The November 2023 Patch Tuesday includes critical updates with a reduced CVE count but notable urgent fixes, including for Windows Server 2012 ESU. Adobe and Google also released significant updates for Acrobat and Chrome, addressing multiple vulnerabilities. The document details various vulnerabilities, their impacts, and affected software, with known issues also outlined for Windows 10 and 11.

1. Patch Tuesday Webinar
Jueves 16 Noviembre 2023
Carlos Frances

2. Agenda
November 2023 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A

3. Overview

4. Copyright © 2023 Ivanti. All rights reserved.
November Patch Tuesday 2023
November 2023 Patch Tuesday has arrived and has a lower overall CVE count than previous months
but includes some urgent fixes that organizations will want to take note of. This month is also the first
patch cycle for Server 2012 and 2012 R2 extended support (ESU). On the third-party side Adobe
released a major update for Acrobat and Reader, and Google dropped a late security update for the
Chrome Stable Channel.

5. In the News

6. Copyright © 2023 Ivanti. All rights reserved.
In the News
§ Hacktivists targeting ChatGPT
§ https://www.darkreading.com/attacks-breaches/chatgpt-openai-attributes-regular-
outages-ddos-attacks
§ Chinese Targeting Edge Devices
§ https://www.darkreading.com/vulnerabilities-threats/zero-days-in-edge-devices-china-
cyber-warfare-tactic
§ SysAid Zero-Day Vulnerability Exploited by Ransomware Group
§ https://www.helpnetsecurity.com/2023/11/09/exploited-cve-2023-47246/
§ Microsoft Server 2022 and VMware ESXi Issues Continue
§ VMware issued a fix for the secure boot compatibility issue reported for several
months (dropped from KB Known Issues this month)
§ New issues after Microsoft October PT updates
§ https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-temp-fix-for-
broken-windows-server-2022-vms/

7. Copyright © 2023 Ivanti. All rights reserved.
Re-issued CVEs of Interest
§ CVE-2023-38039 Hackerone: CVE-2023-38039 HTTP headers eat all memory
§ Severity: Low
§ Impacted: All supported Windows 10 and 11 operating systems and associated servers
§ CVE-2023-38545 Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow
§ Severity: Important
§ Impacted: All supported Windows 10 and 11 operating systems and associated servers
§ Both re-issued from October 19 when the CVEs were only reported
§ Per Microsoft – The vulnerability assigned to this CVE is in curl.exe software which is consumed by
Microsoft Windows. Curl is short for ‘Client for URL’. Microsoft has included version 8.4.0 of
curl.exe in Windows updates released on November 14, 2023 for currently supported, on-premise
versions of Windows clients and servers.

8. Copyright © 2023 Ivanti. All rights reserved.
Known Exploited and Publicly Disclosed Vulnerability
§ CVE-2023-36033 Windows DWM Core Library Elevation of Privilege
Vulnerability
§ CVSS 3.1 Scores: 7.8 / 7.0
§ Severity: Important
§ Impacted: All supported Windows 10 and 11 operating systems and associated servers
§ Per Microsoft – An attacker who successfully exploited this vulnerability could gain SYSTEM
privileges.

9. Copyright © 2023 Ivanti. All rights reserved.
Known Exploited Vulnerabilities
§ CVE-2023-36025 Windows SmartScreen Security Feature Bypass Vulnerability
§ CVSS 3.1 Scores: 8.8 / 8.2
§ Severity: Important
§ Impacted: All current supported Windows operating systems
§ Per Microsoft – The user would have to click on a specially crafted Internet Shortcut (.URL) or
a hyperlink pointing to an Internet Shortcut file to be compromised by the attacker. The
attacker would be able to bypass Windows Defender SmartScreen checks and their
associated prompts.
§ CVE-2023-36036 Windows Cloud Files Mini Filter Driver Elevation of Privilege
Vulnerability
§ CVSS 3.1 Scores: 7.8 / 7.2
§ Severity: Important
§ Impacted: All current supported Windows operating systems
§ Per Microsoft – An attacker who successfully exploited this vulnerability could gain SYSTEM
privileges.

