877.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 21 (shown) + 7 (IE) Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE- 2018-0814, CVE-2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE- 2018-0881, CVE-2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE- 2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE- 2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904  Restart Required: Requires restart  Known Issues: These fixes can be installed only on systems that have the AV ALLOW REGKEY properly set.
MS18-03-SO8: Security-only Update for Server 2012  Maximum Severity: Important  Affected Products: Microsoft Server 2012  Description: Security updates to the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V. This bulletin is based on KB 4088880.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 21 Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE- 2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE-2018-0881, CVE- 2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE-2018-0894, CVE- 2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE- 2018-0900, CVE-2018-0901, CVE-2018-0904  Restart Required: Requires restart  Known Issues: These fixes can be installed only on systems that have the AV ALLOW REGKEY properly set.
MS18-03-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4075212 (released February 21, 2018). This bulletin includes updates for IE. This bulletin is based on KB 4088876.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 21 (shown) + 7 (IE) Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE- 2018-0814, CVE-2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE- 2018-0881, CVE-2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE- 2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE- 2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904  Restart Required: Requires restart  Known Issues: These fixes can be installed only on systems that have the AV ALLOW REGKEY properly set.
MS18-03-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Security updates to the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V. This bulletin is based on KB 4088879.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 21 Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE- 2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE-2018-0881, CVE- 2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE-2018-0894, CVE- 2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE- 2018-0900, CVE-2018-0901, CVE-2018-0904  Restart Required: Requires restart  Known Issues: These fixes can be installed only on systems that have the AV ALLOW REGKEY properly set.
MS18-03-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Office 2007-2016 and 2016 for mac, Access 2010-2016, Excel 2007-2016, Web Apps and Project Server, Word 2007-2016  Description: This security update resolves vulnerabilities in most Microsoft Office applications. This bulletin references 18 KB articles plus Release Notes for mac.  Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and Information Disclosure  Fixes 13 Vulnerabilities: CVE-2018-0903, CVE-2018-0907, CVE-2018-0909, CVE- 2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE- 2018-0915, CVE-2018-0916, CVE-2018-0919, CVE-2018-0922, CVE-2018-0944  Restart Required: Requires application restart  Known Issues: None reported. You must have the latest service packs installed in order to install many of these security patches. Example, Office 2010 SP2, Excel 2013 SP1, etc.
MS18-03-O365: Security Updates for Microsoft Office 365  Maximum Severity: Important  Affected Products: Access, Excel, and Word in Semi-Annual Channels 1705 and 1708  Description: This security update resolves vulnerabilities in most Microsoft Office 365 applications. Information on Office 365 updates is available at https://technet.microsoft.com/en-us/office/mt465751  Impact: Remote Code Execution, Security Feature Bypass, Information Disclosure  Fixes 3 Vulnerabilities: CVE-2018-0903, CVE-2018-0907, CVE-2018-0919  Restart Required: Requires application restart  Known Issues: None reported.  NOTE: Former Deferred channel is now called the Semi-Annual channel.
MS18-03-2K8: Windows Server 2008  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2008  Description: Security updates to the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V. This bulletin references 8 KB articles.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information Disclosure  Fixes 21 Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE- 2018-0815, CVE-2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE- 2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE-2018-0894, CVE- 2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE- 2018-0900, CVE-2018-0901, CVE-2018-0904  Restart Required: Requires restart  Known Issues: 4088827 and 4073011 both only apply to Hyper-V hosts. 4089453 requires the Remote Assistance role.
