SlideShare a Scribd company logo

Patch Tuesday August 2020

Download as PPTX, PDF
Ivanti
Ivanti

Are you bored sitting at home in Covid Quarantine? We have a little excitement for you this month with two zero day releases from Microsoft. These vulnerabilities impact all Windows Operating System versions going back to Windows 7 and Server 2008, and also Internet Explorer 11 across all supported OSs. This release also includes the resolution of Windows Print Spooler Elevation of Privilege vulnerability (CVE-2020-1337) that made recent headlines. Adobe Acrobat, Reader and Apple iCloud also have critical updates resolving 26 and 20 CVEs respectively.

1 of 44
Copyright © 2020 Ivanti. All rights reserved. Patch Tuesday Webinar Wednesday, August 12, 2020 Hosted by: Chris Goettl & Todd Schell Dial in: 1-877-668-4490 (US) Event ID: 113 229 7116
Copyright © 2020 Ivanti. All rights reserved. Agenda August 2020 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A 1 2 3 4 5
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Overview
Copyright © 2020 Ivanti. All rights reserved.
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. In the News
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. FBI PIN Warns of Increased Attacks on EoL OSs  FBI issues warnings over Windows 7 end-of-life  https://www.zdnet.com/article/fbi-issues-warning-over-windows-7-end-of-life/  FBI PIN 20200803-002  https://www.documentcloud.org/documents/7013545-Windows-7- End-of-Life-PIN-20200803-002-BC.html  Microsoft to remove all Windows downloads signed with SHA-1  https://www.bleepingcomputer.com/news/microsoft/microsoft-to- remove-all-windows-downloads-signed-with-sha-1/ Source: Microsoft
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Netlogon Secure Channel Connections  Changes Associated with CVE-2020-1472  Deployment Guidelines  Deploy August 11th updates  Monitor for warning events  Act on warning events  Full enforcement mode goes into effect February 9, 2021
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Known Exploited and Publicly Disclosed  CVE-2020-1464 Windows Spoofing Vulnerability  A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.  In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.  The update addresses the vulnerability by correcting how Windows validates file signatures. Source: Microsoft
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Known Exploited  CVE-2020-1380 Scripting Engine Memory Corruption Vulnerability  A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.  In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user- provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. Source: Microsoft
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Another CVE of Interest  CVE-2020-1337 Windows Print Spooler Elevation of Privilege Vulnerability  An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.  The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system. Source: Microsoft
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001  Updated SSUs this month  Windows 7/Server 2008/2008 R2  Windows 10 1809 > 2004  Development Tool and Other Updates  ASP.NET Core 2.1, 3.1  Visual Studio 2017-2019  Visual Studio Code Source: Microsoft
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness  Windows 10 Branch Support Source: Microsoft
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness (cont)  Enterprise LTSB/LTSC Support  Complete Lifecycle Fact Sheet  https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet Source: Microsoft
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Patch Blog  Latest Patch Releases  Microsoft and Third-party  Security and non-Security  CVE Analysis  Security Events of Interest  Host: Brian Secrist  https://www.ivanti.com/blog /topics/patch-tuesday
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Bulletins and Releases
Copyright © 2020 Ivanti. All rights reserved. APSB20-48: Security Update for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (all current versions)  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 26 Vulnerabilities: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html  Restart Required: Requires application restart
Copyright © 2020 Ivanti. All rights reserved. ICLOUD-200811: Security Update for iCloud for Windows 11.3  Maximum Severity: Critical  Affected Products: iCloud for Windows  Description: Apple has released a security update for iCloud for Windows supporting Windows 10 and later.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, and Spoofing  Fixes 20 Vulnerabilities: https://support.apple.com/en-us/HT211294  Restart Required: Requires application restart
Copyright © 2020 Ivanti. All rights reserved. MS20-08-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1709, 1803, 1809, 1903, 1909, 2004, Server 2016, Server 2019, Server version 1709, Server version 1803, Server version 2004, IE 11 and Microsoft Edge  Description: This bulletin references 19 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 94 Vulnerabilities: CVE-2020-1380 is known exploited. CVE-2020-1464 is known exploited and publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Windows 10  KB 4571694 – Windows 10, Version 1607 and Server 2016  [Min Password] After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. Workaround: Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution.  KB 4565349 – Windows 10, Version 1809, Server 2019 All Versions  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Windows 10 (cont)  KB 4565349 – Windows 10, Version 1809, Server 2019 All Versions  [Edge] After installing KB4550969 or later, when using Microsoft Edge Legacy, you might receive the error,”0x80704006. Hmmmm…can’t reach this page” when attempting to reach websites on non-standard ports. Any website that uses a port listed in the Fetch Standard specification under bad ports or port blocking might cause this issue. Workaround: Do one of the following:  Update to the new, Chromium-based Microsoft Edge and configure it to allow the port used for the affected site.  Use Internet Explorer 11 to access the website.  Update Windows 10 to a newer version.  Configure the website to use a standard port on the server side. Don’t use a port that is listed in the Fetch Standard specification under bad ports or port blocking.  Microsoft is working on a resolution.
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Windows 10 (cont)  KB 4566782 – Windows 10, Version 2004  [Editor] When using some apps, such as Microsoft Excel, users of the Microsoft Input Method Editor (IME) for Chinese and Japanese might receive an error, or the app might stop responding or close when attempting to drag using the mouse. Workaround: 1. Select Start, type Settings and select it or press enter. 2. Type IME settings into the search box within Settings and select the IME settings that are appropriate to your language, for example Japanese IME Settings. 3. Select General. 4. Turn on Use previous version of Microsoft IME.  Microsoft is working on a solution.
Copyright © 2020 Ivanti. All rights reserved. MS20-08-IE: Security Updates for Internet Explorer  Maximum Severity: Critical  Affected Products: IE 9 and IE 11  Description: The fixes that are included in the cumulative Security Update for Internet Explorer are also included in the August 2020 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in the cumulative update. This bulletin references 12 KB articles.  Impact: Remote Code Execution  Fixes 3 Vulnerabilities: CVE-2020-1567 and CVE-2020-1570 are fixed in IE 9. CVE-2020-1380, CVE-2020-1567 and CVE-2020-1570 are fixed in IE 11. CVE-2020- 1380 is known exploited.  Restart Required: Requires restart  Known Issues: None reported
Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: Security update includes improvements and fixes that were a part of update KB 4565536 (released July 14, 2020). Bulletin is based on KB 4571730. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Kernel, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Microsoft Scripting Engine, and Windows SQL components.  Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 31 + 2 (IE 9) Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] See next slide.
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Server 2008  KB 4571730 – Windows Server 2008 (Monthly Rollup)  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  KB 4571746 – Windows Server 2008 (Security-only Update)
Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 4571746. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Kernel, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Microsoft Scripting Engine, and Windows SQL components.  Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 31 Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] See previous slide.
Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR7-ESU: Monthly Rollup for Win 7 MS20-08-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE  Description: Security update includes improvements and fixes that were a part of update KB 4565524 (released July 14, 2020). Bulletin is based on KB 4571729. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Storage and Filesystems, Windows Network Security and Containers, Windows File Server and Clustering, Windows Hybrid Storage Services, Microsoft Scripting Engine, and Windows SQL components.  Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 53 + 3 IE Vulnerabilities: CVE-2020-1380 is known exploited. CVE-2020-1464 is known exploited and publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO7-ESU: Security-only Update for Win 7 MS20-08-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 4571719. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Storage and Filesystems, Windows Network Security and Containers, Windows File Server and Clustering, Windows Hybrid Storage Services, Microsoft Scripting Engine, and Windows SQL components.  Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 53 Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: Security update includes improvements and fixes that were a part of update KB 4565537 (released July 14, 2020). Bulletin is based on KB 4571736. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows SQL components, Microsoft Scripting Engine, and Windows Remote Desktop.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 40 + 3 IE Vulnerabilities: CVE-2020-1380 is known exploited. CVE-2020-1464 is known exploited and publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 4571702. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows SQL components, Microsoft Scripting Engine, and Windows Remote Desktop.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 40 Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: Security update includes improvements and fixes that were a part of update KB 4565541 (released July 14, 2020). Bulletin is based on KB 4571703. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows SQL components, Microsoft Scripting Engine, and Windows Remote Desktop.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 58 + 3 IE Vulnerabilities: CVE-2020-1380 is known exploited. CVE-2020-1464 is known exploited and publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 4571723. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows SQL components, Microsoft Scripting Engine, and Windows Remote Desktop.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 58 Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
Copyright © 2020 Ivanti. All rights reserved. MS20-08-MRNET: Monthly Rollup for Microsoft .Net  Maximum Severity: Critical  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8  Description: The update changes how ASP.NET and .NET handle requests which could result in IIS improperly allowing access to cached files. It also addresses a vulnerability by correcting how .NET Framework processes input resulting in code execution. This bulletin references 12 KB articles.  Impact: Remote Code Execution and Elevation of Privilege  Fixes 2 Vulnerabilities: CVE-2020-1046 and CVE-2020-1476  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported
Copyright © 2020 Ivanti. All rights reserved. MS20-08-SONET: Security-only Update for Microsoft .Net  Maximum Severity: Critical  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8  Description: The update changes how ASP.NET and .NET handle requests which could result in IIS improperly allowing access to cached files. It also addresses a vulnerability by correcting how .NET Framework processes input resulting in code execution. This bulletin references 12 KB articles.  Impact: Remote Code Execution and Elevation of Privilege  Fixes 2 Vulnerabilities: CVE-2020-1046 and CVE-2020-1476  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported
Copyright © 2020 Ivanti. All rights reserved. MS20-08-OFF: Security Updates for Microsoft Office  Maximum Severity: Critical  Affected Products: Access 2010-2016, Excel 2010-2016, Office 2010-2016, Outlook 2010-2016, Word 2010-2016, Office 2016 and 2019 for macOS  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Guide for specific details on each. This bulletin references 22 KB articles plus release notes for MacOS.  Impact: Remote Code Execution and Information Disclosure  Fixes 13 Vulnerabilities: CVE-2020-1483, CVE-2020-1493, CVE-2020-1494, CVE-2020-1495, CVE-2020-1496, CVE-2020-1497, CVE-2020-1498, CVE-2020-1502, CVE-2020-1503, CVE-2020-1504, CVE-2020-1563, CVE-2020-1582, and CVE-2020- 1583  Restart Required: Requires application restart  Known Issues: None reported
Copyright © 2020 Ivanti. All rights reserved. MS20-08-O365: Security Updates Microsoft 365 Apps and Office 2019  Maximum Severity: Critical  Affected Products: Microsoft 365 Apps, Office 2019  Description: This month’s update resolved various bugs and performance issues in Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps security updates is available at https://docs.microsoft.com/en- us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution and Information Disclosure  Fixes 13 Vulnerabilities: CVE-2020-1483, CVE-2020-1493, CVE-2020-1494, CVE-2020-1495, CVE-2020-1496, CVE-2020-1497, CVE-2020-1498, CVE-2020-1502, CVE-2020-1503, CVE-2020-1563, CVE-2020-1581, CVE-2020-1582, and CVE-2020- 1583  Restart Required: Requires application restart  Known Issues: None reported
Copyright © 2020 Ivanti. All rights reserved. MS20-08-SPT: Security Updates for SharePoint Server  Maximum Severity: Important  Affected Products: Microsoft SharePoint Enterprise Server 2013 & 2016, Microsoft SharePoint Foundation Server 2013, and Microsoft SharePoint Server 2010 & 2019  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on 12 KB articles.  Impact: Remote Code Execution, Spoofing and Information Disclosure  Fixes 10 Vulnerabilities: CVE-2020-1495, CVE-2020-1499, CVE-2020-1500, CVE-2020-1501, CVE-2020-1502, CVE-2020-1503, CVE-2020-1505, CVE-2020-1573, CVE-2020-1580, and CVE-2020-1583  Restart Required: Requires restart  Known Issues: None reported
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Between Patch Tuesdays
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Release Summary  Security Updates: Apple iTunes (1), Amazon Corretto (1), Box Edit (1), Camtasia (1), CCleaner (2), Cisco Jabber (1), Crowdstrike Falcon Sensor (1), Dropbox (2), Firefox (1), Firefox ESR (1), Foxit PhantomPDF (1), Foxit Reader (2), FileZilla (1), GoodSync (4), Google Chrome (2), Google Earth Pro (1), GIT for Windows (1), LibreOffice (1), Malwarebytes (1), Microsoft Edge Chromium (5), Nitro Pro (2), Node.JS (4), Notepad++ (1), Opera (4), Power BI Desktop (5), Paint.net (1), Plex Media Server (1), Powershell 7 (1), Skype (1), Slack (1), Snagit (3), Splunk Forwarder (1), SQL Server Management Studio (1), Tableau (10), Thunderbird (4), TeamViewer (5), WinSCP (1), Zoom Client (1)  Non-Security Updates: AIMP (2), Azure Information Protection (1), BlueJeans (1), Box Drive (1), Google Drive (1), GOM Player (1), Microsoft (16), PDF-Xchange PRO (1), RingCentral App (1), Royal TS (1), TortoiseHG (1), Visual Studio Code (3), Webex Teams (1)
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information  Google Chrome 84.0.4147.125  CHROME-200810, QGC8404147125  Fixes 14 Vulnerabilities: CVE-2020-6542, CVE-2020-6543, CVE-2020-6544, CVE-2020- 6545, CVE-2020-6546, CVE-2020-6547, CVE-2020-6548, CVE-2020-6549, CVE-2020- 6550, CVE-2020-6551, CVE-2020-6552, CVE-2020-6553, CVE-2020-6554, CVE-2020- 6555  Google Chrome 84.0.4147.105  CHROME-200728, QGC8404147105  Fixes 6 Vulnerabilities: CVE-2020-6532, CVE-2020-6537, CVE-2020-6538, CVE- 2020-6539, CVE-2020-6540, CVE-2020-6541
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information  Microsoft Edge 84.0.522.40  MEDGE-200717, QMEDGE84052240  Fixes 25 Vulnerabilities: CVE-2020-6510,CVE-2020-6511,CVE-2020-6512,CVE- 2020-6513,CVE-2020-6514,CVE-2020-6515,CVE-2020-6516,CVE-2020- 6517,CVE-2020-6518,CVE-2020-6519,CVE-2020-6520,CVE-2020-6522,CVE- 2020-6523,CVE-2020-6524,CVE-2020-6525,CVE-2020-6526,CVE-2020- 6527,CVE-2020-6528,CVE-2020-6529,CVE-2020-6530,CVE-2020-6531,CVE- 2020-6533,CVE-2020-6534,CVE-2020-6535,CVE-2020-6536  Firefox 79.0, Firefox ESR 68.11.0, Firefox ESR 78.1.0  FF-200728, QFF790  FFE-200728, QFFE7810, QFFE68110  Fixes 10 Vulnerabilities: CVE-2020-6463,CVE-2020-6514,CVE-2020-15652,CVE- 2020-15653,CVE-2020-15654,CVE-2020-15655,CVE-2020-15656,CVE-2020- 15657,CVE-2020-15658,CVE-2020-15659
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information  Thunderbird 78.0  TB-200716, QTB780  Fixes 14 Vulnerabilities: CVE-2020-12402,CVE-2020-12415,CVE-2020- 12416,CVE-2020-12417,CVE-2020-12418,CVE-2020-12419,CVE-2020- 12420,CVE-2020-12421,CVE-2020-12422,CVE-2020-12423,CVE-2020- 12424,CVE-2020-12425,CVE-2020-12426,CVE-2020-15648  Thunderbird 78.1.0  TB-200731, QTB7810  Fixes 10 Vulnerabilities: CVE-2020-6463,CVE-2020-6514,CVE-2020-15652,CVE- 2020-15653,CVE-2020-15654,CVE-2020-15655,CVE-2020-15656,CVE-2020- 15657,CVE-2020-15658,CVE-2020-15659
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Q & A
Copyright © 2020 Ivanti. All rights reserved. Copyright © 2020 Ivanti. All rights reserved. Thank You!

