May Patch Tuesday Analysis 2019

Patch Tuesday Webinar
Wednesday, May 15, 2019
Hosted by: Chris Goettl & Todd Schell
Dial in: 1-877-668-4490 (US)
Event ID: 806 097 670

Copyright©2019Ivanti.Allrightsreserved
Agenda
May 2019 Patch Tuesday Overview
In the News
Bulletins
Q & A
1
2
3
4

 Overview

 In the News

New Wormable RDS Vulnerability
 Wormable Vulnerability in “Remote Desktop Services” has WannaCry
potential
 https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-
updating-remote-desktop-services-cve-2019-0708/
 https://krebsonsecurity.com/2019/05/microsoft-patches-wormable-flaw-in-
windows-xp-7-and-windows-2003/

Support for Windows XP and Server 2003 updates
 Ivanti Product Coverage:
 EPM – Content for XP and 2003 update is live
 EPM client support ended for XP and 2003 a while back, but this
is still supportable using a older client version.
 Security Controls (Patch for Windows) supported as usual
 Patch for SCCM – Likely this will not sync automatically, but the
content for these updates is in the Windows Update Catalog. To
manually sync this content you will need to look into this article:
 https://docs.microsoft.com/en-us/sccm/sum/get-
started/synchronize-software-updates#import-updates-from-the-
microsoft-update-catalog
 EMSS – XP and 2003 are not currently supported. Please contact support if
this is a concern for your organization so we can provide additional support
options.

In the News
 LightNeuron – A sophisticated backdoor allows threat actors full control to monitor,
intercept and send emails from your Exchange server.
 https://www.zdnet.com/article/russian-cyberspies-are-using-one-hell-of-a-
clever-microsoft-exchange-backdoor/
 https://www.theregister.co.uk/2019/05/08/exchange_malware_lightneuron/
 Fxmsp chat logs reveal the hacked AV vendors
 https://www.bleepingcomputer.com/news/security/fxmsp-chat-logs-reveal-the-
hacked-antivirus-vendors-avs-respond/
 Microsoft SharePoint bug exploited in the wild
 https://www.darkreading.com/endpoint/microsoft-sharepoint-bug-exploited-in-
the-wild/d/d-id/1334683
 IE11 for Server 2012
 https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Bringing-
Internet-Explorer-11-to-Windows-Server-2012-and-Windows/ba-p/325297

More Vulnerabilities Disclosed on Intel Processors
 Fallout, ZombieLoad, and Rogue In-Flight Data Load (RIDL)
 Targeting four specific vulnerabilities - CVE-2018-12126, CVE-2018-12127, CVE-
2018-12130, CVE-2019-11091
 Microarchitectural Data Sampling (MDS) vulnerabilities
 More dangerous data sampling attacks – leak data from CPU buffers
 https://www.bleepingcomputer.com/news/security/new-ridl-and-fallout-attacks-
impact-all-modern-intel-cpus/
 Remediation is similar to Spectre and Meltdown
 Software updates and microcode changes
 https://support.microsoft.com/en-us/help/4093836/summary-of-intel-
microcode-updates
 https://portal.msrc.microsoft.com/en-US/security-
guidance/advisory/ADV190013
 AMD processors are not vulnerable

Windows 10 Lifecycle Awareness
 Windows 10 Branch Support
 Complete Lifecycle Fact Sheet
 https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
Source: Microsoft

Zero-day Exploited Vulnerabilities
 CVE-2019-0863 Windows Error Reporting Elevation of Privilege Vulnerability
 An elevation of privilege vulnerability exists in the way Windows Error Reporting
(WER) handles files. An attacker who successfully exploited this vulnerability
could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with administrator
privileges.
 To exploit the vulnerability, an attacker must first gain unprivileged execution on a
victim system.
 The security update addresses the vulnerability by correcting the way WER
handles files.

