This document summarizes a webinar about the February 2016 Patch Tuesday updates. The webinar agenda includes an overview of the February 2016 Patch Tuesday, known issues, security bulletins, and a question and answer session. The document also lists several security updates from Microsoft, Adobe, Google, and Oracle that address vulnerabilities in Windows, Edge, Internet Explorer, Flash Player, Java, and other software. Many of the updates resolve remote code execution vulnerabilities and are marked as critically or highly severe.
This document provides a summary of the March 2016 Patch Tuesday webinar. It includes the agenda, known issues with some of the bulletins, and summaries of the various security bulletins released. The bulletins addressed vulnerabilities in Windows, Internet Explorer, Edge, Windows Media, Windows PDF Library, graphics fonts, and third party software like Firefox and Chrome. They fixed issues like remote code execution, elevation of privilege, and security feature bypass.
This document summarizes the agenda and key points from a Patch Tuesday webinar held on April 13th, 2016. The webinar covered an overview of the April 2016 Patch Tuesday bulletins, known issues, and provided a detailed description of each security bulletin including the affected products, description, impact, and vulnerabilities fixed. It also discussed the recent news around the Badlock vulnerability and the acquisition of AppSense by LANDESK.
This document summarizes a webinar about the January 2016 Patch Tuesday updates. It includes:
- An agenda for the webinar covering the January Patch Tuesday overview, known issues, bulletins, and Q&A.
- Summaries of several Microsoft security bulletins addressing vulnerabilities in Windows 10, Edge, Internet Explorer, Office, and other Microsoft products. It also summarizes updates from Adobe for Flash Player, Acrobat, and Reader.
- Information about other industry news items like the end of support for some Windows versions and changes to Flash redistribution requirements.
This document summarizes an upcoming webinar about the August 2016 Patch Tuesday. The webinar will provide an overview of the patches released on Patch Tuesday, including known issues. It will discuss the bulletins and vulnerabilities addressed. There will be a question and answer session. The document reviews best practices for patch management and discusses specific bulletins and vulnerabilities in detail. It also lists security updates released between Patch Tuesdays.
This document summarizes an upcoming webinar on the June 2016 Patch Tuesday. The webinar will provide an overview of the known issues and bulletins for June's Patch Tuesday, including updates for Windows 10, Internet Explorer, Edge, Office, Adobe Flash Player, and other Microsoft products. It lists the vulnerabilities addressed and their potential impacts, such as remote code execution or elevation of privilege. Attendees will have a chance to ask questions.
This document summarizes the May 2016 Patch Tuesday webinar. It includes overviews of security updates from Microsoft addressing vulnerabilities in Windows, Internet Explorer, Edge, Office and other programs. Updates are also available from Adobe to address vulnerabilities in Flash Player, Acrobat and Reader. The webinar agenda covers the overview of patches, known issues, bulletins and includes time for Q&A.
This document summarizes the November 2016 Patch Tuesday updates from Microsoft. It provides an overview of key bulletins addressing vulnerabilities in Windows 10, Edge, Internet Explorer, and other Microsoft products. Notably, it fixes 73 vulnerabilities in Windows 10 and 39 vulnerabilities in other supported Windows versions. It also includes an Adobe Flash Player update fixing 9 vulnerabilities. The updates require restarts and range from critical remote code execution fixes to important privilege escalation issues.
This document summarizes the October 2016 Patch Tuesday updates from Microsoft. It provides information on 42 security updates affecting Windows 10, Edge, Internet Explorer, and other Microsoft products. The updates fix critical vulnerabilities that could allow remote code execution or elevation of privilege. Administrators are advised to apply all security updates as soon as possible to protect systems.
This document provides a summary of the March 2016 Patch Tuesday webinar. It includes the agenda, known issues with some of the bulletins, and summaries of the various security bulletins released. The bulletins addressed vulnerabilities in Windows, Internet Explorer, Edge, Windows Media, Windows PDF Library, graphics fonts, and third party software like Firefox and Chrome. They fixed issues like remote code execution, elevation of privilege, and security feature bypass.
This document summarizes the agenda and key points from a Patch Tuesday webinar held on April 13th, 2016. The webinar covered an overview of the April 2016 Patch Tuesday bulletins, known issues, and provided a detailed description of each security bulletin including the affected products, description, impact, and vulnerabilities fixed. It also discussed the recent news around the Badlock vulnerability and the acquisition of AppSense by LANDESK.
This document summarizes a webinar about the January 2016 Patch Tuesday updates. It includes:
- An agenda for the webinar covering the January Patch Tuesday overview, known issues, bulletins, and Q&A.
- Summaries of several Microsoft security bulletins addressing vulnerabilities in Windows 10, Edge, Internet Explorer, Office, and other Microsoft products. It also summarizes updates from Adobe for Flash Player, Acrobat, and Reader.
- Information about other industry news items like the end of support for some Windows versions and changes to Flash redistribution requirements.
This document summarizes an upcoming webinar about the August 2016 Patch Tuesday. The webinar will provide an overview of the patches released on Patch Tuesday, including known issues. It will discuss the bulletins and vulnerabilities addressed. There will be a question and answer session. The document reviews best practices for patch management and discusses specific bulletins and vulnerabilities in detail. It also lists security updates released between Patch Tuesdays.
This document summarizes an upcoming webinar on the June 2016 Patch Tuesday. The webinar will provide an overview of the known issues and bulletins for June's Patch Tuesday, including updates for Windows 10, Internet Explorer, Edge, Office, Adobe Flash Player, and other Microsoft products. It lists the vulnerabilities addressed and their potential impacts, such as remote code execution or elevation of privilege. Attendees will have a chance to ask questions.