Recommended

What's New in Ivanti Workspace Control 2020.0
What's New in Ivanti Workspace Control 2020.0 What's New in Ivanti Workspace Control 2020.0
What's New in Ivanti Workspace Control 2020.0
Ivanti
 
Ivanti May 2020 Patch Tuesday
Ivanti May 2020 Patch TuesdayIvanti May 2020 Patch Tuesday
Ivanti May 2020 Patch Tuesday
Ivanti
 
September Patch Tuesday- 2020
September Patch Tuesday- 2020September Patch Tuesday- 2020
September Patch Tuesday- 2020
Ivanti
 
Workspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge IntelligenceWorkspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Ivanti
 
Ivanti Neurons - Lunch and Learn
Ivanti Neurons - Lunch and LearnIvanti Neurons - Lunch and Learn
Ivanti Neurons - Lunch and Learn
Ivanti
 
Ivanti Momentum | What's New in User Workspace Manager 2020.2
Ivanti Momentum | What's New in User Workspace Manager 2020.2Ivanti Momentum | What's New in User Workspace Manager 2020.2
Ivanti Momentum | What's New in User Workspace Manager 2020.2
Ivanti
 
Migrate from BigFix to Ivanti
Migrate from BigFix to IvantiMigrate from BigFix to Ivanti
Migrate from BigFix to Ivanti
Ivanti
 
Ivanti for msp
Ivanti for mspIvanti for msp
Ivanti for msp
Ivanti
 

Recommended

What's New in Ivanti Workspace Control 2020.0
What's New in Ivanti Workspace Control 2020.0 What's New in Ivanti Workspace Control 2020.0
What's New in Ivanti Workspace Control 2020.0
Ivanti
 
Ivanti May 2020 Patch Tuesday
Ivanti May 2020 Patch TuesdayIvanti May 2020 Patch Tuesday
Ivanti May 2020 Patch Tuesday
Ivanti
 
September Patch Tuesday- 2020
September Patch Tuesday- 2020September Patch Tuesday- 2020
September Patch Tuesday- 2020
Ivanti
 
Workspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge IntelligenceWorkspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Ivanti
 
Ivanti Neurons - Lunch and Learn
Ivanti Neurons - Lunch and LearnIvanti Neurons - Lunch and Learn
Ivanti Neurons - Lunch and Learn
Ivanti
 