MS18-03-SPT: Security Updates for SharePoint Server  Maximum Severity: Important  Affected Products: Microsoft Enterprise SharePoint Server 2010-2016  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This update contains many non-security fixes as well. This bulletin is based on 5 KB articles.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 15 Vulnerabilities: CVE-2018-0909, CVE-2018-0910, CVE-2018-0911, CVE- 2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE- 2018-0917, CVE-2018-0919, CVE-2018-0921, CVE-2018-0922, CVE-2018-0923, CVE- 2018-0944, CVE-2018-0947  Restart Required: Requires Restart  Known Issues: None reported  NOTE: In previous bulletins the SharePoint updates were bundled with the Office updates. This has been separated out as many customers have separate desktop and server patch teams.
Chrome-220: Security Update for Chrome  Maximum Severity: Critical  Affected Products: Google Chrome  Description: The stable channel has been updated to 65.0.3325.162 for Windows, Mac and Linux.  Impact: Not reported, but the release on 3/7 resolved 27 CVEs. You want to patch up to the latest if you did not already do the 3/7 update.  Fixes X Vulnerabilities: No CVEs disclosed  Restart Required: Requires restart
FF18-005: Mozilla Foundation Security Advisory 2018-06  Maximum Severity: Critical  Affected Products: Firefox 59  Description: Mozilla Foundation has released security fixes for Firefox 59  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 18 Vulnerabilities: See Advisory 2018-06 for the complete CVE list.  Restart Required: Requires Application Restart
FFE18-5270: Mozilla Foundation Security Advisory 2018-07  Maximum Severity: Critical  Affected Products: Firefox ESR 52.7  Description: Mozilla Foundation has released security fixes for Firefox ESR 52.7  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 7 Vulnerabilities: CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE- 2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5145  Restart Required: Requires Application Restart
Non-Security Updates  Maximum Severity: Recommended  Affected Products: CCleaner, TeamViewer 13.1, and Prezzi Desktop 6.22  Description: Non-Security updates may include critical bug fixes and feature updates. Depending on what version you are updating from a Non-Security update could include security fixes from previous updates you have not yet applied. Ivanti recommends updating 3rd party applications as regularly as possible to ensure additional security threats are not exposed.
Between Patch Tuesday’s New Product Support: None Security Updates: Adobe Creative Cloud (1), Adobe Acrobat (3), Google Chrome (2), FileZilla (2), Notepad++ (1), Opera (3), RealTimes (1), SeaMonkey (1), Slack (1), TortiseGit (1), Apache Tomcat (4), VLC Media Player (1), Wireshark (1) Non-Security Updates: Audacity (1), Citrix Reciever (2), Dropbox (1), Evernote (1), GOM Player (1), GoodSync (4), GoToMeeting (1), IrfanView (1), LogMeIn (3), Malwarebytes (1), Microsoft (49), Oracle VirtualBox (1), PDF-Xchange Pro (1), Plex Media Player (2), Plex Media Server (2), PeaZip (1), Royal TS (1), Skype (2), TortiseHG (2), WinSCP (1), Cisco Webex Meeting Center (2), Webex Productivity Tools (1), XnView (1)
Third Party CVE Information  Apache Tomcat 8.0.50  Bulletin TOMCAT-102, QTOMCAT8050  Fixes 2 Vulnerabilities: CVE-2018-1304,CVE-2018-1305  Wireshark 2.4.5  Bulletin WIRES-075, QWIRES245  Fixes 9 Vulnerabilities: CVE-2018-7320, CVE-2018-7334, CVE-2018-7335, CVE- 2018-7336, CVE-2018-7337, CVE-2018-7417, CVE-2018-7418, CVE-2018-7419, CVE-2018-7420  SeaMonkey 2.49.2  Bulletin SM18-2492, QSM2492  Fixes 11 Vulnerabilities: CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE- 2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117
https://interchange.ivanti.com/dallas #interchange18 Boot Camps 6 Tracks Hands-on Labs Early Bird, Partner & Group Discounts Direct Access to Experts for All Solutions 2018 Pricing: Early Bird: $1295 Jan.1 - April 6 Standard: $1695 April 7 – May 16 Save an extra $100 by using promo code: INT18WEB100
Cybersecurity Game Show  Cybersecurity trivia game show  Live attendees can play along and win prizes  3/21 at 8am PT | 11am ET  https://go.ivanti.com/Webinar- Security-Gameshow.html
Thank You