This document summarizes the May 2016 Patch Tuesday webinar. It includes overviews of security updates from Microsoft addressing vulnerabilities in Windows, Internet Explorer, Edge, Office and other programs. Updates are also available from Adobe to address vulnerabilities in Flash Player, Acrobat and Reader. The webinar agenda covers the overview of patches, known issues, bulletins and includes time for Q&A.
This document summarizes the November 2016 Patch Tuesday updates from Microsoft. It provides an overview of key bulletins addressing vulnerabilities in Windows 10, Edge, Internet Explorer, and other Microsoft products. Notably, it fixes 73 vulnerabilities in Windows 10 and 39 vulnerabilities in other supported Windows versions. It also includes an Adobe Flash Player update fixing 9 vulnerabilities. The updates require restarts and range from critical remote code execution fixes to important privilege escalation issues.
This document summarizes the October 2016 Patch Tuesday updates from Microsoft. It provides information on 42 security updates affecting Windows 10, Edge, Internet Explorer, and other Microsoft products. The updates fix critical vulnerabilities that could allow remote code execution or elevation of privilege. Administrators are advised to apply all security updates as soon as possible to protect systems.
This document summarizes the September 2016 Patch Tuesday webinar. It includes an agenda covering the monthly patch overview, known issues, bulletins, and Q&A. Details are provided on several security updates from Microsoft addressing vulnerabilities in Windows, Edge, Internet Explorer, Office, Exchange, and third party software. Recommendations are made around timely patching within 2 weeks to reduce exposure to exploited vulnerabilities.
This document summarizes a webinar on minimizing the impact of the October 2015 Patch Tuesday. It discusses the Microsoft, Adobe, and Google security bulletins released, including fixes for remote code execution, elevation of privilege, and information disclosure vulnerabilities. It provides an overview of the affected products and vulnerabilities addressed. It also reviews other patches released since the previous Patch Tuesday and lists resources for further information.
This document summarizes a webinar on the December 2016 Patch Tuesday updates. It provides an agenda for the webinar including an overview of the December patches, known issues, and bulletins. It then lists details on several Microsoft and Adobe security updates released on Patch Tuesday, including the impacted products, descriptions of the vulnerabilities fixed, severity ratings, and whether a restart is required.
This document summarizes a webinar about minimizing the impact of the December 2015 Patch Tuesday updates. It includes an overview of the Microsoft and third party patches released, including 12 Microsoft security bulletins addressing 71 vulnerabilities and an Adobe Flash Player bulletin addressing 78 vulnerabilities. It also provides details on some of the most critical patches, including patches addressing remote code execution vulnerabilities in Windows 10, Internet Explorer, Edge, and other Microsoft products. The webinar aims to help organizations understand and address the patches.
This document summarizes the September 2015 Patch Tuesday updates from Microsoft and other vendors. It provides an overview of the 56 vulnerabilities addressed by Microsoft across 12 security bulletins, including which products are affected and the impact of the vulnerabilities. It also summarizes the 2 vulnerabilities addressed in the Adobe Shockwave bulletin. The document recommends applying all patches and offers to answer any questions.
The document summarizes an upcoming webinar on the August 2018 Patch Tuesday updates. The webinar will include an overview of the August patches, discussion of notable security news items, and a review of Microsoft and third-party bulletins. It will also cover Windows lifecycle awareness, new patch notification systems, and known issues for some of the August updates. Attendees can ask questions during the live Q&A portion.
Are you feeling like you'd like to have poked your fingers into the center of the Meltdown and Spectre patches like a box of Valentine's chocolates? There were some unsavory surprises for sure. Fortunately, the kinks are largely worked out and February Patch Tuesday is more straightforward. If there is one word for this month in patching, it's not "love" or "romance" but "privilege." Patch the elevation-of-privilege vulnerabilities, and then take a closer look at your policy on privilege management. Make sure you're keeping attackers from storming the heart of your organization.
It’s 2018, we’re resolved to help you secure your systems against whatever the new year brings, and January Patch Tuesday is bringing it! This month’s updates include a fix for a known Office exploit and a host of patches to tackle the Meltdown and Spectre vulnerabilities. About that last bit, though, take note: there is no known malicious use of these vulnerabilities to date. Take the time you need now to put the patches through their paces and get them in place, because this security issue is likely to tempt the bad guys.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
This document summarizes Microsoft's August 2015 Patch Tuesday updates. It describes 14 Microsoft security bulletins addressing 58 vulnerabilities, an Adobe Flash bulletin addressing 35 vulnerabilities, and updates from Google Chrome and Mozilla Firefox. The updates resolve issues including remote code execution, elevation of privilege, and information disclosure. It provides details on the affected products and recommends applying all updates.
March is synonymous with luck, and this March Patch Tuesday luck is on your side. There are some Critical updates. And Microsoft resolved two publicly disclosed vulnerabilities, so you'll want to patch those holes before someone turns your luck from good to bad. And of course - because they're far from as rare as a four-leaf clover - the Meltdown and Spectre updates continue to roll out. But all in all, it looks like you'll get your pot of gold this month in the form of time back to focus on core business goals.