10. Copyright © 2023 Ivanti. All rights reserved.
Publicly Disclosed Vulnerabilities
§ CVE-2023-36038 ASP.NET Core Denial of Service Vulnerability
§ CVSS 3.1 Scores: 8.2 / 7.1
§ Severity: Important
§ Impacted: .NET 8.0, ASP.NET 8.0, Visual Studio 2022 version 17.X
§ Per Microsoft – This vulnerability could be exploited if http requests to .NET 8 RC 1 running
on IIS InProcess hosting model are cancelled. Thread counts would increase and an
OutOfMemoryException is possible.
§ CVE-2023-36413 Microsoft Office Security Feature Bypass Vulnerability
§ CVSS 3.1 Scores: 6.5 / 5.7
§ Severity: Important
§ Impacted: Microsoft Office 2016, Microsoft Office 2019, Microsoft 365 Apps, Microsoft
Office LTSC 2021
§ Per Microsoft – Successful exploitation of this vulnerability would allow an attacker to
bypass the Office Protected View and open in editing mode rather than protected mode. An
attacker must send the user a malicious file and convince them to open it.

11. Copyright © 2023 Ivanti. All rights reserved.
CVE-2023-45853 Special Note:
§ CVSS 3: 9.8
§ This is a critical vulnerability to be aware
of. It’s a flaw in the MiniZip component of
zlib (up to version 1.3) that leads to an
integer overflow and a heap-based buffer
overflow by using long filenames in
compressed content.
§ This is made possible because, when
opening a new file, the MiniZip
component doesn't properly validate the
filename, comments, or extra fields
length compared to the data type used to
store this information.
MiniZip is not an officially supported part of
the zlib product, but is nonetheless present
in many distributions, as it enhances the
supported compressed file format list
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare

12. Copyright © 2023 Ivanti. All rights reserved.
CVE-2023-44487 Impact
§ CVSS 3: 7.5
§ This “Rapid Reset” technique is a
mechanism in the HTTP/2 protocol that
can lead to denial of service (and/or
distributed denial of service) by
requesting and cancelling many streams
in a short period of time.
§ Botnets can generate massive request
rates, making this a severe threat to
targeted web infrastructures
This vulnerability has been exploited in the
wild since August.
It impacts software implementing the
protocol, like tomcat 8 and 9 (the java
application server), nginx (http server), and
haproxy (the widely used load balancer),
among others.
New and Notable Linux Vulnerabilities: 2
Highlighted by TuxCare

13. Copyright © 2023 Ivanti. All rights reserved.
Microsoft Patch Tuesday Updates of Interest
§ Advisory 990001 Latest Servicing Stack Updates (SSU)
§ https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
§ ESU Operating Systems, Windows 10, Windows 10 version 1607 and Server 2016
§ Azure and Development Tool Updates
§ .NET 6.0, 7.0, & 8.0
§ ASP.NET 6.0, 7.0 & 8.0
§ Azure az appsettings (multiple)
§ Azure Pipelines Agent
§ Azure Host Integration Server 2020
§ Azure On-Prem Data Gateway
§ Microsoft Dynamics 365
§ Visual Studio 2019 version 16.11
§ Visual Studio 2022 (multiple versions)
Source: Microsoft

14. Copyright © 2023 Ivanti. All rights reserved.
Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
21H2 11/16/2021 6/11/2024
Windows 10 Home and Pro
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows Server
Version Release Date End of Support Date
2022 8/18/2021 10/13/2026
2019 11/13/2019 1/9/2024
Windows 11 Home and Pro
Version Release Date End of Support Date
23H2 10/31/2023 11/11/2025
22H2 9/20/2022 10/8/2024
Windows 11 Enterprise and Education
Version Release Date End of Support Date
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
21H2 10/4/2021 10/8/2024
https://docs.microsoft.com/en-us/lifecycle/faq/windows
Source: Microsoft

15. Copyright © 2023 Ivanti. All rights reserved.
Patch Content Announcements
§ Announcements Posted on Community Forum Pages
§ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§ Subscribe to receive email for the desired product(s)