Recommended

April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018Ivanti
 
January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018Ivanti
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch TuesdayIvanti
 
February 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisFebruary 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisIvanti
 
Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti
 
August Patch Tuesday Analysis
August Patch Tuesday AnalysisAugust Patch Tuesday Analysis
August Patch Tuesday AnalysisIvanti
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisIvanti
 
October 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisOctober 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisIvanti
 

Recommended

April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018Ivanti
 
January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018Ivanti
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch TuesdayIvanti
 
February 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisFebruary 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisIvanti
 
Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti
 
August Patch Tuesday Analysis
August Patch Tuesday AnalysisAugust Patch Tuesday Analysis
August Patch Tuesday AnalysisIvanti
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisIvanti
 
October 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisOctober 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisIvanti
 
October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018Ivanti
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisIvanti
 
Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Ivanti
 
There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806Ivanti
 
Patch Tuesday Analysis - February 2016
Patch Tuesday Analysis - February 2016Patch Tuesday Analysis - February 2016
Patch Tuesday Analysis - February 2016Ivanti
 
Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Ivanti
 
Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Ivanti
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch TuesdayIvanti
 
Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Ivanti
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020Ivanti
 
Getting Started With Share Point 2010
Getting Started With Share Point 2010Getting Started With Share Point 2010
Getting Started With Share Point 2010Elaine Van Bergen
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch TuesdayIvanti
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch TuesdayIvanti
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch TuesdayIvanti
 
2021 August Patch Tuesday
2021 August Patch Tuesday2021 August Patch Tuesday
2021 August Patch TuesdayIvanti
 
August 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchAugust 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchIvanti
 
August 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisAugust 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisIvanti
 
December 2021 patch tuesday
December 2021 patch tuesdayDecember 2021 patch tuesday
December 2021 patch tuesdayIvanti
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesdayIvanti
 
2021 July Patch Tuesday
2021 July Patch Tuesday2021 July Patch Tuesday
2021 July Patch TuesdayIvanti
 
May 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisMay 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisIvanti
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday AnalysisIvanti
 

More Related Content

What's hot

October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018Ivanti
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisIvanti
 
Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Ivanti
 
There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806Ivanti
 
Patch Tuesday Analysis - February 2016
Patch Tuesday Analysis - February 2016Patch Tuesday Analysis - February 2016
Patch Tuesday Analysis - February 2016Ivanti
 
Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Ivanti
 
Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Ivanti
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch TuesdayIvanti
 
Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Ivanti
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020Ivanti
 
Getting Started With Share Point 2010
Getting Started With Share Point 2010Getting Started With Share Point 2010
Getting Started With Share Point 2010Elaine Van Bergen
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch TuesdayIvanti
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch TuesdayIvanti
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch TuesdayIvanti
 
2021 August Patch Tuesday
2021 August Patch Tuesday2021 August Patch Tuesday
2021 August Patch TuesdayIvanti
 
August 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchAugust 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchIvanti
 
August 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisAugust 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisIvanti
 
December 2021 patch tuesday
December 2021 patch tuesdayDecember 2021 patch tuesday
December 2021 patch tuesdayIvanti
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesdayIvanti
 
2021 July Patch Tuesday
2021 July Patch Tuesday2021 July Patch Tuesday
2021 July Patch TuesdayIvanti
 

What's hot (20)

October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
 
Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016
 
There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806
 
Patch Tuesday Analysis - February 2016
Patch Tuesday Analysis - February 2016Patch Tuesday Analysis - February 2016
Patch Tuesday Analysis - February 2016
 
Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015
 
Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch Tuesday
 
Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
 
Getting Started With Share Point 2010
Getting Started With Share Point 2010Getting Started With Share Point 2010
Getting Started With Share Point 2010
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch Tuesday
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch Tuesday
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch Tuesday
 
2021 August Patch Tuesday
2021 August Patch Tuesday2021 August Patch Tuesday
2021 August Patch Tuesday
 
August 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchAugust 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - French
 
August 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisAugust 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday Analysis
 
December 2021 patch tuesday
December 2021 patch tuesdayDecember 2021 patch tuesday
December 2021 patch tuesday
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
 
2021 July Patch Tuesday
2021 July Patch Tuesday2021 July Patch Tuesday
2021 July Patch Tuesday
 

Similar to March 2018 Patch Tuesday Ivanti

May 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisMay 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisIvanti
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday AnalysisIvanti
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018Ivanti
 
July Patch Tuesday 2020
July Patch Tuesday 2020July Patch Tuesday 2020
July Patch Tuesday 2020Dan Lalli
 
Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020Ivanti
 
January Patch Tuesday 2019
January Patch Tuesday 2019January Patch Tuesday 2019
January Patch Tuesday 2019Ivanti
 