This document summarizes an upcoming webinar about the January 2017 Patch Tuesday updates. The webinar will provide an overview of the January Patch Tuesday bulletins, known issues, best practices for deploying updates, and industry news. The document then summarizes the key updates being released, including updates for Windows 10, Office, Adobe Flash Player, Acrobat, and security updates for other products. It concludes by listing resources for getting Shavlik content updates, attending future webinars, and watching previous webinar recordings.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out
This document provides an agenda and overview for a webinar on the April 2018 Patch Tuesday updates. The webinar will cover an overview of the April 2018 patches, notable security issues in the news, known issues with the updates, and questions and answers. Bulletins to be discussed include updates for Windows 10, Internet Explorer, Adobe Flash Player, Windows Server 2008, Windows 7, Windows Server 2012, Windows 8.1, and more. A number of vulnerabilities will be patched, including remote code execution flaws.
The holidays are just around the corner. How, you wonder, are we going to tie those into November Patch Tuesday? Through tradition, of course! Because what are the holidays without that treasured recipe you replicate line by line each year? And what is security without steadfast adherence to the list of controls you've put in place? The KRACK vulnerability is another in this year's endless litany of reminders that keeping up with software updates is critical. Be sure you've pushed out the October OS updates - and don't let the tradition slip this month either, as there are quite a few Critical security vulnerabilities to patch.
Around the globe, Halloween and related celebrations are right around the corner. In the states, this is the month of trick-or-treat and pumpkin patches. And out in Redmond, Washington, Microsoft is focused on patches of a different sort—keeping an eye on vulnerabilities hackers could use to unleash nasty tricks upon the world. For October Patch Tuesday you’d be wise to patch all Microsoft CVEs swiftly, publicly disclosed and otherwise, before more than just the one we’ve noted below get exploited.
The document outlines the key details of patches released during the November 2015 Patch Tuesday, including 12 Microsoft security bulletins addressing 53 vulnerabilities, an Adobe Flash Player bulletin addressing 17 vulnerabilities, and a Google Chrome release addressing 1 vulnerability and the 17 Flash Player issues. Major products affected include Windows, Internet Explorer, Edge, Office, Flash Player and Google Chrome. The document provides information on the security impacts of each patch and any known issues.
This document provides an agenda and overview for a webinar on the July 2016 Patch Tuesday updates. The webinar will cover the known issues, bulletins, and vulnerabilities addressed in the updates. It also discusses best practices for deploying patches, including using privilege management and containerization to mitigate risks. Specific critical and important updates from Microsoft and Adobe will be summarized, covering remote code execution, elevation of privilege, and other vulnerabilities.
This document summarizes an August 2016 Patch Tuesday webinar that covered:
1) An overview of the August 2016 Patch Tuesday updates
2) Known issues with some of the updates
3) Details on the security bulletins and patches released, including vulnerabilities fixed and impact
This document provides an overview and summary of Microsoft's September 2016 Patch Tuesday updates. It outlines several critical updates released to address vulnerabilities in Windows, Internet Explorer, Edge, Office, Exchange, and Adobe Flash Player. The updates fix issues that could allow remote code execution, elevation of privilege, or information disclosure. The document reviews the specific security bulletins and advisories released and their associated CVE identifiers.
This document summarizes a webinar on the December 2016 Patch Tuesday updates. It provides an agenda for the webinar, discusses best practices for deploying patches, and summarizes several Microsoft bulletins and one Adobe bulletin that address critical remote code execution vulnerabilities in Windows, Edge, IE, Flash and other programs. The bulletins affect most supported Windows versions and fix over 50 vulnerabilities in total.
This document summarizes the July 2015 Patch Tuesday updates from Microsoft, Adobe, Oracle, and Google. It provides an overview of the security bulletins and vulnerabilities addressed, including 14 Microsoft bulletins addressing 59 vulnerabilities, with 5 rated critical and 9 rated important. It also summarizes updates from Adobe (Flash, Acrobat, Shockwave), Oracle Java, and Google Chrome, noting the products affected and vulnerabilities fixed in each update.
This document summarizes the September 2016 Patch Tuesday webinar. It includes an agenda covering the monthly patch overview, known issues, bulletins, and Q&A. Details are provided on several security updates from Microsoft addressing vulnerabilities in Windows, Edge, Internet Explorer, Office, Exchange, and third party software. Recommendations are made around timely patching within 2 weeks to reduce exposure to exploited vulnerabilities.
This document summarizes a webinar on minimizing the impact of the October 2015 Patch Tuesday. It discusses the Microsoft, Adobe, and Google security bulletins released, including fixes for remote code execution, elevation of privilege, and information disclosure vulnerabilities. It provides an overview of the affected products and vulnerabilities addressed. It also reviews other patches released since the previous Patch Tuesday and lists resources for further information.
This document summarizes a webinar on the December 2016 Patch Tuesday updates. It provides an agenda for the webinar including an overview of the December patches, known issues, and bulletins. It then lists details on several Microsoft and Adobe security updates released on Patch Tuesday, including the impacted products, descriptions of the vulnerabilities fixed, severity ratings, and whether a restart is required.
This document summarizes a webinar about minimizing the impact of the December 2015 Patch Tuesday updates. It includes an overview of the Microsoft and third party patches released, including 12 Microsoft security bulletins addressing 71 vulnerabilities and an Adobe Flash Player bulletin addressing 78 vulnerabilities. It also provides details on some of the most critical patches, including patches addressing remote code execution vulnerabilities in Windows 10, Internet Explorer, Edge, and other Microsoft products. The webinar aims to help organizations understand and address the patches.
This document summarizes the September 2015 Patch Tuesday updates from Microsoft and other vendors. It provides an overview of the 56 vulnerabilities addressed by Microsoft across 12 security bulletins, including which products are affected and the impact of the vulnerabilities. It also summarizes the 2 vulnerabilities addressed in the Adobe Shockwave bulletin. The document recommends applying all patches and offers to answer any questions.
