Patch Tuesday Italia Dicembre

Presentato da Nicola Del Giudice e Roberta Baudo
Patch Tuesday Webinar
Giovedì 12 Dicembre 2024

Copyright © 2024 Ivanti. All rights reserved. 2
Agenda
▪ December 2024 Patch Tuesday Overview
▪ In the News
▪ Bulletins and Releases
▪ Between Patch Tuesdays
▪ Q & A

Microsoft has released updates for December 2024.
The release looks straight forward. Microsoft resolved
71 new CVEs affecting Windows OS, Office,
Sharepoint, System Center Operations Monitor,
Defender and a Microsoft AI project called Muzic. A
Third-party update from Adobe rounds out the month,
but the lineup is pretty light from a security perspective.
Priority wise the top priority for December is the
Windows OS update, which accounts for 58 CVEs
including all 16 Critical and the one Known Exploited
CVE.
For more details check out this month's Patch Tuesday
blog.
December Patch Tuesday 2024

In the News

In the News
▪ Hotpatch Comes to Windows 11 Enterprise
▪ https://techcommunity.microsoft.com/blog/windows-itpro-blog/hotpatch-for-client-comes-to-windows-11-
enterprise/4302717
▪ Public Preview in effect
▪ Functionality
▪ Beginning of quarter cumulative update (reboot required)
▪ 2 monthly hotpatches
▪ Rinse and repeat
▪ Availability
▪ Windows Enterprise E3/E5 subscription or a Windows 365 Enterprise subscription
▪ Windows 11 Enterprise, version 24H2 (Build 26100.2033 or later)
▪ Microsoft Intune
▪ Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday
▪ https://www.darkreading.com/application-security/microsoft-zero-day-critical-rces-patch-tuesday

▪ CVE-2024-49138 Windows Common Log File System Driver Elevation of Privilege
Vulnerability
▪ CVSS 3.1 Scores: 7.8 / 6.8
▪ Severity: Important
▪ Impact: Elevation of Privilege
▪ Affected Systems: All currently supported Windows operating systems
▪ Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Publicly Disclosed and Known Exploited Vulnerability

Ivanti Sentry
Ivanti Connect Secure (ICS), Ivanti
Policy Secure (IPS)
Security Advisory: Ivanti
DSM Product
Sentry
Vulnerability:
• CVE-2024-8540 CVSS: 8.8
Affected Versions:
• 9.20.1 and prior
• 10.0.1 and prior
Security Advisory: Ivanti ICS
and IPS Products
Ivanti Desktop and Server Manager
(DSM)
Ivanti December Security Updates
Vulnerabilities:
• CVE-2024-37377 CVSS: 7.5
• CVE-2024-9844 CVSS: 7.1
• CVE-2024-37401 CVSS: 7.5
• CVE-2024-11633 CVSS: 9.1
• CVE-2024-11634 CVSS: 9.1
Affected Versions:
• ICS: 22.7R2.3 and prior
• IPS: 22.7R1.1 and prior
Vulnerability:
• CVE-2024-7572 CVSS: 7.1
Affected Version:
• 2024.2
Special thanks to the security researchers, ethical hackers, and the broader security community for partnering
with us to improve the security of our products.

Ivanti Cloud Services Application
(CSA)
Ivanti Patch SDK (more)
CSA Product
Vulnerabilities:
• CVE-2024-11639 CVSS: 10.1
• CVE-2024-11772 CVSS: 9.1
• CVE-2024-11773 CVSS: 9.1
Affected Versions:
• 5.0.2 and prior
Patch SDK
Ivanti December Security Updates (cont)
Vulnerabilities:
• CVE-2024-10256 CVSS: 7.1
Affected Products:
• EPM 2024 Sept SU and prior
2022 SU6 and prior
• ISEC 2024.3.2 and prior
• IP4CM 2024.3 and prior
• IN4PM 2024.3 and prior
• INAP 2024.1 and prior
Special thanks to the security researchers, ethical hackers, and the broader security community for partnering
with us to improve the security of our products.
Subscribe to Ivanti Security
Update RSS Feed
Security Advisory Landing Page:
• https://www.ivanti.com/blog/topics/
security-advisory
Subscribe via RSS Feed:
• https://www.ivanti.com/blog/topics/
security-advisory/rss