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021Ivanti
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch TuesdayIvanti
 
September Patch Tuesday Analysis 2018
September Patch Tuesday Analysis 2018September Patch Tuesday Analysis 2018
September Patch Tuesday Analysis 2018Ivanti
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti
 
Ivanti May 2020 Patch Tuesday
Ivanti May 2020 Patch TuesdayIvanti May 2020 Patch Tuesday
Ivanti May 2020 Patch TuesdayIvanti
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch TuesdayIvanti
 
February Patch Tuesday 2019
February Patch Tuesday 2019February Patch Tuesday 2019
February Patch Tuesday 2019Ivanti
 
June Patch Tuesday 2019
June Patch Tuesday 2019June Patch Tuesday 2019
June Patch Tuesday 2019Ivanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch TuesdayIvanti
 
September Patch Tuesday- 2020
September Patch Tuesday- 2020September Patch Tuesday- 2020
September Patch Tuesday- 2020Ivanti
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch TuesdayIvanti
 
April 2019 Patch Tuesday
April 2019 Patch TuesdayApril 2019 Patch Tuesday
April 2019 Patch TuesdayIvanti
 
2023 avril Patch Tuesday
2023 avril Patch Tuesday2023 avril Patch Tuesday
2023 avril Patch TuesdayIvanti
 

Similar to March 2018 Patch Tuesday Ivanti (20)

May 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisMay 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday Analysis
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday Analysis
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018
 
July Patch Tuesday 2020
July Patch Tuesday 2020July Patch Tuesday 2020
July Patch Tuesday 2020
 
Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020
 
January Patch Tuesday 2019
January Patch Tuesday 2019January Patch Tuesday 2019
January Patch Tuesday 2019
 
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch Tuesday
 
September Patch Tuesday Analysis 2018
September Patch Tuesday Analysis 2018September Patch Tuesday Analysis 2018
September Patch Tuesday Analysis 2018
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
 
Ivanti May 2020 Patch Tuesday
Ivanti May 2020 Patch TuesdayIvanti May 2020 Patch Tuesday
Ivanti May 2020 Patch Tuesday
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch Tuesday
 
February Patch Tuesday 2019
February Patch Tuesday 2019February Patch Tuesday 2019
February Patch Tuesday 2019
 
June Patch Tuesday 2019
June Patch Tuesday 2019June Patch Tuesday 2019
June Patch Tuesday 2019
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
 
September Patch Tuesday- 2020
September Patch Tuesday- 2020September Patch Tuesday- 2020
September Patch Tuesday- 2020
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch Tuesday
 
April 2019 Patch Tuesday
April 2019 Patch TuesdayApril 2019 Patch Tuesday
April 2019 Patch Tuesday
 
2023 avril Patch Tuesday
2023 avril Patch Tuesday2023 avril Patch Tuesday
2023 avril Patch Tuesday
 

More from Ivanti

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de AbrilIvanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - AvrilIvanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia AprileIvanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - MarsIvanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de MarzoIvanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia MarzoIvanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de FebreroIvanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - FévrierIvanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioIvanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch TuesdayIvanti
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch TuesdayIvanti
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch TuesdayIvanti
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch TuesdayIvanti
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de EneroIvanti
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – JanvierIvanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch TuesdayIvanti
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de DiciembreIvanti
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – DécembreIvanti
 

More from Ivanti (20)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – Décembre
 

Recently uploaded

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsMehedi Hasan Shohan
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 

Recently uploaded (20)