The document summarizes an upcoming webinar on the August 2018 Patch Tuesday updates. The webinar will include an overview of the August patches, discussion of notable security news items, and a review of Microsoft and third-party bulletins. It will also cover Windows lifecycle awareness, new patch notification systems, and known issues for some of the August updates. Attendees can ask questions during the live Q&A portion.
Are you feeling like you'd like to have poked your fingers into the center of the Meltdown and Spectre patches like a box of Valentine's chocolates? There were some unsavory surprises for sure. Fortunately, the kinks are largely worked out and February Patch Tuesday is more straightforward. If there is one word for this month in patching, it's not "love" or "romance" but "privilege." Patch the elevation-of-privilege vulnerabilities, and then take a closer look at your policy on privilege management. Make sure you're keeping attackers from storming the heart of your organization.
It’s 2018, we’re resolved to help you secure your systems against whatever the new year brings, and January Patch Tuesday is bringing it! This month’s updates include a fix for a known Office exploit and a host of patches to tackle the Meltdown and Spectre vulnerabilities. About that last bit, though, take note: there is no known malicious use of these vulnerabilities to date. Take the time you need now to put the patches through their paces and get them in place, because this security issue is likely to tempt the bad guys.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
This document summarizes Microsoft's August 2015 Patch Tuesday updates. It describes 14 Microsoft security bulletins addressing 58 vulnerabilities, an Adobe Flash bulletin addressing 35 vulnerabilities, and updates from Google Chrome and Mozilla Firefox. The updates resolve issues including remote code execution, elevation of privilege, and information disclosure. It provides details on the affected products and recommends applying all updates.
March is synonymous with luck, and this March Patch Tuesday luck is on your side. There are some Critical updates. And Microsoft resolved two publicly disclosed vulnerabilities, so you'll want to patch those holes before someone turns your luck from good to bad. And of course - because they're far from as rare as a four-leaf clover - the Meltdown and Spectre updates continue to roll out. But all in all, it looks like you'll get your pot of gold this month in the form of time back to focus on core business goals.
This document summarizes an upcoming webinar about the January 2017 Patch Tuesday updates. The webinar will provide an overview of the January Patch Tuesday bulletins, known issues, best practices for deploying updates, and industry news. The document then summarizes the key updates being released, including updates for Windows 10, Office, Adobe Flash Player, Acrobat, and security updates for other products. It concludes by listing resources for getting Shavlik content updates, attending future webinars, and watching previous webinar recordings.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out
This document provides an agenda and overview for a webinar on the April 2018 Patch Tuesday updates. The webinar will cover an overview of the April 2018 patches, notable security issues in the news, known issues with the updates, and questions and answers. Bulletins to be discussed include updates for Windows 10, Internet Explorer, Adobe Flash Player, Windows Server 2008, Windows 7, Windows Server 2012, Windows 8.1, and more. A number of vulnerabilities will be patched, including remote code execution flaws.
The holidays are just around the corner. How, you wonder, are we going to tie those into November Patch Tuesday? Through tradition, of course! Because what are the holidays without that treasured recipe you replicate line by line each year? And what is security without steadfast adherence to the list of controls you've put in place? The KRACK vulnerability is another in this year's endless litany of reminders that keeping up with software updates is critical. Be sure you've pushed out the October OS updates - and don't let the tradition slip this month either, as there are quite a few Critical security vulnerabilities to patch.
Around the globe, Halloween and related celebrations are right around the corner. In the states, this is the month of trick-or-treat and pumpkin patches. And out in Redmond, Washington, Microsoft is focused on patches of a different sort—keeping an eye on vulnerabilities hackers could use to unleash nasty tricks upon the world. For October Patch Tuesday you’d be wise to patch all Microsoft CVEs swiftly, publicly disclosed and otherwise, before more than just the one we’ve noted below get exploited.
The document outlines the key details of patches released during the November 2015 Patch Tuesday, including 12 Microsoft security bulletins addressing 53 vulnerabilities, an Adobe Flash Player bulletin addressing 17 vulnerabilities, and a Google Chrome release addressing 1 vulnerability and the 17 Flash Player issues. Major products affected include Windows, Internet Explorer, Edge, Office, Flash Player and Google Chrome. The document provides information on the security impacts of each patch and any known issues.
This document provides an agenda and overview for a webinar on the July 2016 Patch Tuesday updates. The webinar will cover the known issues, bulletins, and vulnerabilities addressed in the updates. It also discusses best practices for deploying patches, including using privilege management and containerization to mitigate risks. Specific critical and important updates from Microsoft and Adobe will be summarized, covering remote code execution, elevation of privilege, and other vulnerabilities.
This document summarizes an August 2016 Patch Tuesday webinar that covered:
1) An overview of the August 2016 Patch Tuesday updates
2) Known issues with some of the updates
3) Details on the security bulletins and patches released, including vulnerabilities fixed and impact
This document provides an overview and summary of Microsoft's September 2016 Patch Tuesday updates. It outlines several critical updates released to address vulnerabilities in Windows, Internet Explorer, Edge, Office, Exchange, and Adobe Flash Player. The updates fix issues that could allow remote code execution, elevation of privilege, or information disclosure. The document reviews the specific security bulletins and advisories released and their associated CVE identifiers.
This document summarizes a webinar on the December 2016 Patch Tuesday updates. It provides an agenda for the webinar, discusses best practices for deploying patches, and summarizes several Microsoft bulletins and one Adobe bulletin that address critical remote code execution vulnerabilities in Windows, Edge, IE, Flash and other programs. The bulletins affect most supported Windows versions and fix over 50 vulnerabilities in total.