CVE-2024-11236
CVSS 3: 9.8
Impact: PHP 8.1.*<8.1.31, 8.2.*<8.2.26, 8.3.*<8.3.14
▪ The ldap_escape() function accepts strings of
any size, making it possible to cause an integer
overflow during processing, resulting in out-of-
bounds write.
▪ This can lead to system instability or denial of
service, depending on the privilege level of the
process invoking php.
▪ This function is used during ldap session setup,
making it particularly important in environments with
centralized identity management on Windows’
Active Directory.
Mitigation
Upgrade past the affected versions.
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare

CVE-2024-45492 / CVE-2024-45491 /
CVE-2024-45490
CVSS 3: 9.8, 9.8, 7.5
Impact: Affects expat which is an XML parsing utility
and library (libexpat), widely used by third party
applications to efficiently handle XML data
▪ A series of flaws was identified where integer
overflows can happen (first two CVEs) and a
possible negative argument is accepted where it
shouldn’t (last CVE), due to missing checks.
▪ expat/libexpat typically handle user-controlled data,
so triggering these CVEs might be possible under
the right circumstances, and the right incentive.
Mitigation
Update expat/libexpat to version 2.6.3 (or later, as
available)
New and Notable Linux Vulnerabilities: 2
Highlighted by TuxCare

Microsoft Patch Tuesday Updates of Interest
Advisory 990001
Latest Servicing Stack Updates (SSU)
▪ https://msrc.microsoft.com/update-
guide/en-US/vulnerability/ADV990001
▪ No SSUs released this month
Azure and Development Tool Updates
▪ Microsoft/Muzic

Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 10 Home and Pro
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
24H2 10/1/2024 10/13/2026
23H2 10/31/2023 11/11/2025
Windows 11 Enterprise and Education
24H2 10/1/2024 10/12/2027
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows

Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2025 Datacenter and Standard 11/01/2024 10/09/2029 10/10/2034
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
▪ Focused on server long-term stability
▪ Major version releases every 2-3 years
▪ 5 years mainstream and 5 years extended support
▪ Server core or server with desktop experience available
Source: Microsoft

Patch Content Announcements
Announcements Posted on Community Forum Pages
▪ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
▪ Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune

Bulletins and Releases

Copyright © 2024 Ivanti. All rights reserved.
APSB24-92: Security Update for Adobe Acrobat and Reader
▪ Maximum Severity: Critical
▪ Affected Products: Adobe Acrobat and Reader (DC Continuous, Classic 2020, and Classic 2024)
▪ Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows
and macOS. This update addresses 6 vulnerabilities; 2 are rated Critical.
▪ Impact: Arbitrary Code Execution
▪ Fixes 6 Vulnerabilities: See https://helpx.adobe.com/security/products/acrobat/apsb24-92.html
for more details.
▪ Restart Required: Requires application restart
1

CHROME-241210: Security Update for Chrome Desktop
▪ Affected Products: Google Chrome
▪ Description: The Stable channel has been updated to 131.0.6778.139/.140 for
Windows, Mac and 131.0.6778.139 for Linux which will roll out over the coming
days/weeks. This update addresses 2 reported vulnerabilities which are rated
High.
▪ Impact: Remote Code Execution
▪ Fixes 2 Vulnerabilities: See
https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-
desktop_10.html for more details.
1

MS24-12-W11: Windows 11 Update
▪ Affected Products: Microsoft Windows 11 Version 22H2, 23H2, 24H2, Server 2025 and Edge
Chromium
▪ Description: This bulletin references KB 5048685 (22H2/23H2), and KB 5048667 (24H2 and
Server 2025). See KBs for details of all changes.
▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information
Disclosure
▪ Fixes 58 Vulnerabilities: CVE-2024-49138 is publicly disclosed and known exploited. See the
Security Update Guide for the complete list of CVEs.
▪ Restart Required: Requires restart
▪ Known Issues: See next slide
1

December Known Issues for Windows 11
▪ KB 5048685 – Windows 11 version 22H2, Windows 11 version 23H2, all editions
▪ [OpenSSH] Following the installation of the October 2024 security update, some customers
report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH
connections.
▪ Workaround: Customers can temporarily resolve the issue by updating permissions (ACLs)
on the affected directories. See KB for details
▪ KB 5048667 – Windows 11 version 24H2, all editions
▪ [Roblox] We’re aware of an issue where players on Arm devices are unable to download
and play Roblox via the Microsoft Store on Windows.
▪ Workaround: Download Roblox directly from vendor.