16. Bulletins and Releases

17. Copyright © 2023 Ivanti. All rights reserved.
APSB23-54: Security Update for Adobe Acrobat and Reader
§ Maximum Severity: Critical
§ Affected Products: Adobe Acrobat and Reader (DC Continuous and Classic 2020)
§ Description: Adobe has released security updates for Adobe Acrobat and Reader for
Windows and macOS. These updates address 17 vulnerabilities, 9 of which are rated
critical. Successful exploitation could lead to arbitrary code execution in the context of
the current user among other impacts. See
https://helpx.adobe.com/security/products/acrobat/apsb23-54.html for more details.
§ Impact: Successful exploitation could lead to arbitrary code execution and memory
leak according to Adobe.
§ Fixes 17 Vulnerabilities: See Adobe site for details
§ Restart Required: Requires application restart

18. Copyright © 2023 Ivanti. All rights reserved.
CHROME-231114: Security Update for Chrome Desktop
§ Maximum Severity: Critical
§ Affected Products: Google Chrome
§ Description: The stable channel was updated to 119.0.6045.159 for Mac and Linux
and 119.0.6045.159/.160 for Windows. See
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-
desktop_14.html for more details. Fixes 2 CVEs rated High.
§ Impact: Remote Code Execution
§ Fixes 2 Vulnerabilities: CVE-2023-5997 and CVE-2023-6112
§ Restart Required: Requires restart

19. Copyright © 2023 Ivanti. All rights reserved.
MS23-11-W11: Windows 11 Update
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2 and Edge
Chromium
§ Description: This bulletin references KB 5632192 (21H2) and KB 5032190
(22H2/23H2). This KB has a release notes video!
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing, Elevation of Privilege, and Information Disclosure
§ Fixes 30 Vulnerabilities: CVE-2023-36025 and CVE-2023-36036 are known
exploited. CVE-2023-36033 is publicly disclosed and known exploited. See the
Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slides

20. Copyright © 2023 Ivanti. All rights reserved.
November Known Issues for Windows 11
§ KB 5632192 – Windows 11 21H2
§ [Encrypt Drive Reporting Error] Using the FixedDrivesEncryptionType or
SystemDrivesEncryptionType policy settings in the BitLocker configuration service
provider (CSP) node in mobile device management (MDM) apps might incorrectly
show a 65000 error in the "Require Device Encryption" setting for some devices in
your environment. Affected environments are those with the “Enforce drive
encryption type on operating system drives” or "Enforce drive encryption on fixed
drives" policies set to enabled and selecting either "full encryption" or "used space
only". Microsoft Intune is affected by this issue but third-party MDMs might also be
affected.
§ Important This issue is a reporting issue only and does not affect drive encryption
or the reporting of other issues on the device, including other BitLocker issues.
§ Microsoft is working on a resolution

21. Copyright © 2023 Ivanti. All rights reserved.
November Known Issues for Windows 11 (cont)
§ KB 5632190 – Windows 11 22H2/23H2
§ [Encrypt Drive Reporting Error]
§ [Icon Display] Windows devices using more than one (1) monitor might experience
issues with desktop icons moving unexpectedly between monitors or other icon
alignment issues when attempting to use Copilot in Windows (in preview).
§ [Emoji Display] The color font format for COLRv1 does not render properly. This
format enables Windows to display emoji with a 3D-like appearance.
§ Microsoft is working on a resolution for both display issues.

22. Copyright © 2023 Ivanti. All rights reserved.
MS23-11-W10: Windows 10 Update
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H1, 21H2,
Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and
Edge Chromium
§ Description: This bulletin references 5 KB articles. See KBs for the list of changes.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing, Elevation of Privilege, and Information Disclosure
§ Fixes 31 Vulnerabilities: CVE-2023-36025 and CVE-2023-36036 are known
exploited. CVE-2023-36033 is publicly disclosed and known exploited. See the
Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slide

23. Copyright © 2023 Ivanti. All rights reserved.
November Known Issues for Windows 10
§ KB 5032189 – Windows 10 Enterprise and Education, version 21H2;
Windows 10 IoT Enterprise, version 21H2; Windows 10 Enterprise
Multi-Session, version 21H2; and Windows 10, version 22H2, all
editions
§ [Encrypt Drive Reporting Error]
§ KB 5032196 – Win 10 Ent LTSC 2019, Win 10 IoT Ent LTSC 2019,
Windows 10 IoT Core 2019 LTSC, Windows Server 2019
§ [Encrypt Drive Reporting Error]