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 

March 2018 Patch Tuesday Ivanti

  • 1. Patch Tuesday Webinar Wednesday, March 14, 2018 Hosted by: Chris Goettl & Todd Schell Dial in: 1-877-668-4490 (US) Event ID: 800 479 916
  • 2. Agenda March 2018 Patch Tuesday Overview In the News Bulletins Q & A 1 2 3 4
  • 4.
  • 5.  In the News
  • 6. In the News -  Update on Meltdown and Spectre:  https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its- own/  Updated - https://portal.msrc.microsoft.com/en-US/security- guidance/advisory/ADV180002  Ivanti Product Related Articles:  https://community.shavlik.com/docs/DOC-24510 (Shavlik)  https://community.ivanti.com/docs/DOC-66046 (LANDESK)  https://community.ivanti.com/docs/DOC-63022 (HEAT)
  • 7. Known Issues Things to be aware of  Windows 10 Branch Support: End of Service for 2018  Branch 1607 scheduled for April 10 (extended from March 2018)  Branch 1703 scheduled for October 9 (extended from September 2018)  Windows 10 Version 1511, 1607, 1703, and 1709 will continue to receive security-only updates for 6 months past EOS dates  Version 1511 final update on April 10  Supported Editions  Windows 10 Education  Windows 10 Enterprise  Unsupported Editions  Windows 10 Home  Windows 10 Pro  Everyone strongly urged to update to latest version of Windows 10  Windows lifecycle fact sheet
  • 8. Known Issues Things to be aware of  https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve- 2018-0886-march-13-2018  Microsoft lifted the regkey check in Windows 10 to protect additional devices  Microsoft still limits patch installation based on AV regkey in Windows 7, 8.1, Server 2008, and Server 2012  Because of an issue that affects some versions of antivirus software, this fix applies only to computers on which the antivirus ISV updated the ALLOW REGKEY.  Contact your antivirus manufacturer to verify that their software is compatible and that they have set the following REGKEY on the computer: Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWAREMicrosoftWindowsCurrentVersionQualityCompat" Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD” Data="0x00000000”  Multiple KBs referenced in today’s webinar slides
  • 9. Public Disclosures  CVE-2018-0808 - ASP.NET Core Denial of Service Vulnerability  A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.  A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core application.  CVE-2018-0940 - Microsoft Exchange Elevation of Privilege Vulnerability  An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly sanitize links presented to users. An attacker who successfully exploited this vulnerability could override the OWA interface with a fake login page and attempt to trick the user into disclosing sensitive information.  To exploit the vulnerability, an attacker could send a specially crafted email message containing a malicious link to a user. The user would have to click the malicious link in order to be susceptible to the vulnerability.
  • 11. MS18-03-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1511, 1607, 1703, 1709, Server 2016, IE 11 and Microsoft Edge  Description: This bulletin references 5 KB articles. See KBs for list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 49 Vulnerabilities: There are no publicly disclosed or known exploited vulnerabilities this month. See Details column of Security Update Guide for complete list.  Restart Required: Requires restart  Known Issues: See next slide  NOTE: Education and Enterprise versions of Windows 10 will be supported 6 months beyond EOS date. Windows 10 version 1511 support ends April 10, 2018.
  • 12. March’s Known Issues for Windows 10  KB 4088776 - Windows 10 version 1709  Windows Update History reports that KB 4054517 failed to install because of error 0x80070643. Even though the update was successfully installed, Windows Update incorrectly reports that the update failed to install. Select Check for Updates to confirm that there are no additional updates available. Recommended action is to ignore message for now as it is installing properly.  Users with Windows 10 Version 1709 Enterprise that have installed the January 2018 Delta package may encounter failure issues when installing the February and March 2018 updates from the Microsoft Update Catalog. Specifically, the Windows 10, version 1709 February Delta Update may silently fail. Recommended action is to uninstall the Windows 10 version 1709 January KB 4056892 Delta Update package and install the March 2018 full latest cumulative update, KB 4088776. Customers may resume using Delta Update packages with the April 2018 Windows 10 version 1709 monthly cumulative update.