Ivanti Momentum | What's New in User Workspace Manager 2020.2
Ivanti Momentum | What's New in User Workspace Manager 2020.2Ivanti Momentum | What's New in User Workspace Manager 2020.2
Ivanti Momentum | What's New in User Workspace Manager 2020.2
Ivanti
 
Migrate from BigFix to Ivanti
Migrate from BigFix to IvantiMigrate from BigFix to Ivanti
Migrate from BigFix to Ivanti
Ivanti
 
Ivanti for msp
Ivanti for mspIvanti for msp
Ivanti for msp
Ivanti
 
New Patch Automation Capabilities in EPM 2020.1
New Patch Automation Capabilities in EPM 2020.1New Patch Automation Capabilities in EPM 2020.1
New Patch Automation Capabilities in EPM 2020.1
Ivanti
 
Virtual Lunch & Learn - Netherlands
Virtual Lunch & Learn - NetherlandsVirtual Lunch & Learn - Netherlands
Virtual Lunch & Learn - Netherlands
Ivanti
 
November Patch Tuesday 2020
November Patch Tuesday 2020 November Patch Tuesday 2020
November Patch Tuesday 2020
Ivanti
 
Patch Tuesday November - 2020
Patch Tuesday November - 2020Patch Tuesday November - 2020
Patch Tuesday November - 2020
Ivanti
 
UWM Customer Roadmap
UWM Customer RoadmapUWM Customer Roadmap
UWM Customer Roadmap
Ivanti
 
What's New with Ivanti Service Desk
What's New with Ivanti Service DeskWhat's New with Ivanti Service Desk
What's New with Ivanti Service Desk
Ivanti
 
What's New in Ivanti Service Manager and Asset Manager 2020.3
What's New in Ivanti Service Manager and Asset Manager 2020.3What's New in Ivanti Service Manager and Asset Manager 2020.3
What's New in Ivanti Service Manager and Asset Manager 2020.3
Ivanti
 
Remote Workers Webinar (Episode 3)
Remote Workers Webinar (Episode 3)Remote Workers Webinar (Episode 3)
Remote Workers Webinar (Episode 3)
Ivanti
 
Building Your Business Continuity Plan
Building Your Business Continuity PlanBuilding Your Business Continuity Plan
Building Your Business Continuity Plan
Ivanti
 
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti
 
Remote Worker Webinar (Episode 5)
Remote Worker Webinar (Episode 5)Remote Worker Webinar (Episode 5)
Remote Worker Webinar (Episode 5)
Ivanti
 
Remote Workers Webinar (Episode 2)
Remote Workers Webinar (Episode 2)Remote Workers Webinar (Episode 2)
Remote Workers Webinar (Episode 2)
Ivanti
 
Insights into your IT Service Management - Middle East
Insights into your IT Service Management - Middle EastInsights into your IT Service Management - Middle East
Insights into your IT Service Management - Middle East
Ivanti
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learn
Ivanti
 
Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020
Ivanti
 
How to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability ManagementHow to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability Management
Ivanti
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Ivanti
 
INTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONSINTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONS
Ivanti
 
The Future of IT Service Management
The Future of IT Service ManagementThe Future of IT Service Management
The Future of IT Service Management
Ivanti
 
Simplify Security with Ivanti Security Controls
Simplify Security with Ivanti Security ControlsSimplify Security with Ivanti Security Controls
Simplify Security with Ivanti Security Controls
Ivanti
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti
 
August 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisAugust 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday Analysis
Ivanti
 

More Related Content

What's hot

New Patch Automation Capabilities in EPM 2020.1
New Patch Automation Capabilities in EPM 2020.1New Patch Automation Capabilities in EPM 2020.1
New Patch Automation Capabilities in EPM 2020.1
Ivanti
 
Virtual Lunch & Learn - Netherlands
Virtual Lunch & Learn - NetherlandsVirtual Lunch & Learn - Netherlands
Virtual Lunch & Learn - Netherlands
Ivanti
 
November Patch Tuesday 2020
November Patch Tuesday 2020 November Patch Tuesday 2020
November Patch Tuesday 2020
Ivanti
 
Patch Tuesday November - 2020
Patch Tuesday November - 2020Patch Tuesday November - 2020
Patch Tuesday November - 2020
Ivanti
 
UWM Customer Roadmap
UWM Customer RoadmapUWM Customer Roadmap
UWM Customer Roadmap
Ivanti
 
What's New with Ivanti Service Desk
What's New with Ivanti Service DeskWhat's New with Ivanti Service Desk
What's New with Ivanti Service Desk
Ivanti
 
What's New in Ivanti Service Manager and Asset Manager 2020.3
What's New in Ivanti Service Manager and Asset Manager 2020.3What's New in Ivanti Service Manager and Asset Manager 2020.3
What's New in Ivanti Service Manager and Asset Manager 2020.3
Ivanti
 
Remote Workers Webinar (Episode 3)
Remote Workers Webinar (Episode 3)Remote Workers Webinar (Episode 3)
Remote Workers Webinar (Episode 3)
Ivanti
 
Building Your Business Continuity Plan
Building Your Business Continuity PlanBuilding Your Business Continuity Plan
Building Your Business Continuity Plan
Ivanti
 
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti
 
Remote Worker Webinar (Episode 5)
Remote Worker Webinar (Episode 5)Remote Worker Webinar (Episode 5)
Remote Worker Webinar (Episode 5)
Ivanti
 
Remote Workers Webinar (Episode 2)
Remote Workers Webinar (Episode 2)Remote Workers Webinar (Episode 2)
Remote Workers Webinar (Episode 2)
Ivanti
 
Insights into your IT Service Management - Middle East
Insights into your IT Service Management - Middle EastInsights into your IT Service Management - Middle East
Insights into your IT Service Management - Middle East
Ivanti
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learn
Ivanti
 
Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020
Ivanti
 
How to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability ManagementHow to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability Management
Ivanti
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Ivanti
 
INTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONSINTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONS
Ivanti
 
The Future of IT Service Management
The Future of IT Service ManagementThe Future of IT Service Management
The Future of IT Service Management
Ivanti
 
Simplify Security with Ivanti Security Controls
Simplify Security with Ivanti Security ControlsSimplify Security with Ivanti Security Controls
Simplify Security with Ivanti Security Controls
Ivanti
 