24. Copyright © 2023 Ivanti. All rights reserved.
MS23-11-EXCH: Security Updates for Exchange Server
§ Maximum Severity: Important
§ Affected Products: Microsoft Exchange Server 2016 CU23 and Exchange
Server 2019 CU12 & CU13.
§ Description: This security update fixes three vulnerabilities involving spoofing a
and a remote code execution vulnerability. This bulletin is based on KB 5032146
and KB 5032147.
§ Impact: Remote Code Execution, Spoofing
§ Fixes 4 Vulnerabilities: CVE-2023-36035, CVE-2023-36039, CVE-2023-36050,
and CVE-2023-36439 are not publicly disclosed or known exploited.
§ Restart Required: Requires restart
§ Known Issues: None reported

25. Copyright © 2023 Ivanti. All rights reserved.
MS23-11-SPT: Security Updates for SharePoint Server
§ Maximum Severity: Important
§ Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint
Enterprise Server 2016, and SharePoint Server 2019
§ Description: This update addresses a vulnerability whereby in a network-based
attack, an authenticated attacker could execute code remotely within the SharePoint
Server. This bulletin is based on 3 KB articles.
§ Impact: Remote Code Execution
§ Fixes 1 Vulnerability: This update addresses CVE-2023-38177 which is not
publicly disclosed or known exploited.
§ Restart Required: Requires restart
§ Known Issues: None reported

26. Copyright © 2023 Ivanti. All rights reserved.
MS23-11-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
§ Maximum Severity: Important
§ Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021
§ Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
§ Impact: Remote Code Execution, Security Feature Bypass
§ Fixes 4 Vulnerabilities: CVE-2023-36413 is publicly disclosed. CVE-2023-36037,
CVE-2023-36041, and CVE-2023-36045 are not known to be exploited or publicly
disclosed
§ Restart Required: Requires application restart
§ Known Issues: None reported

27. Copyright © 2023 Ivanti. All rights reserved.
MS23-11-OFF: Security Updates for Microsoft Office
§ Maximum Severity: Important
§ Affected Products: Excel 2016, Office 2016, and Office LTSC 2021 for Mac
§ Description: This security update resolves multiple security issues in Microsoft
Office suite. This bulletin references 2 KB articles and release notes for the Mac
updates.
§ Impact: Remote Code Execution, Security Feature Bypass
§ Fixes 4 Vulnerabilities: CVE-2023-36413 is publicly disclosed. CVE-2023-36037,
CVE-2023-36041, and CVE-2023-36045 are not known to be exploited or publicly
disclosed
§ Restart Required: Requires application restart
§ Known Issues: None reported

28. Copyright © 2023 Ivanti. All rights reserved.
MS23-11-MRNET: Monthly Rollup for Microsoft .NET
§ Maximum Severity: Important
§ Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
§ Description: This security update addresses a vulnerability where an attacker would
be able to bypass the security checks that prevents accessing internal applications in a
website. This bulletin references 16 KB articles.
§ Impact: Security Feature Bypass, Elevation of Privilege
§ Fixes 2 Vulnerabilities: CVE-2023-36049 and CVE-2023-36560 are not publicly
disclosed or known exploited.
§ Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.
§ Known Issues: None reported

29. Copyright © 2023 Ivanti. All rights reserved.
MS23-11-SONET: Security-only Update for Microsoft .NET
§ Maximum Severity: Important
§ Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
§ Description: This security update addresses a vulnerability where an attacker would
be able to bypass the security checks that prevents accessing internal applications in a
website. This bulletin references 16 KB articles.
§ Impact: Security Feature Bypass, Elevation of Privilege
§ Fixes 2 Vulnerabilities: CVE-2023-36049 and CVE-2023-36560 are not publicly
disclosed or known exploited.
§ Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.
§ Known Issues: None reported