  • 13. MS18-03-IE: Security Updates for Internet Explorer  Maximum Severity: Critical  Affected Products: Microsoft Internet Explorer 9, 10 and 11  Description: These security updates resolve several reported vulnerabilities in Internet Explorer. The fixes that are included in Security Update for Internet Explorer KB 4089187 are also included in the March 2018 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in the cumulative update. This bulletin references 9 KB articles.  Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure  Fixes 7 vulnerabilities: CVE-2018-0889, CVE-2018-0891, CVE-2018-0927, CVE- 2018-0929, CVE-2018-0932, CVE-2018-0935, CVE-2018-0942  Restart Required: Requires browser restart  Known Issues: These fixes can be installed only on systems that have the AV ALLOW REGKEY properly set, except IE 11 updates on Windows 10
  • 14. MS18-03-AFP: Security Update for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player that is installed on any supported edition of Windows Server Version 1709, Windows Server 2016, Windows 10 Version 1709 (Fall Creators Update), Windows 10 Version 1703 (Creators Update), Windows 10 Version 1607, Windows 10 Version 1511, Windows 10 RTM, Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. This bulletin is based on KB 4088785.  Impact: Remote Code Execution  Fixes 2 Vulnerabilities: CVE-2018-4919, CVE-2018-4920  Restart Required: Requires application restart
  • 15. APSB18-05: Security Update for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to remote code execution in Adobe Flash Player 28.0.0.161 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution  Fixes 2 Vulnerabilities: CVE-2018-4919, CVE-2018-4920  Restart Required: Requires application restart
  • 16. MS18-03-EX: Security Updates for Exchange Server  Maximum Severity: Important (Elevated to Critical by Ivanti)  Affected Products: Microsoft Exchange Server 2010-2016  Description: This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). This bulletin is based on KB 4073392 and KB 4073537.  Impact: Elevation of Privilege and Information Disclosure  Fixes 3 Vulnerabilities: CVE-2018-0924, CVE-2018-0940, CVE-2018-0941  Restart Required: Requires Restart  Known Issues: See next slide
  • 17. March’s Known Issues for Exchange Server  KB 4073392 - Exchange Server 2013 Service Pack 1, Exchange Server 2016 Enterprise Edition, Exchange Server 2013 Enterprise  Exchange services may remain in a disabled state after you install this security update. Use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually.  When you try to manually install this security update in "normal mode" (not running the update as an administrator) and by double-clicking the update file (.msp), some files are not correctly updated. When this issue occurs, you do not receive an error message or any indication that the security update is not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using UAC (user account control). The issue occurs because the security update does not correctly stop certain Exchange-related services. To avoid this issue, run the security update in elevated mode as an administrator. To do this, right click the update file, and then click Run as Administrator.  KB 4073537 – Exchange Server 2010 Service Pack 3  Same disabled state as mentioned above.  In addition, the fix for KB4054456 caused an issue in which EWS impersonation may no longer work when you try to access resource mailboxes in a different site. This issue will be fixed in a future update in Exchange Server 2010 Service Pack 3.
  • 18. MS18-03-MR7: Monthly Rollup for Win 7 and Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4075211 (released February 21, 2018). This bulletin includes updates for IE. This bulletin is based on KB 4088875.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 22 (shown) + 7 (IE) Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE- 2018-0814, CVE-2018-0815, CVE-2018-0816, CVE-2018-0817, CVE-2018-0868, CVE- 2018-0878, CVE-2018-0881, CVE-2018-0883, CVE-2018-0885, CVE-2018-0886, CVE- 2018-0888, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE- 2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904  Restart Required: Requires restart  Known Issues: See upcoming slide
  • 19. MS18-03-SO7: Security-only Update for Win 7 and Server 2008 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Security updates to the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V. This bulletin is based on KB 4088878.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 22 Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE- 2018-0815, CVE-2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE- 2018-0881, CVE-2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE- 2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE- 2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904  Restart Required: Requires restart  Known Issues: See next slide
  • 20. March’s Known Issues for Windows 7 and Server 2008 R2  KB 4088875 - Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1  After installing this update, SMB servers may leak memory. Microsoft is investigating.  A Stop error occurs if this update is applied to a 32-Bit (x86) machine with the Physical Address Extension (PAE) mode disabled. Enable PAE as workaround. Microsoft is investigating.  A Stop error occurs on machines that don't support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2). Microsoft is investigating.  This fix applies only to computers on which the antivirus ISV updated the ALLOW REGKEY. See In the News earlier for details on setting the ALLOW REGKEY.  KB 4088878 – Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1  Same four issues for the Security Only update as listed above for Monthly Rollup