What's hot (20)

New Patch Automation Capabilities in EPM 2020.1
New Patch Automation Capabilities in EPM 2020.1New Patch Automation Capabilities in EPM 2020.1
New Patch Automation Capabilities in EPM 2020.1
 
Virtual Lunch & Learn - Netherlands
Virtual Lunch & Learn - NetherlandsVirtual Lunch & Learn - Netherlands
Virtual Lunch & Learn - Netherlands
 
November Patch Tuesday 2020
November Patch Tuesday 2020 November Patch Tuesday 2020
November Patch Tuesday 2020
 
Patch Tuesday November - 2020
Patch Tuesday November - 2020Patch Tuesday November - 2020
Patch Tuesday November - 2020
 
UWM Customer Roadmap
UWM Customer RoadmapUWM Customer Roadmap
UWM Customer Roadmap
 
What's New with Ivanti Service Desk
What's New with Ivanti Service DeskWhat's New with Ivanti Service Desk
What's New with Ivanti Service Desk
 
What's New in Ivanti Service Manager and Asset Manager 2020.3
What's New in Ivanti Service Manager and Asset Manager 2020.3What's New in Ivanti Service Manager and Asset Manager 2020.3
What's New in Ivanti Service Manager and Asset Manager 2020.3
 
Remote Workers Webinar (Episode 3)
Remote Workers Webinar (Episode 3)Remote Workers Webinar (Episode 3)
Remote Workers Webinar (Episode 3)
 
Building Your Business Continuity Plan
Building Your Business Continuity PlanBuilding Your Business Continuity Plan
Building Your Business Continuity Plan
 
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020
 
Remote Worker Webinar (Episode 5)
Remote Worker Webinar (Episode 5)Remote Worker Webinar (Episode 5)
Remote Worker Webinar (Episode 5)
 
Remote Workers Webinar (Episode 2)
Remote Workers Webinar (Episode 2)Remote Workers Webinar (Episode 2)
Remote Workers Webinar (Episode 2)
 
Insights into your IT Service Management - Middle East
Insights into your IT Service Management - Middle EastInsights into your IT Service Management - Middle East
Insights into your IT Service Management - Middle East
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learn
 
Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020
 
How to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability ManagementHow to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability Management
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
 
INTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONSINTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONS
 
The Future of IT Service Management
The Future of IT Service ManagementThe Future of IT Service Management
The Future of IT Service Management
 
Simplify Security with Ivanti Security Controls
Simplify Security with Ivanti Security ControlsSimplify Security with Ivanti Security Controls
Simplify Security with Ivanti Security Controls
 

Similar to Patch Tuesday August 2020

Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti
 
August 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisAugust 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday Analysis
Ivanti
 
Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020
Ivanti
 
October2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-onlyOctober2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-only
Ivanti
 
December Patch Tuesday 2020
December Patch Tuesday 2020December Patch Tuesday 2020
December Patch Tuesday 2020
Ivanti
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
Ivanti
 
January Patch Tuesday 2019
January Patch Tuesday 2019January Patch Tuesday 2019
January Patch Tuesday 2019
Ivanti
 
Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019
Ivanti
 
April 2019 Patch Tuesday
April 2019 Patch TuesdayApril 2019 Patch Tuesday
April 2019 Patch Tuesday
Ivanti
 
January 2021 Patch Tuesday
January 2021 Patch TuesdayJanuary 2021 Patch Tuesday
January 2021 Patch Tuesday
Ivanti
 
August Patch Tuesday Analysis
August Patch Tuesday AnalysisAugust Patch Tuesday Analysis
August Patch Tuesday Analysis
Ivanti
 
May Patch Tuesday Analysis 2019
May Patch Tuesday Analysis 2019May Patch Tuesday Analysis 2019
May Patch Tuesday Analysis 2019
Ivanti
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018
Ivanti
 
Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019
Ivanti
 
June Patch Tuesday 2019
June Patch Tuesday 2019June Patch Tuesday 2019
June Patch Tuesday 2019
Ivanti
 
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
Ivanti
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday Analysis
Ivanti
 
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Ivanti
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
Ivanti
 
July Patch Tuesday 2020
July Patch Tuesday 2020July Patch Tuesday 2020
July Patch Tuesday 2020
Dan Lalli
 

Similar to Patch Tuesday August 2020 (20)

Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
 
August 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisAugust 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday Analysis
 
Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020
 
October2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-onlyOctober2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-only
 
December Patch Tuesday 2020
December Patch Tuesday 2020December Patch Tuesday 2020
December Patch Tuesday 2020
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
 
January Patch Tuesday 2019
January Patch Tuesday 2019January Patch Tuesday 2019
January Patch Tuesday 2019
 
Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019
 
April 2019 Patch Tuesday
April 2019 Patch TuesdayApril 2019 Patch Tuesday
April 2019 Patch Tuesday
 
January 2021 Patch Tuesday
January 2021 Patch TuesdayJanuary 2021 Patch Tuesday
January 2021 Patch Tuesday
 
August Patch Tuesday Analysis
August Patch Tuesday AnalysisAugust Patch Tuesday Analysis
August Patch Tuesday Analysis
 
May Patch Tuesday Analysis 2019
May Patch Tuesday Analysis 2019May Patch Tuesday Analysis 2019
May Patch Tuesday Analysis 2019
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018
 
Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019Ivanti Patch Tuesday for November 2019
Ivanti Patch Tuesday for November 2019
 
June Patch Tuesday 2019
June Patch Tuesday 2019June Patch Tuesday 2019
June Patch Tuesday 2019
 
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday Analysis
 
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
 
July Patch Tuesday 2020
July Patch Tuesday 2020July Patch Tuesday 2020
July Patch Tuesday 2020
 

More from Ivanti

Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________
Ivanti
 
Patch Tuesday de Junio
Patch Tuesday de JunioPatch Tuesday de Junio
Patch Tuesday de Junio
Ivanti
 
Patch Tuesday Italia Giugno
Patch Tuesday Italia GiugnoPatch Tuesday Italia Giugno
Patch Tuesday Italia Giugno
Ivanti
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
Ivanti
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
Ivanti
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
Ivanti
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
Ivanti
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
Ivanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
Ivanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
Ivanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
Ivanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
Ivanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
Ivanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
Ivanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
Ivanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
Ivanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
Ivanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
Ivanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
Ivanti
 