Microsoft Finally Switching to SHA2 Certificates
 https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-
support-requirement-for-windows-and-wsus
 Phased migration process from March to September 2019
 Dual signed SHA1/SHA2 migrating to SHA2 signed only
 Legacy OS and WSUS require updates
 Advisory 190009 SHA-2 Code Sign Support Advisory
 Server 2008 SP2 migration update released yesterday
 https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-
update
 All current Ivanti products support this change

Java 8 211 and 212
 Java 8 is no longer publicly supported. If you have a continued support contract
Ivanti Patch solutions include content, but provide this as “Drop In” support
meaning you need to provide the patch.
 https://forums.ivanti.com/s/article/Oracle-SE-Java-8-support-changes-and-
how-it-effects-deployments-through-Ivanti-Patch-Management-solutions
 Oracle’s download page for Java 8:
 https://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-
2133155.html

Microsoft Patch Tuesday Updates of Interest
 Advisory 990001 Latest Servicing Stack Updates
 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001
 May Releases
 KB 4498353 – Windows 10
 KB 4498947 – Windows 10 1607/Server 2016 (pre-req for new updates)
 KB 4500640 – Windows 10 1703
 KB 4500641 – Windows 10 1709/Server version 1709
 KB 4499728 – Windows 10 1809/Server 2019 (pre-req for new updates)

Microsoft Patch Tuesday Updates of Interest (cont)
 Development Tool Updates
 Azure DevOps Server 2019
 Azure Active Directory Connect
 Team Foundation Server 2017 and 2018
 Updated Development Components/Packages
 ChakraCore
 ASP.NET Core 2.1 and 2.2
 Nuget 5.0.2
 .NET Core 1.1 – 3.0
 Visual Studio 2015 – 2019

Patch for Windows is now Ivanti Security Controls!
Ivanti Security Controls 2019.1.1 is available!
• https://forums.ivanti.com/s/product-downloads
• https://go.ivanti.com/Web-Download-Security-Controls.html
What’s New:
• Support for RedHat Linux
• CVE Import
• Application Control (new module)

Weekly Patch BLOG
 Latest Patch Releases
 Microsoft and Third-party
 Security and non-Security
 CVE Analysis
 Security Events of Interest
 Host: Brian Secrist
 https://www.ivanti.com/blog/
topics/patch-tuesday

Patch Content Announcement System
Announcements Now Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

 Bulletins

APSB19-18: Security Update for Adobe Acrobat and Reader
 Maximum Severity: Critical
 Affected Products: Adobe Acrobat and Reader (all current versions)
 Description: Adobe has released security updates for Adobe Acrobat and Reader for
Windows and MacOS. These updates address critical and important vulnerabilities.
Successful exploitation could lead to arbitrary code execution in the context of the
current user.
 Impact: Remote Code Execution and Information Disclosure
 Fixes 84 Vulnerabilities: https://helpx.adobe.com/security/products/acrobat/apsb19-
18.html
 Restart Required: Requires application restart

APSB19-26: Security Update for Adobe Flash Player
 Affected Products: Adobe Flash Player for Desktop Runtime, Google Chrome,
Internet Explorer 11 and Edge
 Description: Adobe has released security updates for Adobe Flash Player for
Windows, macOS, Linux and Chrome OS. These updates address a critical and
an important vulnerability in Adobe Flash Player. Successful exploitation could lead
to arbitrary code execution in the context of the current user.
 Impact: Remote Code Execution
 Fixes 1 Vulnerability: CVE-2019-7837

MS19-05-AFP: Security Update for Adobe Flash Player
 Affected Products: Adobe Flash Player
 Description: This security update resolves vulnerabilities in Adobe Flash Player that is
installed on Windows Server 2019, all versions, Windows 10, version 1903, Windows
10, version 1809, Windows Server version 1803, Windows 10, version 1803, Windows
Server 2016 Version 1709, Windows 10, version 1709, Windows 10, version 1703,
Windows Server 2016, Windows 10, version 1607, Windows 10, Windows Server 2012
R2, Windows RT 8.1, Windows 8.1, and Windows Server 2012. This bulletin is based
on KB 4497932 and ADV190012.