  • 21. MS18-03-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB 4075213 (released February 21, 2018). This bulletin includes updates for IE. This bulletin is based on KB 4088877.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 21 (shown) + 7 (IE) Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE- 2018-0814, CVE-2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE- 2018-0881, CVE-2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE- 2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE- 2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904  Restart Required: Requires restart  Known Issues: These fixes can be installed only on systems that have the AV ALLOW REGKEY properly set.
  • 22. MS18-03-SO8: Security-only Update for Server 2012  Maximum Severity: Important  Affected Products: Microsoft Server 2012  Description: Security updates to the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V. This bulletin is based on KB 4088880.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 21 Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE- 2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE-2018-0881, CVE- 2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE-2018-0894, CVE- 2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE- 2018-0900, CVE-2018-0901, CVE-2018-0904  Restart Required: Requires restart  Known Issues: These fixes can be installed only on systems that have the AV ALLOW REGKEY properly set.
  • 23. MS18-03-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4075212 (released February 21, 2018). This bulletin includes updates for IE. This bulletin is based on KB 4088876.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 21 (shown) + 7 (IE) Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE- 2018-0814, CVE-2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE- 2018-0881, CVE-2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE- 2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE- 2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904  Restart Required: Requires restart  Known Issues: These fixes can be installed only on systems that have the AV ALLOW REGKEY properly set.
  • 24. MS18-03-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Security updates to the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V. This bulletin is based on KB 4088879.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 21 Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE- 2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE-2018-0881, CVE- 2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE-2018-0894, CVE- 2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE- 2018-0900, CVE-2018-0901, CVE-2018-0904  Restart Required: Requires restart  Known Issues: These fixes can be installed only on systems that have the AV ALLOW REGKEY properly set.
  • 25. MS18-03-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Office 2007-2016 and 2016 for mac, Access 2010-2016, Excel 2007-2016, Web Apps and Project Server, Word 2007-2016  Description: This security update resolves vulnerabilities in most Microsoft Office applications. This bulletin references 18 KB articles plus Release Notes for mac.  Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and Information Disclosure  Fixes 13 Vulnerabilities: CVE-2018-0903, CVE-2018-0907, CVE-2018-0909, CVE- 2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE- 2018-0915, CVE-2018-0916, CVE-2018-0919, CVE-2018-0922, CVE-2018-0944  Restart Required: Requires application restart  Known Issues: None reported. You must have the latest service packs installed in order to install many of these security patches. Example, Office 2010 SP2, Excel 2013 SP1, etc.
  • 26. MS18-03-O365: Security Updates for Microsoft Office 365  Maximum Severity: Important  Affected Products: Access, Excel, and Word in Semi-Annual Channels 1705 and 1708  Description: This security update resolves vulnerabilities in most Microsoft Office 365 applications. Information on Office 365 updates is available at https://technet.microsoft.com/en-us/office/mt465751  Impact: Remote Code Execution, Security Feature Bypass, Information Disclosure  Fixes 3 Vulnerabilities: CVE-2018-0903, CVE-2018-0907, CVE-2018-0919  Restart Required: Requires application restart  Known Issues: None reported.  NOTE: Former Deferred channel is now called the Semi-Annual channel.
  • 27. MS18-03-2K8: Windows Server 2008  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2008  Description: Security updates to the Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Installer, and Windows Hyper-V. This bulletin references 8 KB articles.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information Disclosure  Fixes 21 Vulnerabilities: CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE- 2018-0815, CVE-2018-0816, CVE-2018-0817, CVE-2018-0868, CVE-2018-0878, CVE- 2018-0883, CVE-2018-0885, CVE-2018-0886, CVE-2018-0888, CVE-2018-0894, CVE- 2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE- 2018-0900, CVE-2018-0901, CVE-2018-0904  Restart Required: Requires restart  Known Issues: 4088827 and 4073011 both only apply to Hyper-V hosts. 4089453 requires the Remote Assistance role.
