2023 Ivanti September Patch Tuesday

Patch Tuesday Webinar
Wednesday, September 13, 2023
Hosted by Chris Goettl and Todd Schell

Agenda
September 2023 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A

Copyright © 2023 Ivanti. All rights reserved.
September Patch Tuesday 2023
September 2023 Patch Tuesday has a lot of activity and the theme this month is "Everyone has a zero-
day release!" Microsoft has resolved 63 total vulnerabilities including two exploited Zero-days (CVE-
2023-36761 and CVE-2023-36802). Google Chrome resolved one Zero-day vulnerability (CVE-2023-
4863) on September 11 which is also included in the Microsoft Edge Chromium release. Adobe
resolved a Zero-day vulnerability in Acrobat and Reader (APSB23-34 CVE-2023-26369) on September
12. Apple resolved two Zero-days on September 7 (CVE-2023-41064 and CVE-2023-41061). There
aren’t any recent zero-day vulnerabilities on the Linux side, but there are three recent vulnerabilities
that are affecting some core capabilities in the Linux Kernel that warrant some attention.

Everybody has a Zero-Day!
§ Apple has two Zero-Day Vulnerabilities
§ CISA has updated the KEV list with CVE-2023-41061 and CVE-2023-41064
§ https://www.bleepingcomputer.com/news/security/apple-backports-blastpass-zero-day-fix-to-
older-iphones/
§ https://arstechnica.com/gadgets/2023/09/apple-patches-clickless-0-day-image-processing-
vulnerability-in-ios-macos/
§ Google Chrome and Mozilla Firefox Zero-Day
§ CVE-2023-4863
§ https://thehackernews.com/2023/09/mozilla-rushes-to-patch-webp-critical.html
§ Microsoft has two Zero-Day Vulnerabilities
§ CVE-2023-36761 and CVE-2023-36802
§ Adobe Acrobat and Reader Zero-Day
§ APSB23-34 CVE-2023-26369
§ https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-acrobat-and-
reader-zero-day-exploited-in-attacks/

Known Exploited and Publicly Disclosed Vulnerability
§ CVE-2023-36761 Microsoft Word Information Disclosure Vulnerability
§ CVSS 3.1 Scores: 6.2 / 5.6
§ Severity: Important
§ Microsoft Word 2103 & 2016, Office LTSC 2021, 365 Apps for Enterprise, and Office 2019
§ Per Microsoft – This is an information disclosure vulnerability where the Preview Pane is the
source of the attack and NTLM hashes could be disclosed.

Known Exploited Vulnerability
§ CVE-2023-4863 Chromium: Heap buffer overflow in WebP
§ The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which
is consumed by Microsoft Edge (Chromium-based)
§ Severity: Critical
§ The following Microsoft Edge and Google Chrome versions are updated to address this
issue:

Known Exploited Vulnerability
§ CVE-2023-36802 Microsoft Streaming Service Proxy Elevation of Privilege
Vulnerability
§ CVSS 3.1 Scores: 7.8 / 6.8
§ Severity: Important
§ Windows 10 and 11 all versions, Server 2019, and Server 2022
§ Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM
privileges.

CVE-2023-3111 More on btrfs (the filesystem affected)
§ CVSS 3: 7.8
§ Ubuntu, Debian, Redhat, etc are all
affected
§ A use after free vulnerability was found in
prepare_to_relocate in
fs/btrfs/relocation.c in btrfs in the Linux
Kernel. This possible flaw can be
triggered by calling btrfs_ioctl_balance()
before calling btrfs_ioctl_defrag(). Btrs is
a modern filesystem included in many
Enterprise Linux distributions.
btrfs has been in the kernel for years and is
a first-class filesystem in Fedora and
OpenSUSE, which in turn are “staging”
operating systems for changes that will
eventually reach RHEL + Suse. It offers
resiliency features on par with RAID,
caching and other performance and stability
features, so btrfs has already been
adopted on SAN solutions – even if
working internally and not exposed to the
end users.
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare
To monitor the latest Linux CVEs check out TuxCare’s detailed CVE Tracker
Check out Joao’s podcast Enterprise Linux Security Podcast