30. Between Patch Tuesdays

31. Copyright © 2023 Ivanti. All rights reserved.
Windows Release Summary
§ Security Updates (with CVEs): Azul Zulu (4), Corretto (4), Google Chrome (3), Firefox (1), Firefox
ESR (1), Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1), Thunderbird (1), VMware Tools
(1), VMware Workstation Player (1), VMware Workstation Pro (1)
§ Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (1), Apache Tomcat (3),
Audacity (2), CCleaner (1), Google Chrome (2), ClickShare App Machine-Wide Installer (1), Falcon Sensor for
Windows (1), Citrix Workspace App LTSR (1), Citrix Workspace App (1), Docker For Windows (1), Dropbox (2),
Eclipse Adoptium (3), Evernote (3), Firefox 119.0.1, FileZilla Client (2), GoodSync (3), GIMP (1), Grammarly for
Windows (1), Apple iTunes (1), Jabra Direct (2), LibreOffice (2), Malwarebytes (1), Nmap (1), Node.JS (Current)
(3), Node.JS (LTS Upper) (2), Notepad++ (1), Opera (6), VirtualBox (2), Plex Media Server (1), Pulse Secure
VPN Desktop Client (1), PeaZip (1), RedHat OpenJDK (3), Royal TS (2), Skype (4), Slack Machine-Wide
Installer (2), Snagit (2), Tableau Desktop (5), Tableau Prep (1), Tableau Reader (1), Thunderbird (2),
TeamViewer (1), UltraVNC (1), VLC Media Player (1), VMware Horizon Client (1), WinSCP (1), Zoom Client (2),
Zoom Rooms Client (1)
§ Non-Security Updates: 8x8 Work Desktop (1), Amazon WorkSpaces (1), BlueBeam Revu (1), Beyond
Compare (1), Box Drive (1), Bitwarden (3), Camtasia (2), Google Drive File Stream (1), GeoGebra Classic (4),
Grammarly for Windows (1), BlueJeans (1), NextCloud Desktop Client (1), PDF-Xchange PRO (1), R for
Windows (1), RingCentral App (Machine-Wide Installer) (1), RealVNC Server (1), TreeSize Free (2), Cisco
WebEx Teams (2), WinMerge (1), WinZip (1)

32. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information
§ Java Development Kit 17 Update 17.0.8
§ JDK17-230718, QJDK1708
§ Fixes 8 Vulnerabilities: CVE-2023-22006, CVE-2023-22036, CVE-2023-22044, CVE-2023-22041,
CVE-2023-22045, CVE-2023-22049, CVE-2023-22051, CVE-2023-25193
§ Java Development Kit 11 Update 11.0.20
§ JDK11-230718, QJDK11020
§ Fixes 6 Vulnerabilities: CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045,
CVE-2023-22049, CVE-2023-25193
§ Java 8 Update 381 – JRE and JDK
§ JAVA8-230718, QJDK8U381 and QJRE8U381
§ Fixes 5 Vulnerabilities: CVE-2023-22043, CVE-2023-22041, CVE-2023-22044, CVE-2023-22049,
CVE-2023-22045

33. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
§ Azul Zulu 21.30.15 (21.0.1) Note: FX version of JDK also supported
§ ZULU21-231018, QZULUJDK213015
§ Fixes 2 Vulnerabilities: CVE-2023-22025, CVE-2023-22081
§ Azul Zulu 17.46.19 (17.0.9) Note: FX version of JDK also supported
§ ZULU17-231018, QZULUJDK174619 and QZULUJRE174619
§ Fixes 2 Vulnerabilities: CVE-2023-22025, CVE-2023-22081
§ Azul Zulu 11.68.17 (11.0.21) Note: FX version of JDK also supported
§ ZULU11-231018, QZULUJDK116817 and QZULUJRE116817
§ Fixes 1 Vulnerability: CVE-2023-22081
§ Azul Zulu 8.74.0.17 (8u392) Note: FX version of JDK also supported
§ ZULU8-231018, QZULUJDK874017 and QZULUJRE874017
§ Fixes 2 Vulnerabilities: CVE-2023-22067, CVE-2023-22081

34. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
§ Corretto 21.0.1.12.1
§ CRTO21-231017, QCRTOJDK2101
§ Fixes 2 Vulnerabilities: CVE-2023-22025, CVE-2023-22081
§ Corretto 17.0.9.8.1
§ CRTO17-231017, QCRTOJDK1709
§ Fixes 2 Vulnerabilities: CVE-2023-22025, CVE-2023-22081
§ Corretto 11.0.21.9.1
§ CRTO11-231017, QCRTOJDK11021
§ Fixes 1 Vulnerability: CVE-2023-22081
§ Corretto 8.392.08.1 – JRE and JDK
§ CRTO8-231017, QCRTOJRE8392
§ CRTO8-231017, QCRTOJDK8392
§ Fixes 2 Vulnerabilities: CVE-2023-22067, CVE-2023-22081

35. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
§ Google Chrome 118.0.5993.118
§ CHROME-231025, QGC11805993118
§ Fixes 1 Vulnerability: CVE-2023-5472
§ Google Chrome 119.0.6045.106
§ CHROME-231031, QGC11906045106
§ Fixes 13 Vulnerabilities: CVE-2023-5480, CVE-2023-5482, CVE-2023-5849, CVE-
2023-5850, CVE-2023-5851, CVE-2023-5852, CVE-2023-5853, CVE-2023-5854,
CVE-2023-5855, CVE-2023-5856, CVE-2023-5857, CVE-2023-5858, CVE-2023-5859
§ Google Chrome 119.0.6045.124
§ CHROME-231107, QGC11906045124
§ Fixes 1 Vulnerability: CVE-2023-5996

36. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
§ Firefox 119.0
§ FFE-231024, QFF1190
§ Fixes 11 Vulnerabilities: CVE-2023-5480, CVE-2023-5482, CVE-2023-5849, CVE-
2023-5850, CVE-2023-5851, CVE-2023-5852, CVE-2023-5853, CVE-2023-5854,
CVE-2023-5855, CVE-2023-5856, CVE-2023-5857, CVE-2023-5858, CVE-2023-5859
§ Firefox ESR 115.4.0
§ FFE-231024, QFFE11540
§ Fixes 8 Vulnerabilities: CVE-2023-5721, CVE-2023-5724, CVE-2023-5725, CVE-
2023-5726, CVE-2023-5727, CVE-2023-5728, CVE-2023-5730, CVE-2023-5732
§ Thunderbird 115.4.1
§ TB-231025, QTB11541
§ Fixes 8 Vulnerabilities: CVE-2023-5721, CVE-2023-5724, CVE-2023-5725, CVE-
2023-5726, CVE-2023-5727, CVE-2023-5728, CVE-2023-5730, CVE-2023-5732

37. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
§ VMware Tools 12.3.5
§ VMWT12-231027, QVMWT1235
§ Fixes 2 Vulnerabilities: CVE-2023-34057, CVE-2023-34058
§ VMware Workstation Player 17.5.0
§ VMWP17-231024, QVMWP1750
§ Fixes 3 Vulnerabilities: CVE-2023-34044, CVE-2023-34045, CVE-2023-34046
§ VMware Workstation Pro 17.5.0
§ VMWW17-231020, QVMWW1750
§ Fixes 3 Vulnerabilities: CVE-2023-34044, CVE-2023-34045, CVE-2023-34046

38. Copyright © 2023 Ivanti. All rights reserved.
Apple Release Summary
§ Security Updates (with CVEs): Apple macOS Monterey (1), Apple macOS Ventura (1), Apple
macOS Sonoma (1), Google Chrome (3), Firefox (1), Firefox ESR (1), Microsoft Edge (4), Safari for
Monterey (1), Safari for Ventura (1), Thunderbird (1), VLC Media Player (2)
§ Security Updates (w/o CVEs): Brave (1), Google Chrome (1), Parallels Desktop (1), Zoom Client
for Mac (1)
§ Non-Security Updates: 1Password (1), Alfred (1), Adobe Acrobat DC and Acrobat Reader DC (1),
aText (2), BBEdit (2), Brave (4), Google Chrome (1), Docker Desktop (2), draw.io (1), Dropbox (2),
Microsoft Office 2019 Excel (1), Firefox (1), Google Drive (1), Grammarly (8), IntelliJ IDEA (1), LibreOffice
(1), Microsoft AutoUpdate (1), Microsoft Edge (3), OneDrive for Mac (3), Microsoft Office 2019 Outlook (3),
Parallels Desktop (1), Microsoft Office 2019 PowerPoint (1), Skype (1), Slack (2), macOS Sonoma (1),
Spotify (2), Thunderbird (2), Microsoft Teams (Mac) (2), Visual Studio Code (3), Microsoft Office 2019
Word (1), Zoom Client for Mac (1)