MS19-05-W10: Windows 10 Update
 Affected Products: Microsoft Windows 10 Versions 1607, 1703, 1709, 1803,
1809,1903, Server 2016, Server 2019, Server 1709, Server 1803, IE 11 and Microsoft
Edge
 Description: This bulletin references 10 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of
Privilege, and Information Disclosure
 Fixes 53 Vulnerabilities: CVE-2019-0863 is known exploited and publicly disclosed.
See Details column of Security Update Guide for the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next slides

May Known Issues for Windows 10
 KB 4494440 – Windows 10, Version 1607 and Server 2016
 For hosts managed by System Center Virtual Machine Manager (SCVMM), SCVMM cannot
enumerate and manage logical switches deployed on the host after installing the update.
Additionally, if you do not follow the best practices, a stop error may occur in vfpext.sys on the
hosts. Workaround: 1.Run mofcomp on the following mof files on the affected host:
Scvmmswitchportsettings.mof and VMMDHCPSvr.mof. Follow the best practices.
 After installing KB 4467684, the cluster service may fail to start with the error “2245
(NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with
greater than 14 characters. Workaround: Set the domain default "Minimum Password Length"
policy to less than or equal to 14 characters. Microsoft is working on a resolution.
 [File Rename] Certain operations, such as rename, that you perform on files or folders that are
on a Cluster Shared Volume (CSV) may fail with the error,
“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the
operation on a CSV owner node from a process that doesn’t have administrator privilege.
Workaround: Perform the operation from a process that has administrator privilege or perform
the operation from a node that doesn’t have CSV ownership. Microsoft is working on a
resolution.

May Known Issues for Windows 10 (cont)
 KB 4494440 – Windows 10, Version 1607 and Server 2016 (cont)
 [PXE Start] After installing this update, there may be issues using the Preboot Execution
Environment (PXE) to start a device from a Windows Deployment Services (WDS) server
configured to use Variable Window Extension. This may cause the connection to the WDS
server to terminate prematurely while downloading the image. This issue does not affect clients
or devices that are not using Variable Window Extension. Workaround: To mitigate the issue,
disable the Variable Window Extension on WDS server. Three options provided with the KB
article.
 KB 4499181 – Windows 10, Version 1703
 [File Rename] Issue

 [PXE Start] Issue
 KB 4494441 – Windows 10, Version 1809, Server 2019 All Versions
 When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP)
applications, you may receive the error, "Your printer has experienced an unexpected
configuration problem. 0x80070007e.“ Workaround: Use another browser, such as Internet
Explorer to print your documents. Microsoft is working on a resolution.
 After installing KB4493509, devices with some Asian language packs installed may receive the
error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround:
Uninstall and reinstall any recently added language packs or select Check for Updates and
install the April 2019 Cumulative Update. See KB for more recovery details.

 After installing this update, users may experience error “0x800705b4” when launching Windows
Defender Application Guard or Windows Sandbox. Workaround: Use the credentials of a local
admin to create and set the registry keys on the Host OS; then restart the Host. See KB for
registry key details. Microsoft is working on a resolution.

MS19-05-IE: Security Updates for Internet Explorer
 Affected Products: Microsoft Internet Explorer 9,10,11
 Description: The fixes that are included in the cumulative Security Update for Internet
Explorer are also included in the May 2019 Security Monthly Quality Rollup. Installing
either the Security Update for Internet Explorer or the Security Monthly Quality Rollup
installs the fixes that are in the cumulative update. This bulletin references 12 KB
articles.
 Impact: Remote Code Execution, Security Feature Bypass, Spoofing, and Information
Disclosure
 Fixes 8 Vulnerabilities: CVE-2019-0884, CVE-2019-0911, CVE-2019-0918, CVE-
2019-0921, CVE-2019-0929, CVE-2019-0930, CVE-2019-0940, CVE-2019-0995
 Restart Required: Requires browser restart
 Known Issues: See next slide

May Known Issues for Internet Explorer
 KB 4498206 – Cumulative Update for Internet Explorer 11 on Windows Server
2012 R2, Internet Explorer 11 on Windows Server 2012, Internet Explorer 11
on Windows Server 2008 R2 SP1, Internet Explorer 11 on Windows 8.1
Update, Internet Explorer 11 on Windows 7 SP1, Internet Explorer 10 on
Windows Server 2012, Internet Explorer 9 on Windows Server 2008 SP2,
 After this security update is installed for Internet Explorer 11 on supported operating systems,
Custom URI Schemes for Application Protocol handlers may not start the corresponding
application for local intranet and trusted sites on Internet Explorer. Workaround: Right-click the
URL link to open it in a new window or tab, or, enable Protected Mode in Internet Explorer for
local intranet and trusted sites. See KB for more details.
 This cumulative security update 4498206 for Internet Explorer 10 might be offered for installation
through Windows Server Update Services (WSUS) or other update management solutions, even
after you install KB 4492872 (Internet Explorer 11 for Windows Server 2012 and Windows
Embedded 8 Standard) and upgrade to Internet Explorer 11. Workaround: No functional issues
with Internet Explorer 11, but install KB 4498206 to apply the security fixes that are resolved this
month for Internet Explorer 11.