MS24-12-W10: Windows 10 Update
▪ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 22H2, Server 2016, Server
2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
▪ Description: This bulletin references multiple KB articles. See Windows 10 and associated
server KBs for details of all changes.
▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information
Disclosure
▪ Fixes 58 Vulnerabilities: CVE-2024-49138 is publicly disclosed and known exploited. See the
Security Update Guide for the complete list of CVEs.
▪ Restart Required: Requires restart
▪ Known Issues: None reported
1

▪ Maximum Severity: Important
▪ Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
▪ Description: This security update addresses several vulnerabilities which could lead to the three
impacts listed. This bulletin is based on 5 KB articles.
▪ Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure
▪ Fixes 5 Vulnerabilities: CVE-2024-49062, CVE-2024-49064, CVE-2024-49065, CVE-2024-
49068, and CVE-2024-49070 which are not known to be exploited or publicly disclosed.
MS24-12-SPT: Security Updates for Sharepoint Server
1
2

▪ Affected Products: Access 2016, Excel 2016, Office 2016, Office 2021 & 2024 LTSC for Mac,
Project 2016, and Word 2016
▪ Description: This security update addresses several vulnerabilities which could lead to remote
code execution or elevation of privilege. This bulletin references 6 KBs, 2 sets of release notes
for the Mac OS applications, and Microsoft Advisory 240002, Office Defense in Depth Update.
▪ Impact: Remote Code Execution and Elevation of Privilege
▪ Fixes 5 Vulnerabilities: CVE-2024-43600, CVE-2024-49059, CVE-2024-49065, CVE-2024-
49069, and CVE-2024-49142 which are not known to be exploited or publicly disclosed.
MS24-12-OFF: Security Updates for Microsoft Office
1
2

▪ Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021 and Office LTSC 2024
▪ Description: This security update addresses several vulnerabilities which could lead to remote
code execution or elevation of privilege. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
▪ Impact: Remote Code Execution and Elevation of Privilege
▪ Fixes 4 Vulnerabilities: CVE-2024-49059, CVE-2024-49065, CVE-2024-49069, and CVE-2024-
49142 which are not known to be exploited or publicly disclosed.
MS24-12-O365: Security Updates for Microsoft 365 Apps
1
2

Between
Patch Tuesdays

Windows Release Summary
▪ Security Updates (with CVEs): Adobe Audition (1), Apache Tomcat (1), Google Chrome (1), Firefox
(1), Firefox ESR (1), RedHat OpenJDK (3), Sourcetree for Windows Enterprise (1), Thunderbird ESR
(1), Thunderbird (1)
▪ Security Updates (w/o CVEs): 7-Zip (1), Adobe Acrobat DC and Acrobat Reader DC (2), Adobe
Illustrator (1), Apache Tomcat (1), Box Edit (1), Cisco Webex Meetings Desktop App (1), Citrix
Workspace App (2), Docker For Windows (1), Dropbox (1), Firefox ESR (1), Git for Windows (1),
Grammarly for Windows (4), IntelliJ IDEA (1), LogMeIn (1), Nitro Pro (1), Node.JS (Current) (1),Node.JS
(LTS Upper) (1), Notepad++ (3), Opera (2), PDF24 Creator (1), PuTTY (1), Python (1), Screenpresso
(1), Skype (1), Slack Machine-Wide Installer (2), Splunk Universal Forwarder (2), Sourcetree for
Windows Enterprise (1), Tableau Desktop (5), Tableau Prep Builder (1), Tableau Reader (1),
Thunderbird ESR (1), TeamViewer (2), VMware Horizon Client (1), WinSCP (1), Wireshark (2), Zoom
Workplace desktop app (2), Zoom Rooms App (1), Zoom Workplace VDI App (2)

Windows Release Summary (cont)
▪ Non-Security Updates: 1Password (2), 8x8 Work Desktop (1), Amazon WorkSpaces (1), Bandicut (1),
Beyond Compare (1), Bitwarden (1), Camtasia (1), draw.io (2), Evernote (5), GoodSync (2), GeoGebra
Classic (2), GoTo Connect (1), NextCloud Desktop Client (1), RingCentral App (Machine-Wide Installer)
(2)RealVNC Server (1), RealVNC Viewer (1), Cisco Webex Teams (2), XnView (1)