CVE-2023-3390 CVE-2023-35001
§ CVSS 3: 7.8
§ Ubuntu and Debian are all affected
§ Found in the Linux kernel's netfilter subsystem in
net/netfilter/nf_tables_api.c, mishandled error
handling with NFT_MSG_NEWRULE makes it
possible to use a dangling pointer in the same
transaction causing a this use-after-free
vulnerability. This flaw allows a local attacker with
user access to cause a privilege escalation issue.
§ CVSS 3: 7.8
§ Ubuntu and Debian are all affected
§ Linux Kernel nftables Out-Of-Bounds
Read/Write Vulnerability; nft_byteorder poorly
handled vm register contents when
CAP_NET_ADMIN is in any user or network
namespace.
New and Notable Linux Vulnerabilities: 2
More on nftables (the kernel component affected by CVE-2023-3390 and CVE-2023-35001)
Regardless of the distribution you are running, nftables is used by any modern firewall solution – either built into the
system itself or 3rd party applications, which will internally make use of nftables to provide the functionality.
This component provides high performance packet inspection and routing and is the successor to the perennial iptables of
old (in fact, still syntax-compatible).
Highlighted by TuxCare

Microsoft Patch Tuesday Updates of Interest
§ Advisory 990001 Latest Servicing Stack Updates (SSU)
§ https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
§ Windows Server 2012 and 2012 R2
§ Azure and Development Tool Updates
§ .NET 6.0
§ .NET 7.0
§ Azure DevOps Server 2019 - 2022
§ Azure HDInsights
§ Azure Kubernetes Services
§ Visual Studio 2017 – 2022
§ Visual Studio Code
Source: Microsoft

Server 2012/2012 R2 EOL is Coming
§ Lifecycle Fact Sheet
§ https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
Source: Microsoft

Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
21H2 11/16/2021 6/11/2024
Windows 10 Home and Pro
22H2 10/18/2022 10/14/2025
Windows Server
2022 8/18/2021 10/13/2026
2019 11/13/2019 1/9/2024
Windows 11 Home and Pro
22H2 9/20/2022 10/8/2024
21H2 10/4/2021 10/10/2023
§ Lifecycle Fact Sheet
§ https://docs.microsoft.com/en-us/lifecycle/faq/windows

Patch Content Announcements
§ Announcements Posted on Community Forum Pages
§ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§ Subscribe to receive email for the desired product(s)

APSB23-34: Security Update for Adobe Acrobat and Reader
§ Maximum Severity: Critical
§ Affected Products: Adobe Acrobat and Reader (DC Continuous and Classic 2020)
§ Description: Adobe has released a security update for Adobe Acrobat and Reader
for Windows and macOS. This update addresses 1 critical vulnerability.
Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks
targeting Adobe Acrobat and Reader. See
https://helpx.adobe.com/security/products/acrobat/apsb23-34.html for more details.
§ Impact: Remote Code Execution
§ Fixes 1 Vulnerability: CVE-2023-26369 is known exploited.
§ Restart Required: Requires application restart

CHROME-230912: Security Update for Chrome Desktop
§ Affected Products: Google Chrome
§ Description: Google released Chrome 117.0.5938.62 (Linux and Mac),
117.0.5938.62/.63( Windows) into the Stable Channel Update for Desktop. It contains
16 security updates including a fix for CVE-2023-4683 which is known exploited in the
wild. See https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-
desktop_12.html for more details.
§ Impact: Remote Code Execution, Information Disclosure
§ Fixes 11 Vulnerabilities: CVE-2023-4863 is known exploited.