This document summarizes the July 2015 Patch Tuesday updates from Microsoft, Adobe, Oracle, and Google. It provides an overview of the security bulletins and vulnerabilities addressed, including 14 Microsoft bulletins addressing 59 vulnerabilities, with 5 rated critical and 9 rated important. It also summarizes updates from Adobe (Flash, Acrobat, Shockwave), Oracle Java, and Google Chrome, noting the products affected and vulnerabilities fixed in each update.
This document summarizes the October 2016 Patch Tuesday updates from Microsoft. It provides information on 42 security updates affecting Windows 10, Edge, Internet Explorer, and other Microsoft products. The updates fix critical vulnerabilities that could allow remote code execution or elevation of privilege. Administrators are advised to apply all security updates as soon as possible to protect systems.
This document summarizes the November 2016 Patch Tuesday updates from Microsoft. It provides an overview of key bulletins addressing vulnerabilities in Windows 10, Edge, Internet Explorer, and other Microsoft products. Several updates received a critical severity rating and fix issues that could allow remote code execution if exploited. The document lists numerous vulnerabilities addressed by each security bulletin and notes whether a system restart is required.
This document summarizes the March 2017 Patch Tuesday updates from Microsoft and other vendors. It describes several security bulletins affecting Windows, Internet Explorer, Edge, Hyper-V, and other Microsoft products that fix over 130 vulnerabilities including remote code execution issues. Updates are also provided for Adobe Flash Player, VMware Workstation, and Exchange Server addressing critical remote code execution vulnerabilities.
This document summarizes an upcoming webinar about the January 2017 Patch Tuesday updates. The webinar will provide an overview of the January Patch Tuesday bulletins, known issues, best practices for deploying updates, and industry news. The summary also outlines several critical updates released by Microsoft to address remote code execution vulnerabilities in Windows, Office, Edge, and Adobe Flash Player. Additional updates are mentioned for Adobe Acrobat and Reader.
“April showers bring May flowers”—but did you know May flowers bring June bugs? A less known line from that poem for sure, but quite apt for a Patch Tuesday synopsis where software updates are the name of the game. This June there’s more grist for the mill, though there are fewer patches than we’ve seen of late. Take note of the fix for a new zero day targeting a Flash bug. And use this relative downtime to make sure your patch processes are in good working order. Remember: Meltdown and Spectre are back with all new bugs to banish from your IT environment.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
This document provides an agenda and overview for a July 15, 2020 webinar on the Patch Tuesday updates. The webinar will include an overview of the July 2020 Patch Tuesday updates, discussion of vulnerabilities in the news, such as a wormable DNS server vulnerability and publicly disclosed Windows vulnerability, and Q&A. The webinar is hosted by Chris Goettl and Todd Schell and participants can dial in or join online.
The document summarizes a webinar on the March 2022 Patch Tuesday updates. It provides an agenda for the webinar including an overview of March Patch Tuesday, bulletins and releases, vulnerabilities in the news, and a Q&A session. It also summarizes several security updates released by Microsoft and Mozilla to address vulnerabilities in Windows, Exchange Server, Internet Explorer and Firefox. Known issues are also listed for some of the updates.
Mises à jour d'Apple pour macOS, iPad OS, iOS et Safari résolvant deux exploits Zero Day. Microsoft a publié des mises à jour résolvant 97 nouveaux CVE.
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
Nothing like starting off the new decade with rumors your computer cryptography has a vulnerability which can result in a lack of trust for almost everything you do! The reality is that this vulnerability has not been publicly disclosed nor exploited and our friends at Microsoft have a solution. Besides the Crypto vulnerability, the most notable news is still the final public patch release for Windows 7, Server 2008, and Server 2008 R2. Apply the updates soon; major security vulnerabilities are exploited quickly!
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
L'analisi del Patch Tuesday di Ivanti va oltre l'applicazione di patch alle tue applicazioni e ti offre le informazioni e la guida necessarie per stabilire le priorità su cui concentrare la tua attenzione.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Similar to Patch Tuesday Analysis - February 2016 (12)
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar de Patch Tuesday. En él profundizaremos en cada uno de los informes y ofreceremos orientación sobre los riesgos asociados a las vulnerabilidades más recientes.
L'analisi del Patch Tuesday di Ivanti va oltre l'applicazione di patch alle tue applicazioni e ti offre le informazioni e la guida necessarie per stabilire le priorità su cui concentrare la tua attenzione.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar de Patch Tuesday. En él profundizaremos en cada uno de los informes y ofreceremos orientación sobre los riesgos asociados a las vulnerabilidades más recientes.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar de Patch Tuesday. En él profundizaremos en cada uno de los informes y ofreceremos orientación sobre los riesgos asociados a las vulnerabilidades más recientes.
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
L'analisi del Patch Tuesday di Ivanti va oltre l'applicazione di patch alle tue applicazioni e ti offre le informazioni e la guida necessarie per stabilire le priorità su cui concentrare la tua attenzione.
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar de Patch Tuesday. En él profundizaremos en cada uno de los informes y ofreceremos orientación sobre los riesgos asociados a las vulnerabilidades más recientes.
L'analisi del Patch Tuesday di Ivanti va oltre l'applicazione di patch alle tue applicazioni e ti offre le informazioni e la guida necessarie per stabilire le priorità su cui concentrare la tua attenzione.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar de Patch Tuesday. En él profundizaremos en cada uno de los informes y ofreceremos orientación sobre los riesgos asociados a las vulnerabilidades más recientes.