Windows Third Party CVE Information
▪ Adobe Audition 24.6.3
▪ APSB24-83, QAUDT2463
▪ Fixes 2 Vulnerabilities: CVE-2024-47449, CVE-2024-49536
▪ Apache Tomcat 11.0.0
▪ TOMCAT11-241122, QTOMCAT1100
▪ Fixes 15 Vulnerabilities: CVE-2023-24998, CVE-2023-28708, CVE-2023-28709, CVE-2023-34981,
CVE-2023-41080, CVE-2023-42795, CVE-2023-44487, CVE-2023-45648, CVE-2023-46589,
CVE-2024-23672, CVE-2024-24549, CVE-2024-34750, CVE-2024-38286, CVE-2024-52316,
CVE-2024-52317
▪ Google Chrome 131.0.6778.86
▪ CHROME-241120, QGC1310677886
▪ Fixes 1 Vulnerability: CVE-2024-11395

Windows Third Party CVE Information (cont)
▪ Firefox 133.0
▪ FF-241127, QFF1330
CVE-2024-11695, CVE-2024-11696, CVE-2024-11697, CVE-2024-11698, CVE-2024-11699, CVE-
2024-11700, CVE-2024-11701, CVE-2024-11702, CVE-2024-11703, CVE-2024-11704, CVE-2024-
11705, CVE-2024-11706, CVE-2024-11708
▪ Firefox ESR 128.5.0
▪ FFE128-241127, QFFE12850
CVE-2024-11695, CVE-2024-11696, CVE-2024-11697, CVE-2024-11698, CVE-2024-11699
▪ Sourcetree for Windows Enterprise 3.4.20
▪ SRCTREE-241122, QSRCT3420

▪ RedHat OpenJDK 17.0.13.0
▪ RHTJDK17-241120, QRHTJDK17013011 & QRHTJRE17013011
CVE-2024-21235
▪ RedHat OpenJDK 11.0.25.0.9
▪ RHTJDK11-241121, QRHTJDK1102509 & QRHTJRE1102509
CVE-2024-21235
▪ RedHat OpenJDK 8.0.432
▪ RHTJDK8-241120, QRHTJDK180432
CVE-2024-21235

▪ Thunderbird ESR 128.5.0
▪ TB-241127, QTB12850
▪ Thunderbird 115.16.3
▪ TB-241204, QTB115163

Apple Release Summary
▪ Security Updates (with CVEs): Apple macOS Sequoia (1), Apple Safari (1), Google Chrome
(2), Firefox (2), Firefox ESR (2), Microsoft Edge (2), Thunderbird (1), Thunderbird ESR (1)
▪ Security Updates (w/o CVEs): Zoom Client (1)
▪ Non-Security Updates: 1Password (1), Adobe Acrobat DC and Acrobat Reader DC (1),
BetterTouchTool (10), Brave (2), Devolutions Remote Desktop Manager (1), Docker Desktop
(1), draw.io (2), Evernote (7), Firefox ESR (1), Figma (1), Grammarly (4), HandBrake (1),
IntelliJ IDEA (1), Krisp (1), Microsoft Edge (2), Obsidian (1), OneDrive (1), Microsoft Office
2019 OneNote (1), Microsoft Office 2019 Outlook (1), PyCharm Professional 2024.2.4 (1),
PyCharm Professional 2024.2.5 (1), Skype (2), Slack (2), Spotify (1), Thunderbird ESR (2),
Microsoft Teams (1), UltraEdit (1), Visual Studio Code (1), VSCodium (1), Webex Teams (1),
Zoom Client (1)

Apple Updates with CVE Information
▪ macOS Sequoia 15.1.1
▪ Safari 18.1.1 for Ventura and Sonoma

Apple Third Party CVE Information
▪ CHROMEMAC-241119
▪ CHROMEMAC-241203
▪ Microsoft Edge 131.0.2903.63
▪ MEDGEMAC-241122
▪ Microsoft Edge 131.0.2903.86
▪ MEDGEMAC-241206

Apple Third Party CVE Information (cont)
▪ Firefox 133.0
▪ FF-241126
11706, CVE-2024-11708
▪ Firefox ESR 128.5.0
▪ FFE128-241127

Apple Third Party CVE Information (cont)
▪ Thunderbird 133.0
▪ TB-241126
11706, CVE-2024-11708
▪ Thunderbird ESR 128.5.0
▪ TBE128-241126
▪ Fixes 10 Vulnerabilities: CAN-2001-0238, CVE-2024-11691, CVE-2024-11692, CVE-2024-11693,
2024-11699

Q & A

Thank You!

Patch Tuesday Italia Dicembre

More Related Content

Similar to Patch Tuesday Italia Dicembre

More from Ivanti

Recently uploaded

Patch Tuesday Italia Dicembre