MS19-05-MR2K8: Monthly Rollup for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008 and IE 9
 Description: This security update includes improvements and fixes that were a part of
update KB 4493460 (released April 25, 2019). Security updates to Windows App
Platform and Frameworks, Microsoft Graphics Component, Windows Storage and
Filesystems, Windows Cryptography, Windows Kernel, Windows Server, and the
Microsoft JET Database Engine. This bulletin is based on KB 4499149.
 Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
2019-0881, CVE-2019-0882, CVE-2019-0885, CVE-2019-0889, CVE-2019-0890, CVE-
2019-0784, CVE-2019-0808, CVE-2019-0821.

May Known Issues for Server 2008
 KB 4499149 –Windows Server 2008 Service Pack 2 (Monthly Rollup)
 KB 4499180 –Windows Server 2008 Service Pack 2 (Security-only Update)
 Restart stuck on "Stage 2 of 2" or "Stage 3 of 3"
 After you install a servicing stack update together with other updates, a restart may be required
to complete the installation. During this restart, you may find yourself stuck at a particular stage
and see a "Stage 2 of 2" or "Stage 3 of 3" message.
 If you experience this issue, press Ctrl+Alt+Delete to continue to log on. This should occur only
one time and does not prevent updates from installing successfully.
 Note In managed environments, such as by using Windows Server Update Services (WSUS),
you can avoid this issue by deploying this update as a standalone update.

MS19-05-SO2K8: Security-only Update for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: Security updates to Windows App Platform and Frameworks, Microsoft
Graphics Component, Windows Storage and Filesystems, Windows Cryptography,
Windows Kernel, Windows Server, and the Microsoft JET Database Engine. This
bulletin is based on KB 4499180.
2019-0784, CVE-2019-0808, CVE-2019-0821.
 Known Issues: See previous slide

MS19-05-MR7: Monthly Rollup for Win 7 and Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
update KB 4493453 (released April 25, 2019). This bulletin is based on KB 4499164.
 Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component,
Windows Storage and Filesystems, Windows Cryptography, Windows Wireless Networking,
Windows Kernel, Windows Server, and the Microsoft JET Database.
 Provides protections against a new subclass of speculative execution side-channel
vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of
Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130).
 Fixes 24 + 8 (IE) Vulnerabilities: CVE-2019-0863 is known exploited and publicly
disclosed. See Details column of Security Update Guide for the complete list of CVEs.

May Known Issues for Windows 7 and Server 2008 R2
 KB 4499164 – Windows 7 SP1 and Server 2008 R2 SP1 (Monthly Rollup)
 [McAfee] Microsoft and McAfee have identified an issue on devices with McAfee Endpoint
Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or
McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup
or become unresponsive at restart after installing this update.
 Workarounds:
 McAfee Security(ENS) Threat Prevention 10.x
 McAfee Host Intrusion Prevention (Host IPS) 8.0
 McAfee VirusScan Enterprise (VSE) 8.8
 Microsoft is working on a resolution.

MS19-05-SO7: Security-only Update for Win 7 and Server 2008 R2
 Affected Products: Microsoft Windows 7 SP1, Server 2008 R2 SP1
 Description: This bulletin is based on KB 4499175.
 Known Issues: None reported

MS19-05-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Server 2012 and IE

May Known Issues for Server 2012
 KB 4499171 – Windows Server 2012, Windows Embedded 8 Standard
(Monthly Rollup)
 KB 4499154 – Windows Server 2012, Windows Embedded 8 Standard
(Security-only Update)

MS19-05-SO8: Security-only Update for Server 2012
 Affected Products: Microsoft Server 2012