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
L'analisi del Patch Tuesday di Ivanti va oltre l'applicazione di patch alle tue applicazioni e ti offre le informazioni e la guida necessarie per stabilire le priorità su cui concentrare la tua attenzione.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar de Patch Tuesday. En él profundizaremos en cada uno de los informes y ofreceremos orientación sobre los riesgos asociados a las vulnerabilidades más recientes.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Tatiana Kojar
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...alexjohnson7307
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
6. Industry News
DLL Hijacking vulnerability CVE-
2016-0603 resolved in Oracle
Java out of band release.
German security researcher has
identified many other products
that are susceptible.
Flash Player redistribution to
require EA with Adobe starting
March 1st, 2016 (was
February until recently)
7. CSWU-020: Cumulative Update for Windows 10: February 9, 2016
Maximum Severity: Critical
Affected Products: Windows 10, Edge, Internet Explorer
Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are
described in the following Microsoft security bulletins and advisory: MS16-009, MS16-011, MS16-012, MS16-013, MS16-014, MS16-016,
MS16-017, MS16-018, MS16-019, and MS16-022.
Impact: Remote Code Execution, Elevation of Privilege, Denial of Service
Fixes 26 vulnerabilities:
CVE-2016-0033, CVE-2016-0036, CVE-2016-0038, CVE-2016-0040 (Publicly Disclosed), CVE-2016-0041, CVE-2016-0042, CVE-
2016-0044, CVE-2016-0046, CVE-2016-0047, CVE-2016-0048, CVE-2016-0049, CVE-2016-0051, CVE-2016-0058, CVE-2016-
0059, CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0063, CVE-2016-0064, CVE-2016-0067, CVE-2016-0068,
CVE-2016-0069, CVE-2016-0071, CVE-2016-0072, CVE-2016-0077, CVE-2016-0080, CVE-2016-0084
Restart Required: Requires Restart
8. MS16-009: Cumulative Security Update for Internet Explorer (3134220)
Maximum Severity: Critical
Affected Products: Internet Explorer
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow
remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this
vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker
who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights.
Impact: Remote Code Execution
Fixes 13 vulnerabilities:
CVE-2016-0041, CVE-2016-0059, CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0063, CVE-2016-0064, CVE-2016-
0067, CVE-2016-0068, CVE-2016-0069, CVE-2016-0071, CVE-2016-0072, CVE-2016-0077
Restart Required: Requires Restart
9. MS16-011: Cumulative Security Update for Microsoft Edge (3134225)
Maximum Severity: Critical
Affected Products: Edge
Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote
code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities
could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system
could be less impacted than those who operate with administrative user rights.
Impact: Remote Code Execution
Fixes 6 vulnerabilities:
CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0077, CVE-2016-0080, CVE-2016-0084
Restart Required: Requires Restart
10. MS16-012: Security Update for Microsoft Windows PDF Library to
Address Remote Code Execution (3138938)
Maximum Severity: Critical
Affected Products: Microsoft Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow
remote code execution if Microsoft Windows PDF Library improperly handles application programming interface (API) calls, which could
allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited the vulnerabilities could gain the same
user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted
than those who operate with administrative user rights. However, an attacker would have no way to force users to download or open a
malicious PDF document.
Impact: Remote Code Execution
Fixes 2 vulnerabilities:
CVE-2016-0046, CVE-2016-0058
Restart Required: May Require Restart
11. MS16-013: Security Update for Windows Journal to Address Remote
Code Execution (3134811)
Maximum Severity: Critical
Affected Products: Microsoft Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution
if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less
impacted than users who operate with administrative user rights.
Impact: Remote Code Execution
Fixes 1 vulnerabilities:
CVE-2016-0038
Restart Required: May Require Restart
12. MS16-014: Security Update for Microsoft Windows to Address Remote
Code Execution (3134228)
Maximum Severity: Important
Affected Products: Microsoft Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow
remote code execution if an attacker is able to log on to a target system and run a specially crafted application.
Impact: Remote Code Execution
Fixes 5 vulnerabilities:
CVE-2016-0040 (Publicly Disclosed), CVE-2016-0041, CVE-2016-0042, CVE-2016-0044, CVE-2016-0049
Restart Required: Requires Restart
13. MS16-015: Security Update for Microsoft Office to Address Remote
Code Execution (3134226)
Maximum Severity: Critical
Affected Products: Microsoft Office, Sharepoint
Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow
remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities
could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the
system could be less impacted than those who operate with administrative user rights.
Impact: Remote Code Execution
Fixes 7 vulnerabilities:
CVE-2016-0022, CVE-2016-0039 (Publicly Disclosed), CVE-2016-0052, CVE-2016-0053, CVE-2016-0054, CVE-2016-0055, CVE-
2016-0056
Restart Required: May Require Restart
14. MS16-022: Security Update for Adobe Flash Player (3135782)
Maximum Severity: Critical
Affected Products: Microsoft Windows, Adobe Flash Player
Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows
Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Impact: Remote Code Execution
Fixes 22 vulnerabilities:
Resolved by Adobe Flash Player update. See APSB16-004 bulletin for details.
Restart Required:
15. APSB16-04: Security updates available for Adobe Flash Player
Maximum Severity: Priority 1
Affected Products: Flash Player
Description: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could
potentially allow an attacker to take control of the affected system.
Impact: Remote Code Execution
Fixes 22 vulnerabilities:
CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-
0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978,
CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985
Restart Required:
16. CHROME-160: Google Chrome 48.0.2564.109
Maximum Severity: High
Affected Products: Flash Player
Description: The stable channel has been updated to 48.0.2564.109 for Windows, Mac, and Linux.