More from Ivanti (20)

Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________
 
Patch Tuesday de Junio
Patch Tuesday de JunioPatch Tuesday de Junio
Patch Tuesday de Junio
 
Patch Tuesday Italia Giugno
Patch Tuesday Italia GiugnoPatch Tuesday Italia Giugno
Patch Tuesday Italia Giugno
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 

Recently uploaded

The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
APCO
 
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Kalyan Satta Matka Guessing Matka Result Main Bazar chart
 
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Neil Horowitz
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and CreationIndustrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
Christian Dahlen
 
How to Implement a Real Estate CRM Software
How to Implement a Real Estate CRM SoftwareHow to Implement a Real Estate CRM Software
How to Implement a Real Estate CRM Software
SalesTown
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
Easily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYCEasily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYC
Any kyc Account
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
AnnySerafinaLove
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
my Pandit
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
CA Dr. Prithvi Ranjan Parhi
 
Business storytelling: key ingredients to a story
Business storytelling: key ingredients to a storyBusiness storytelling: key ingredients to a story
Business storytelling: key ingredients to a story
Alexandra Fulford
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
ecamare2
 
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
my Pandit
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
FelixPerez547899
 
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdfHOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
46adnanshahzad
 
Understanding User Needs and Satisfying Them
Understanding User Needs and Satisfying ThemUnderstanding User Needs and Satisfying Them
Understanding User Needs and Satisfying Them
Aggregage
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
my Pandit
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
Corey Perlman, Social Media Speaker and Consultant
 

Recently uploaded (20)

The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
 
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
 
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and CreationIndustrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
 
How to Implement a Real Estate CRM Software
How to Implement a Real Estate CRM SoftwareHow to Implement a Real Estate CRM Software
How to Implement a Real Estate CRM Software
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
Easily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYCEasily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYC
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
 
Business storytelling: key ingredients to a story
Business storytelling: key ingredients to a storyBusiness storytelling: key ingredients to a story
Business storytelling: key ingredients to a story
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
 
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
 
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdfHOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
 
Understanding User Needs and Satisfying Them
Understanding User Needs and Satisfying ThemUnderstanding User Needs and Satisfying Them
Understanding User Needs and Satisfying Them
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
 