MS19-05-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE

May Known Issues for Windows 8.1 and Server 2012 R2
 KB 4499151 – Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
 KB 4499165 – Windows 8.1, Windows Server 2012 R2 (Security-only Update)
 [McAfee] Issue

MS19-05-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2

MS19-05-OFF: Security Updates for Microsoft Office
 Affected Products: Office 2010-2016, Office 2016 and 2019 for Mac, Word 2016
 Description: This security update resolves vulnerabilities in several Microsoft Office
applications. This bulletin references 5 KB articles plus release notes for MacOS.
2019-0953

MS19-04-O365: Security Updates for Office 365 ProPlus
 Affected Products: Office 365 ProPlus, Office 2019
 Description: This month’s update resolved various bugs and performance issues in
Microsoft Office 365 applications. Information on Office 365 ProPlus updates is
available at https://docs.microsoft.com/en-us/officeupdates/release-notes-office365-
proplus
 Fixes 3 Vulnerabilities: CVE-2019-0945, CVE-2019-0946, CVE-2019-0953

MS19-05-SPT: Security Updates for SharePoint Server
 Maximum Severity: Important
 Affected Products: Microsoft Enterprise SharePoint Server 2010-2019
 Description: This security update resolves vulnerabilities in Microsoft Office that could
allow remote code execution if a user opens a specially crafted Office file. This bulletin
is based on 4 KB articles.
 Impact: Remote Code Execution, Spoofing, Elevation of Privilege, and Information
Disclosure
 Fixes 8 Vulnerabilities: CVE-2019-0949, CVE-2019-0950 , CVE-2019-0951 , CVE-
2019-0952 , CVE-2019-0956 , CVE-2019-0957 , CVE-2019-0958 , CVE-2019-0963
 Restart Required: Requires Restart

MS19-05-MRNET: Monthly Rollup for Microsoft .Net
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8
 Description: This security update resolves denial of service vulnerabilities when .NET
Framework improperly handles objects in heap memory, or when .NET Framework and
.NET Core improperly process RegEx strings. This bulletin references 19 KB articles.
 Impact: Denial of Service
 Fixes 4 Vulnerabilities: CVE-2019-0820, CVE-2019-0864, CVE-2019-0980, and
CVE-2019-0981
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

MS19-05-SONET: Security-only Update for Microsoft .Net
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8
 Description: This security update resolves denial of service vulnerabilities when .NET
Framework improperly handles objects in heap memory, or when .NET Framework and
.NET Core improperly process RegEx strings. This bulletin references 19 KB articles.
 Impact: Denial of Service
 Fixes 4 Vulnerabilities: CVE-2019-0820, CVE-2019-0864, CVE-2019-0980, and
CVE-2019-0981
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

MS19-05-SQL: Security Updates for SQL Server
 Affected Products: Microsoft SQL Server 2017
 Description: This security update fixes a potential leak of restricted data that is not
protected correctly by the Object-Level Security (OLS) system in SQL Server Analysis
Services. This bulletin is based on KBs 4494351 and 4494352.
 Impact: Information Disclosure

 Maximum Severity: Medium
 Affected Products: VMware Workstation Pro and Player 15.x
 Description: This security update resolves a vulnerability which may allow attackers
with normal user privileges to escalate their privileges to administrator on a windows
host where Workstation is installed.
 Impact: Elevation of Privilege
 Restart Required: Requires Restart
VMSA-2019-0007 Update for VMware Workstation

Between Patch Tuesday’s
New Product Support: Tableau Prep, Tableau Prep Builder, Windows 10 1903, .Net
4.8 Runtime
Security Updates: Adobe Air (1), Adobe Acrobat (3), Camtasia (3), Google Chrome (2),
Citrix Receiver (1), DropBox (2), Evernote (2), Firefox (3), Firefox ESR (1), Foxit Reader
(4), Foxit PhantomPDF (2), FileZilla (2), GOM Player (1), GoToMeeting (2), Java Runtime
(1), Java Development Kit (1), LibreOffice (2), Microsoft (2), Node.JS (3), Opera (5),
Oracle VirtualBox (2), Plex Media Server (2), PeaZip (2), RealTimes (1), Splunk Universal
Forwarder (1), Tableau Desktop (4), Tableau Prep (2), Tableau Reader (1), Tomcat (3),
TortoiseSVN (1), TeamViewer (1), WinSCP (1), WinRAR (1)
Non-Security Updates: BlueJeans (1), Box Edit (1), CCleaner (1), Google Drive (1),
GoodSync (2), GoTo Opener (1), Google Backup and Sync (1), Java Runtime (1), Java
Development Kit (1), KeePass Pro (1), LogMeIn (1), Microsoft (45), NVivo (1), PowerBI
Desktop (1), PDF-Xchange PRO (1), Plex Media Player (2), R for Windows (1), Royal TS
(1), Skype (2), TortoiseHG (1), Zoom Client (1), Zoom Outlook Plugin (1)