Impact: Same-origin bypass, buffer overflow, out-of-bounds read
Fixes 6 vulnerabilities:
CVE-2016-1622, CVE-2016-1623, CVE-2016-1624, CVE-2016-1625, CVE-2016-1626, CVE-2016-1627,
Restart Required:
17. Java8u73: Critical Security Update for Java Runtime
Maximum Severity: Critical
Affected Products: Java SE
Description: This update release contains several enhancements and changes.
Impact: Remote Code Execution
Fixes 1 vulnerabilities:
CVE-2016-0603
Restart Required: May Require Restart (almost always)
18. MS16-016: Security Update for WebDAV to Address Elevation of
Privilege (3136041)
Maximum Severity: Important
Affected Products: Microsoft Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if
an attacker uses the Microsoft Web Distributed Authoring and Versioning (WebDAV) client to send specifically crafted input to a server.
Impact: Elevation of Privilege
Fixes 1 vulnerabilities:
CVE-2016-0051
Restart Required: Requires Restart
19. MS16-017: Security Update for Remote Desktop Display Driver to
Address Elevation of Privilege (3134700)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if
an authenticated attacker logs on to the target system using RDP and sends specially crafted data over the connection. By default, RDP is
not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
Impact: Elevation of Privilege
Fixes 1 vulnerabilities:
CVE-2016-0036
Restart Required: Requires Restart
20. MS16-018: Security Update for Windows Kernel-Mode Drivers to Address
Elevation of Privilege (3136082)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if
an attacker logs on to an affected system and runs a specially crafted application.
Impact: Elevation of Privilege
Fixes 1 vulnerabilities:
CVE-2016-0048
Restart Required: Requires Restart
21. MS16-019: Security Update for .NET Framework to Address Denial of
Service (3137893)
Maximum Severity: Important
Affected Products: Windows, .Net Framework
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if
an attacker logs on to an affected system and runs a specially crafted application.
Impact: Denial of Service
Fixes 1 vulnerabilities:
CVE-2016-0048
Restart Required: May Require Restart
22. MS16-020: Security Update for Active Directory Federation Services to
Address Denial of Service (3134222)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could
allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS server, causing the server to
become nonresponsive.
Impact: Denial of Service
Fixes 1 vulnerabilities:
CVE-2016-0037
Restart Required: May Require Restart
23. MS16-021: Security Update for NPS RADIUS Server to Address Denial of
Service (3133043)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could cause denial of service on a
Network Policy Server (NPS) if an attacker sends specially crafted username strings to the NPS, which could prevent RADIUS
authentication on the NPS.
Impact: Denial of Service
Fixes 1 vulnerabilities:
CVE-2016-0050
Restart Required: May Require Restart
24.
25. Resources and Webinars
Get Shavlik Content Updates
Get Social with Shavlik
Sign up for next months
Patch Tuesday Webinar
Watch previous webinars
and download presentation.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Many of the vulnerabilities target a user to exploit.
https://support.microsoft.com/en-us/kb/3134814
Includes 7 non-security fixes as well.
Most of the vulnerabilities are exploiting objects in memory.
An attacker could host a specially crafted website that is designed to exploit these vulnerabilities through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.
An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerabilities by modifying how Internet Explorer handles objects in memory.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
4 of 6 were common across IE and Edge. Those 4 were all memory corruption vulnerabilities like in IE.
Many of the vulnerabilities target a user to exploit.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Discrepancy: Calls out Server Core, but update would not install on core. WSUS also does not offer for Core. Either they will push a re-release or pull the doc discrepancy. This is PDF related so would Core really be affected?
Vulnerabilities target a user to exploit.
For an attack to succeed, a user must open a specially crafted Windows Reader file with an affected version of Windows Reader. In an email attack scenario, an attacker would have to convince the user to open a specially crafted Windows Reader file. The update addresses the vulnerability by modifying how Windows Reader parses files.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
For an attack to be successful, this vulnerability requires that a user open a specially crafted Journal file with an affected version of Windows Journal. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Journal file to the user and then convincing the user to open the file.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Publicly disclosed CVE-2016-0040
Known issue # 1 https://support.microsoft.com/en-us/kb/3126593 (KB3126587)
Customers using Corel VideoStudio X8 or Corel VideoStudio X9 on Windows 7 may experience a crash while launching or using that product. Customers should install the latest updates from Corel to prevent this issue, or contact Corel for more information and help. The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
Known issue # 1 https://support.microsoft.com/en-us/kb/3126593 (KB3126593)
After you install this security update, the behavior of searching for DLLs to load in certain scenarios (specifically, when loading implicit dependencies of COM server DLLs) will be changed from the previous behavior in the following way: Unless a prefix of the current directory’s full path is in the Safe Load List, the current directory will be skipped during the search (notice that previously, the current directory was used to search for the DLL). This new behavior may affect some legacy application behavior, and when the DLL loader notices this possible change in behavior, a warning or error message that resembles one of the following may be displayed in the Application log that is available in Event Viewer:The following warning message indicates the dependency file was not loaded from the current working directory (CWD) because of it not being trusted, but was found in another location:Loading dependency %2 from the current directory was not allowed when attempted by %1. Another DLL was found: %3.
The following error message indicates the DLL was not loaded from the current working directory (CWD) because of it not being trusted, and was not found at all.Loading dependency %2 from the current directory was not allowed when attempted by %1. No other DLL was found and the dependency resolution failed.