Patch Tuesday August 2020

  • 1. Copyright © 2020 Ivanti. All rights reserved. Patch Tuesday Webinar Wednesday, August 12, 2020 Hosted by: Chris Goettl & Todd Schell Dial in: 1-877-668-4490 (US) Event ID: 113 229 7116
  • 2. Copyright © 2020 Ivanti. All rights reserved. Agenda August 2020 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A 1 2 3 4 5
  • 3. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Overview
  • 4. Copyright © 2020 Ivanti. All rights reserved.
  • 5. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. In the News
  • 6. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. FBI PIN Warns of Increased Attacks on EoL OSs  FBI issues warnings over Windows 7 end-of-life  https://www.zdnet.com/article/fbi-issues-warning-over-windows-7-end-of-life/  FBI PIN 20200803-002  https://www.documentcloud.org/documents/7013545-Windows-7- End-of-Life-PIN-20200803-002-BC.html  Microsoft to remove all Windows downloads signed with SHA-1  https://www.bleepingcomputer.com/news/microsoft/microsoft-to- remove-all-windows-downloads-signed-with-sha-1/ Source: Microsoft
  • 7. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Netlogon Secure Channel Connections  Changes Associated with CVE-2020-1472  Deployment Guidelines  Deploy August 11th updates  Monitor for warning events  Act on warning events  Full enforcement mode goes into effect February 9, 2021
  • 8. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Known Exploited and Publicly Disclosed  CVE-2020-1464 Windows Spoofing Vulnerability  A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.  In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.  The update addresses the vulnerability by correcting how Windows validates file signatures. Source: Microsoft
  • 9. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Known Exploited  CVE-2020-1380 Scripting Engine Memory Corruption Vulnerability  A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.  In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user- provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. Source: Microsoft
  • 10. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Another CVE of Interest  CVE-2020-1337 Windows Print Spooler Elevation of Privilege Vulnerability  An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.  The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system. Source: Microsoft
  • 11. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001  Updated SSUs this month  Windows 7/Server 2008/2008 R2  Windows 10 1809 > 2004  Development Tool and Other Updates  ASP.NET Core 2.1, 3.1  Visual Studio 2017-2019  Visual Studio Code Source: Microsoft
  • 12. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness  Windows 10 Branch Support Source: Microsoft
  • 13. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness (cont)  Enterprise LTSB/LTSC Support  Complete Lifecycle Fact Sheet  https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet Source: Microsoft
  • 14. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Patch Blog  Latest Patch Releases  Microsoft and Third-party  Security and non-Security  CVE Analysis  Security Events of Interest  Host: Brian Secrist  https://www.ivanti.com/blog /topics/patch-tuesday
  • 15. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
  • 16. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Bulletins and Releases
  • 17. Copyright © 2020 Ivanti. All rights reserved. APSB20-48: Security Update for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (all current versions)  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 26 Vulnerabilities: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html  Restart Required: Requires application restart
  • 18. Copyright © 2020 Ivanti. All rights reserved. ICLOUD-200811: Security Update for iCloud for Windows 11.3  Maximum Severity: Critical  Affected Products: iCloud for Windows  Description: Apple has released a security update for iCloud for Windows supporting Windows 10 and later.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, and Spoofing  Fixes 20 Vulnerabilities: https://support.apple.com/en-us/HT211294  Restart Required: Requires application restart
  • 19. Copyright © 2020 Ivanti. All rights reserved. MS20-08-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1709, 1803, 1809, 1903, 1909, 2004, Server 2016, Server 2019, Server version 1709, Server version 1803, Server version 2004, IE 11 and Microsoft Edge  Description: This bulletin references 19 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 94 Vulnerabilities: CVE-2020-1380 is known exploited. CVE-2020-1464 is known exploited and publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
  • 20. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Windows 10  KB 4571694 – Windows 10, Version 1607 and Server 2016  [Min Password] After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. Workaround: Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution.  KB 4565349 – Windows 10, Version 1809, Server 2019 All Versions  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.
  • 21. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Windows 10 (cont)  KB 4565349 – Windows 10, Version 1809, Server 2019 All Versions  [Edge] After installing KB4550969 or later, when using Microsoft Edge Legacy, you might receive the error,”0x80704006. Hmmmm…can’t reach this page” when attempting to reach websites on non-standard ports. Any website that uses a port listed in the Fetch Standard specification under bad ports or port blocking might cause this issue. Workaround: Do one of the following:  Update to the new, Chromium-based Microsoft Edge and configure it to allow the port used for the affected site.  Use Internet Explorer 11 to access the website.  Update Windows 10 to a newer version.  Configure the website to use a standard port on the server side. Don’t use a port that is listed in the Fetch Standard specification under bad ports or port blocking.  Microsoft is working on a resolution.
  • 22. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Windows 10 (cont)  KB 4566782 – Windows 10, Version 2004  [Editor] When using some apps, such as Microsoft Excel, users of the Microsoft Input Method Editor (IME) for Chinese and Japanese might receive an error, or the app might stop responding or close when attempting to drag using the mouse. Workaround: 1. Select Start, type Settings and select it or press enter. 2. Type IME settings into the search box within Settings and select the IME settings that are appropriate to your language, for example Japanese IME Settings. 3. Select General. 4. Turn on Use previous version of Microsoft IME.  Microsoft is working on a solution.
  • 23. Copyright © 2020 Ivanti. All rights reserved. MS20-08-IE: Security Updates for Internet Explorer  Maximum Severity: Critical  Affected Products: IE 9 and IE 11  Description: The fixes that are included in the cumulative Security Update for Internet Explorer are also included in the August 2020 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in the cumulative update. This bulletin references 12 KB articles.  Impact: Remote Code Execution  Fixes 3 Vulnerabilities: CVE-2020-1567 and CVE-2020-1570 are fixed in IE 9. CVE-2020-1380, CVE-2020-1567 and CVE-2020-1570 are fixed in IE 11. CVE-2020- 1380 is known exploited.  Restart Required: Requires restart  Known Issues: None reported
  • 24. Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: Security update includes improvements and fixes that were a part of update KB 4565536 (released July 14, 2020). Bulletin is based on KB 4571730. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Kernel, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Microsoft Scripting Engine, and Windows SQL components.  Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 31 + 2 (IE 9) Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] See next slide.
  • 25. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Server 2008  KB 4571730 – Windows Server 2008 (Monthly Rollup)  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  KB 4571746 – Windows Server 2008 (Security-only Update)
  • 26. Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 4571746. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Kernel, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Microsoft Scripting Engine, and Windows SQL components.  Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 31 Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] See previous slide.