39. Copyright © 2023 Ivanti. All rights reserved.
Apple Updates CVE Information
§ macOS Monterey 12.7.1
§ HT213983
§ Fixes 11 Vulnerabilities
§ macOS Ventura 13.6.1
§ HT213985
§ Fixes 15 Vulnerabilities
§ macOS Sonoma 14.1
§ HT213984
§ Fixes 44 Vulnerabilities
§ Safari 17.1 for Ventura and Monterey
§ HT213986
§ Fixes 4 Vulnerabilities: CVE-2023-40447, CVE-2023-41976, CVE-2023-41983, CVE-
2023-42852

40. Copyright © 2023 Ivanti. All rights reserved.
Apple Third Party CVE Information
§ Google Chrome 118.0.5993.117
§ CHROMEMAC-231025
§ Fixes 1 Vulnerability: CVE-2023-5472
§ Google Chrome 119.0.6045.105
§ CHROMEMAC-231031
§ Fixes 13 Vulnerabilities: CVE-2023-5480, CVE-2023-5482, CVE-2023-5849, CVE-2023-5850,
CVE-2023-5851, CVE-2023-5852, CVE-2023-5853, CVE-2023-5854, CVE-2023-5855, CVE-
2023-5856, CVE-2023-5857, CVE-2023-5858, CVE-2023-5859
§ Google Chrome 119.0.6045.123
§ CHROME-231108
§ Fixes 1 Vulnerability: CVE-2023-5996

41. Copyright © 2023 Ivanti. All rights reserved.
Apple Third Party CVE Information (cont)
§ Firefox 119.0
§ FF-231025
§ Fixes 11 Vulnerabilities: CVE-2023-5480, CVE-2023-5482, CVE-2023-5849, CVE-2023-5850,
CVE-2023-5851, CVE-2023-5852, CVE-2023-5853, CVE-2023-5854, CVE-2023-5855, CVE-
2023-5856, CVE-2023-5857, CVE-2023-5858, CVE-2023-5859
§ Firefox ESR 115.4.0
§ FFE-231025
§ Fixes 8 Vulnerabilities: CVE-2023-5721, CVE-2023-5724, CVE-2023-5725, CVE-2023-5726,
CVE-2023-5727, CVE-2023-5728, CVE-2023-5730, CVE-2023-5732
§ Thunderbird 115.4.1
§ MFSA2023-47
§ Fixes 8 Vulnerabilities: CVE-2023-5721, CVE-2023-5724, CVE-2023-5725, CVE-2023-5726,
CVE-2023-5727, CVE-2023-5728, CVE-2023-5730, CVE-2023-5732

42. Copyright © 2023 Ivanti. All rights reserved.
Apple Third Party CVE Information (cont)
§ Microsoft Edge 118.0.2088.46
§ MEDGEMAC-231014
§ Fixes 1 Vulnerability: CVE-2023-36559
§ Microsoft Edge 118.0.2088.76
§ MEDGEMAC-231030
§ Fixes 1 Vulnerability: CVE-2023-44323
§ Microsoft Edge 119.0.2151.46
§ MEDGEMAC-231103
§ Fixes 3 Vulnerabilities: CVE-2023-36022, CVE-2023-36029, CVE-2023-36034
§ Microsoft Edge 119.0.2151.58
§ MEDGEMAC-231109
§ Fixes 2 Vulnerabilities: CVE-2023-36014, CVE-2023-36024

43. Copyright © 2023 Ivanti. All rights reserved.
Apple Third Party CVE Information (cont)
§ VLC Media Player 3.0.19
§ VLC-231014
§ Fixes 2 Vulnerabilities: CVE-2022-37434, CVE-2023-5217
§ VLC Media Player 3.0.20
§ VLC-231102
§ Fixes 1 Vulnerability: CVE-2023-5217

44. Q & A

45. Copyright © 2023 Ivanti. All rights reserved.
Thank You!