Third Party CVE Information
 Citrix Receiver 4.9.6001, LTSR Cumulative Update 6
 CTXR-018, QCTXR496001
 Camtasia 9.1.5
 CAMTA-015, QCAMTASIA915
 Fixes 6 Vulnerabilities: CVE-2018-14054, CVE-2018-14325, CVE-2018-
14326, CVE-2018-14379, CVE-2018-14403, CVE-2018-14446
 Camtasia 2019.0.1
 CAMTA-014, QCAMTASIA201901
 Fixes 12 Vulnerabilities: CVE-2018-14054, CVE-2018-14325, CVE-2018-
14326, CVE-2018-14379, CVE-2018-14403, CVE-2018-14446, CVE-2018-
14054, CVE-2018-14325, CVE-2018-14326, CVE-2018-14379, CVE-2018-
14403, CVE-2018-14446

Third Party CVE Information (cont)
 VirtualBox 5.2.28
 OVB-021, QOVB5228
 Fixes 12 Vulnerabilities: CVE-2019-2574, CVE-2019-2656, CVE-2019-2657,
CVE-2019-2678, CVE-2019-2679, CVE-2019-2680, CVE-2019-2690, CVE-
2019-2696, CVE-2019-2703, CVE-2019-2721, CVE-2019-2722, CVE-2019-
2723
 Google Chrome 74.0.3729.131
 Chrome-251, QGC7403729131
2019-5810, CVE-2019-5811, CVE-2019-5812, CVE-2019-5813, CVE-2019-
5814, CVE-2019-5815, CVE-2019-5816, CVE-2019-5817, CVE-2019-5818,
2019-5823, CVE-2019-5825, CVE-2019-5826

 Foxit Reader Consumer 9.5.0.20723
 FIC-006, QNFOXIT95020723
 Fixes 8 Vulnerabilities CVE-2018-20309, CVE-2018-20310, CVE-2018-20311,
CVE-2018-20312, CVE-2018-20313, CVE-2018-20314, CVE-2018-20315,
CVE-2018-20316
 Foxit Reader 9.5.0.20723
 FI19-9502, QFI95020723
CVE-2018-20312, CVE-2018-20313, CVE-2018-20314, CVE-2018-20315,
CVE-2018-20316
 Foxit PhantomPDF 9.5.0.20723
 FIP-021, QFIP95020723
CVE-2018-20312, CVE-2018-20313, CVE-2018-20314, CVE-2018-20315,
CVE-2018-20316

 VirtualBox 6.0.6
 OVB-020, QOVB6060
2019-2680, CVE-2019-2690, CVE-2019-2696, CVE-2019-2703, CVE-2019-
2721, CVE-2019-2722, CVE-2019-2723, CVE-2019-3822
 Java Development Kit 8 Update 211
 JDK8-211, QJDK8U211
CVE-2019-2698, CVE-2019-2699
 Java 8 Update 211
 Java8-211, QJAVA8U211
CVE-2019-2698, CVE-2019-2699

 Apache Tomcat 7.0.9
 TOMCAT-131, QTOMCAT7094
 Fixes 1 Vulnerability CVE-2019-0324

May 30 | 11am ET | Free Event
WINDOWS 10
SUMMIT VIRTUAL
EVENT

May Patch Tuesday Analysis 2019

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to May Patch Tuesday Analysis 2019

Similar to May Patch Tuesday Analysis 2019 (20)

More from Ivanti

More from Ivanti (20)

Recently uploaded

Recently uploaded (20)

May Patch Tuesday Analysis 2019

Editor's Notes