  • 27. Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR7-ESU: Monthly Rollup for Win 7 MS20-08-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE  Description: Security update includes improvements and fixes that were a part of update KB 4565524 (released July 14, 2020). Bulletin is based on KB 4571729. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Storage and Filesystems, Windows Network Security and Containers, Windows File Server and Clustering, Windows Hybrid Storage Services, Microsoft Scripting Engine, and Windows SQL components.  Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 53 + 3 IE Vulnerabilities: CVE-2020-1380 is known exploited. CVE-2020-1464 is known exploited and publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  • 28. Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO7-ESU: Security-only Update for Win 7 MS20-08-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 4571719. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Storage and Filesystems, Windows Network Security and Containers, Windows File Server and Clustering, Windows Hybrid Storage Services, Microsoft Scripting Engine, and Windows SQL components.  Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 53 Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  • 29. Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: Security update includes improvements and fixes that were a part of update KB 4565537 (released July 14, 2020). Bulletin is based on KB 4571736. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows SQL components, Microsoft Scripting Engine, and Windows Remote Desktop.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 40 + 3 IE Vulnerabilities: CVE-2020-1380 is known exploited. CVE-2020-1464 is known exploited and publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  • 30. Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 4571702. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows SQL components, Microsoft Scripting Engine, and Windows Remote Desktop.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 40 Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  • 31. Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: Security update includes improvements and fixes that were a part of update KB 4565541 (released July 14, 2020). Bulletin is based on KB 4571703. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows SQL components, Microsoft Scripting Engine, and Windows Remote Desktop.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 58 + 3 IE Vulnerabilities: CVE-2020-1380 is known exploited. CVE-2020-1464 is known exploited and publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  • 32. Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 4571723. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows SQL components, Microsoft Scripting Engine, and Windows Remote Desktop.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 58 Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  • 33. Copyright © 2020 Ivanti. All rights reserved. MS20-08-MRNET: Monthly Rollup for Microsoft .Net  Maximum Severity: Critical  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8  Description: The update changes how ASP.NET and .NET handle requests which could result in IIS improperly allowing access to cached files. It also addresses a vulnerability by correcting how .NET Framework processes input resulting in code execution. This bulletin references 12 KB articles.  Impact: Remote Code Execution and Elevation of Privilege  Fixes 2 Vulnerabilities: CVE-2020-1046 and CVE-2020-1476  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported
  • 34. Copyright © 2020 Ivanti. All rights reserved. MS20-08-SONET: Security-only Update for Microsoft .Net  Maximum Severity: Critical  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8  Description: The update changes how ASP.NET and .NET handle requests which could result in IIS improperly allowing access to cached files. It also addresses a vulnerability by correcting how .NET Framework processes input resulting in code execution. This bulletin references 12 KB articles.  Impact: Remote Code Execution and Elevation of Privilege  Fixes 2 Vulnerabilities: CVE-2020-1046 and CVE-2020-1476  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported
  • 35. Copyright © 2020 Ivanti. All rights reserved. MS20-08-OFF: Security Updates for Microsoft Office  Maximum Severity: Critical  Affected Products: Access 2010-2016, Excel 2010-2016, Office 2010-2016, Outlook 2010-2016, Word 2010-2016, Office 2016 and 2019 for macOS  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Guide for specific details on each. This bulletin references 22 KB articles plus release notes for MacOS.  Impact: Remote Code Execution and Information Disclosure  Fixes 13 Vulnerabilities: CVE-2020-1483, CVE-2020-1493, CVE-2020-1494, CVE-2020-1495, CVE-2020-1496, CVE-2020-1497, CVE-2020-1498, CVE-2020-1502, CVE-2020-1503, CVE-2020-1504, CVE-2020-1563, CVE-2020-1582, and CVE-2020- 1583  Restart Required: Requires application restart  Known Issues: None reported
  • 36. Copyright © 2020 Ivanti. All rights reserved. MS20-08-O365: Security Updates Microsoft 365 Apps and Office 2019  Maximum Severity: Critical  Affected Products: Microsoft 365 Apps, Office 2019  Description: This month’s update resolved various bugs and performance issues in Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps security updates is available at https://docs.microsoft.com/en- us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution and Information Disclosure  Fixes 13 Vulnerabilities: CVE-2020-1483, CVE-2020-1493, CVE-2020-1494, CVE-2020-1495, CVE-2020-1496, CVE-2020-1497, CVE-2020-1498, CVE-2020-1502, CVE-2020-1503, CVE-2020-1563, CVE-2020-1581, CVE-2020-1582, and CVE-2020- 1583  Restart Required: Requires application restart  Known Issues: None reported
  • 37. Copyright © 2020 Ivanti. All rights reserved. MS20-08-SPT: Security Updates for SharePoint Server  Maximum Severity: Important  Affected Products: Microsoft SharePoint Enterprise Server 2013 & 2016, Microsoft SharePoint Foundation Server 2013, and Microsoft SharePoint Server 2010 & 2019  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on 12 KB articles.  Impact: Remote Code Execution, Spoofing and Information Disclosure  Fixes 10 Vulnerabilities: CVE-2020-1495, CVE-2020-1499, CVE-2020-1500, CVE-2020-1501, CVE-2020-1502, CVE-2020-1503, CVE-2020-1505, CVE-2020-1573, CVE-2020-1580, and CVE-2020-1583  Restart Required: Requires restart  Known Issues: None reported
  • 38. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Between Patch Tuesdays
  • 39. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Release Summary  Security Updates: Apple iTunes (1), Amazon Corretto (1), Box Edit (1), Camtasia (1), CCleaner (2), Cisco Jabber (1), Crowdstrike Falcon Sensor (1), Dropbox (2), Firefox (1), Firefox ESR (1), Foxit PhantomPDF (1), Foxit Reader (2), FileZilla (1), GoodSync (4), Google Chrome (2), Google Earth Pro (1), GIT for Windows (1), LibreOffice (1), Malwarebytes (1), Microsoft Edge Chromium (5), Nitro Pro (2), Node.JS (4), Notepad++ (1), Opera (4), Power BI Desktop (5), Paint.net (1), Plex Media Server (1), Powershell 7 (1), Skype (1), Slack (1), Snagit (3), Splunk Forwarder (1), SQL Server Management Studio (1), Tableau (10), Thunderbird (4), TeamViewer (5), WinSCP (1), Zoom Client (1)  Non-Security Updates: AIMP (2), Azure Information Protection (1), BlueJeans (1), Box Drive (1), Google Drive (1), GOM Player (1), Microsoft (16), PDF-Xchange PRO (1), RingCentral App (1), Royal TS (1), TortoiseHG (1), Visual Studio Code (3), Webex Teams (1)
  • 40. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information  Google Chrome 84.0.4147.125  CHROME-200810, QGC8404147125  Fixes 14 Vulnerabilities: CVE-2020-6542, CVE-2020-6543, CVE-2020-6544, CVE-2020- 6545, CVE-2020-6546, CVE-2020-6547, CVE-2020-6548, CVE-2020-6549, CVE-2020- 6550, CVE-2020-6551, CVE-2020-6552, CVE-2020-6553, CVE-2020-6554, CVE-2020- 6555  Google Chrome 84.0.4147.105  CHROME-200728, QGC8404147105  Fixes 6 Vulnerabilities: CVE-2020-6532, CVE-2020-6537, CVE-2020-6538, CVE- 2020-6539, CVE-2020-6540, CVE-2020-6541
  • 41. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information  Microsoft Edge 84.0.522.40  MEDGE-200717, QMEDGE84052240  Fixes 25 Vulnerabilities: CVE-2020-6510,CVE-2020-6511,CVE-2020-6512,CVE- 2020-6513,CVE-2020-6514,CVE-2020-6515,CVE-2020-6516,CVE-2020- 6517,CVE-2020-6518,CVE-2020-6519,CVE-2020-6520,CVE-2020-6522,CVE- 2020-6523,CVE-2020-6524,CVE-2020-6525,CVE-2020-6526,CVE-2020- 6527,CVE-2020-6528,CVE-2020-6529,CVE-2020-6530,CVE-2020-6531,CVE- 2020-6533,CVE-2020-6534,CVE-2020-6535,CVE-2020-6536  Firefox 79.0, Firefox ESR 68.11.0, Firefox ESR 78.1.0  FF-200728, QFF790  FFE-200728, QFFE7810, QFFE68110  Fixes 10 Vulnerabilities: CVE-2020-6463,CVE-2020-6514,CVE-2020-15652,CVE- 2020-15653,CVE-2020-15654,CVE-2020-15655,CVE-2020-15656,CVE-2020- 15657,CVE-2020-15658,CVE-2020-15659
  • 42. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information  Thunderbird 78.0  TB-200716, QTB780  Fixes 14 Vulnerabilities: CVE-2020-12402,CVE-2020-12415,CVE-2020- 12416,CVE-2020-12417,CVE-2020-12418,CVE-2020-12419,CVE-2020- 12420,CVE-2020-12421,CVE-2020-12422,CVE-2020-12423,CVE-2020- 12424,CVE-2020-12425,CVE-2020-12426,CVE-2020-15648  Thunderbird 78.1.0  TB-200731, QTB7810  Fixes 10 Vulnerabilities: CVE-2020-6463,CVE-2020-6514,CVE-2020-15652,CVE- 2020-15653,CVE-2020-15654,CVE-2020-15655,CVE-2020-15656,CVE-2020- 15657,CVE-2020-15658,CVE-2020-15659
  • 43. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Q & A
  • 44. Copyright © 2020 Ivanti. All rights reserved. Copyright © 2020 Ivanti. All rights reserved. Thank You!