In both cases, %1 is the full path to the application process’s executable (.exe) file, and %2 is the full path if the DLL is found in the CWD. If the application requires the old dependency loading behavior for its correct operation for a specific directory, you can achieve this scenario by adding this directory or its trusted ancestor to the Safe Load List. To do this, follow these steps:Make sure that your trusted location, together with all its descendant tree, is protected properly from unauthorized modifications by NTFS permissions.
Add a string value to the following subkey in the registry in which the data is the full path to that trusted location:HKLM\System\CurrentControlSet\Control\Session Manager\Safe Load Prefixes
After you make these changes, as long as the CWD is under that location, the DLLs in that CWD will be trusted and loaded as before. Known issue # 2
Customers using Corel VideoStudio X8 or Corel VideoStudio X9 on Windows 7 may experience a crash while launching or using that product. Customers should install the latest updates from Corel to prevent this issue, or contact Corel for more information and help. The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
MS updated an older Security Advisory relating to RDP from last nights release. https://technet.microsoft.com/en-us/library/security/2871997 there was also a hidden KB that is not in the bulletin, but was available to deploy.
CVE-2016-0039 (Publicly Disclosed)
Microsoft SharePoint XSS Vulnerability – CVE-2016-0039
An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim.
The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
I have Microsoft Word 2010 installed. Why am I not being offered the 3114752 update? The 3114752 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
To fully update Flash Player you must apply the IE Security Advisory, Google Chrome update, Mozilla Firefox and the Flash Player install.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Also includes support for updated Flash and the 22 fixes for Adobe Flash Plug-In.
To fully update Flash Player you must apply the IE Security Advisory, Google Chrome update, Mozilla Firefox and the Flash Player install.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
http://www.oracle.com/technetwork/java/javase/8u73-relnotes-2874654.html
Oracle recommends removing all older install media from your network.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
WebDAV Elevation of Privilege Vulnerability - CVE-2016-0051
An elevation of privilege vulnerability exists in the Microsoft Web Distributed Authoring and Versioning (WebDAV) client when WebDAV improperly validates input. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated permissions.
To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
Workstations and servers are primarily vulnerable to this attack. The update addresses the vulnerability by correcting how WebDAV validates input.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
Known issues in security update 3126446 https://support.microsoft.com/en-us/kb/3134700
You may have to restart the computer multiple times after you install this security update on a Windows 7-based computer that is running RDP 8.0.
Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability - CVE-2016-0036
An elevation of privilege vulnerability exists in Remote Desktop Protocol (RDP) when an attacker logs on to the target system using RDP and sends specially crafted data over the authenticated connection. An attacker who successfully exploited this vulnerability could execute code with elevated privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the target system by using the Remote Desktop Protocol (RDP). An attacker could then run a specially crafted application that is designed to create the crash condition that leads to elevated privileges. The update addresses the vulnerability by correcting how RDP handles objects in memory.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
Kernel-Mode Driver update. Test well.
Win32k Elevation of Privilege Vulnerability - CVE-2016-0048
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
4.5.2 is only supported version of 4.5.
https://support.microsoft.com/en-us/gp/framework_faq/en-us
1. What is the Microsoft Support Lifecycle policy for .NET Framework? (reading between the lines, pretty much like IE. If it is OS level it is supported until EOL of OS, but as separate product install you should upgrade)In March 2010, Microsoft announced that beginning with .NET Framework 3.5 Service Pack 1 (SP1), the .NET Framework is defined as a component instead of an independent product. As a component, .NET Framework version 3.5 Service Pack 1 (SP1) or later assumes the same Support Lifecycle policy as its underlying Windows operating system. On August 7, 2014, Microsoft announced that support will end for .NET Framework 4, 4.5, and 4.5.1 on January 12, 2016. Customers and developers need to have completed the in-place update to .NET Framework 4.5.2 by January 12, 2016 to continue receiving technical support and security updates. Support for .NET Framework 4.5.2, as well as all other .NET Framework versions such as 3.5 SP1, will continue to be supported for the duration of the operating system support lifecycle. Additional information on the history of .NET Framework support lifecycle is available below.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
Microsoft Active Directory Federation Services Denial of Service Vulnerability - CVE- 2016-0037
A denial of service vulnerability exists when Active Directory Federation Services (ADFS) attempts to process certain input during forms-based authentication. An attacker who successfully exploits this vulnerability by sending certain input during forms-based authentication could cause the server to become nonresponsive.
The update addresses the vulnerability by adding additional checks on input data during forms-based authentication.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
Has a Core patch, but also failed to install. We will be watching for a rerelease on this one.
Network Policy Server RADIUS Implementation Denial of Service Vulnerability – CVE-2016-0050
A denial of service vulnerability exists when a Network Policy Server (NPS) improperly handles a Remote Authentication Dial-In User Service (RADIUS) authentication request. An unauthenticated attacker who successfully exploited this vulnerability could send specially crafted username strings to a Network Policy Server (NPS) causing a denial of service condition for RADIUS authentication on the NPS.
Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights. To exploit the vulnerability, an attacker would need to have network access to the affected NPS and then create an application to send specially crafted RADIUS authentication requests to the NPS.
The security update addresses the vulnerability by changing how the NPS parses username queries when implementing RADIUS.
Sign up for Content Announcements:
Email http://www.shavlik.com/support/xmlsubscribe/
RSS http://protect7.shavlik.com/feed/
Twitter @ShavlikXML
Follow us on:
Shavlik on LinkedIn
Twitter @ShavlikProtect
Shavlik blog -> www.shavlik.com/blog
Chris Goettl on LinkedIn
Twitter @ChrisGoettl
Sign up for webinars or download presentations and watch playbacks:
http://www.shavlik.com/webinars/