  • 28. MS18-03-SPT: Security Updates for SharePoint Server  Maximum Severity: Important  Affected Products: Microsoft Enterprise SharePoint Server 2010-2016  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This update contains many non-security fixes as well. This bulletin is based on 5 KB articles.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 15 Vulnerabilities: CVE-2018-0909, CVE-2018-0910, CVE-2018-0911, CVE- 2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE- 2018-0917, CVE-2018-0919, CVE-2018-0921, CVE-2018-0922, CVE-2018-0923, CVE- 2018-0944, CVE-2018-0947  Restart Required: Requires Restart  Known Issues: None reported  NOTE: In previous bulletins the SharePoint updates were bundled with the Office updates. This has been separated out as many customers have separate desktop and server patch teams.
  • 29. Chrome-220: Security Update for Chrome  Maximum Severity: Critical  Affected Products: Google Chrome  Description: The stable channel has been updated to 65.0.3325.162 for Windows, Mac and Linux.  Impact: Not reported, but the release on 3/7 resolved 27 CVEs. You want to patch up to the latest if you did not already do the 3/7 update.  Fixes X Vulnerabilities: No CVEs disclosed  Restart Required: Requires restart
  • 30. FF18-005: Mozilla Foundation Security Advisory 2018-06  Maximum Severity: Critical  Affected Products: Firefox 59  Description: Mozilla Foundation has released security fixes for Firefox 59  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 18 Vulnerabilities: See Advisory 2018-06 for the complete CVE list.  Restart Required: Requires Application Restart
  • 31. FFE18-5270: Mozilla Foundation Security Advisory 2018-07  Maximum Severity: Critical  Affected Products: Firefox ESR 52.7  Description: Mozilla Foundation has released security fixes for Firefox ESR 52.7  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 7 Vulnerabilities: CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE- 2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5145  Restart Required: Requires Application Restart
  • 32. Non-Security Updates  Maximum Severity: Recommended  Affected Products: CCleaner, TeamViewer 13.1, and Prezzi Desktop 6.22  Description: Non-Security updates may include critical bug fixes and feature updates. Depending on what version you are updating from a Non-Security update could include security fixes from previous updates you have not yet applied. Ivanti recommends updating 3rd party applications as regularly as possible to ensure additional security threats are not exposed.
  • 33. Between Patch Tuesday’s New Product Support: None Security Updates: Adobe Creative Cloud (1), Adobe Acrobat (3), Google Chrome (2), FileZilla (2), Notepad++ (1), Opera (3), RealTimes (1), SeaMonkey (1), Slack (1), TortiseGit (1), Apache Tomcat (4), VLC Media Player (1), Wireshark (1) Non-Security Updates: Audacity (1), Citrix Reciever (2), Dropbox (1), Evernote (1), GOM Player (1), GoodSync (4), GoToMeeting (1), IrfanView (1), LogMeIn (3), Malwarebytes (1), Microsoft (49), Oracle VirtualBox (1), PDF-Xchange Pro (1), Plex Media Player (2), Plex Media Server (2), PeaZip (1), Royal TS (1), Skype (2), TortiseHG (2), WinSCP (1), Cisco Webex Meeting Center (2), Webex Productivity Tools (1), XnView (1)
  • 34. Third Party CVE Information  Apache Tomcat 8.0.50  Bulletin TOMCAT-102, QTOMCAT8050  Fixes 2 Vulnerabilities: CVE-2018-1304,CVE-2018-1305  Wireshark 2.4.5  Bulletin WIRES-075, QWIRES245  Fixes 9 Vulnerabilities: CVE-2018-7320, CVE-2018-7334, CVE-2018-7335, CVE- 2018-7336, CVE-2018-7337, CVE-2018-7417, CVE-2018-7418, CVE-2018-7419, CVE-2018-7420  SeaMonkey 2.49.2  Bulletin SM18-2492, QSM2492  Fixes 11 Vulnerabilities: CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE- 2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117
  • 35. https://interchange.ivanti.com/dallas #interchange18 Boot Camps 6 Tracks Hands-on Labs Early Bird, Partner & Group Discounts Direct Access to Experts for All Solutions 2018 Pricing: Early Bird: $1295 Jan.1 - April 6 Standard: $1695 April 7 – May 16 Save an extra $100 by using promo code: INT18WEB100
  • 36. Cybersecurity Game Show  Cybersecurity trivia game show  Live attendees can play along and win prizes  3/21 at 8am PT | 11am ET  https://go.ivanti.com/Webinar- Security-Gameshow.html
  • 37.

Editor's Notes

  1. Keep in mind that since May 9, 2017, customers running Windows 10 version 1507 are no longer receiving security and quality updates, with the exception of the Windows 10 Enterprise 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft has extended support for Enterprise and Education version of Windows 10 version 1511 until April 2018.