MFSA-2023-40: Security Update for Firefox 117.0.1,
Firefox ESR 115.2.1, Firefox ESR 102.15.1,
Thunderbird 102.15.1, and Thunderbird 115.2.2
§ Affected Products: Security Update for Firefox, Firefox ESR, and Thunderbird
§ Description: This update from Mozilla addresses a critical security vulnerability in the
listed products on multiple platforms. This issue being exploited in other products in the
wild. See the Mozilla Security Advisory https://www.mozilla.org/en-
US/security/advisories/mfsa2023-40/ for complete details.
§ Fixes 1 Vulnerability: CVE-2023-4863 is known exploited.
§ Known Issues: None

MS23-09-W11: Windows 11 Update
§ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge
Chromium
§ Description: This bulletin references KB 5030217 (21H2) and KB 5030219 (22H2).
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, and Information Disclosure
§ Fixes 19 Vulnerabilities: CVE-2023-36802 and CVE-2023-4863 are known
exploited. See the Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: None reported

MS23-09-W10: Windows 10 Update
§ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H1, 21H2,
Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and
Edge Chromium
§ Description: This bulletin references 6 KB articles. See KBs for the list of changes.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, and Information Disclosure
§ Fixes 20 Vulnerabilities: CVE-2023-36802 and CVE-2023-4863 are known
§ Known Issues: See next slide

September Known Issues for Windows 10
§ KB 5030216 – Windows Server 2022
§ [ESXi Fail] After installing this update on guest virtual machines (VMs) running
Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022
might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are
affected by this issue. Affected versions of VMware ESXi are versions vSphere
ESXi 7.0.x and below. Workaround: Please see VMware’s documentation to
mitigate this issue. Microsoft and VMware are investigating this issue and will
provide more information when it is available.

MS23-09-MR8: Monthly Rollup for Server 2012
§ Maximum Severity: Important
§ Affected Products: Microsoft Windows Server 2012 and IE
§ Description: This cumulative security update contains improvements that are part of update
KB 5029295 (released August 8, 2023). Bulletin is based on KB 5030278.
§ Impact: Denial of Service, Elevation of Privilege, and Information Disclosure
§ Fixes 12 Vulnerabilities: No vulnerabilities are known exploited or publicly disclosed. See
the Security Update Guide for the complete list of CVEs.

MS23-09-SO8: Security-only Update for Windows Server 2012
§ Affected Products: Microsoft Windows Server 2012
§ Description: This security update is based on KB 5030279.
§ Impact: Denial of Service, Elevation of Privilege, and Information Disclosure
§ Fixes 12 Vulnerabilities: No vulnerabilities are known exploited or publicly
disclosed. See the Security Update Guide for the complete list of CVEs.

MS23-09-MR81: Monthly Rollup for Server 2012 R2
§ Affected Products: Server 2012 R2 and IE
§ Description: This cumulative security update includes improvements that are part of update
KB 5029312 (released August 8, 2023). Bulletin is based on KB 5030269.
§ Impact: Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information
Disclosure
§ Fixes 13 Vulnerabilities: No vulnerabilities are known exploited or publicly disclosed. See
the Security Update Guide for the complete list of CVEs.
NOTE: Windows 8.1 reached EOS on January 10, 2023.

MS23-09-SO81: Security-only for Server 2012 R2
§ Affected Products: Server 2012 R2
§ Description: This security update is based on KB 5030287.
§ Impact: Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information
Disclosure
§ Fixes 13 Vulnerabilities: No vulnerabilities are known exploited or publicly disclosed.
See the Security Update Guide for the complete list of CVEs.
NOTE: Windows 8.1 reached EOS on January 10, 2023.

MS23-09-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
§ Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021
§ Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
§ Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of
Privilege, and Information Disclosure
§ Fixes 7 Vulnerabilities: CVE-2023-36761 is publicly disclosed and known

MS23-09-OFF: Security Updates for Microsoft Office
§ Affected Products: Excel 2013 & 2016, Office 2013 & 2016, Office Online Server,
Outlook 2016,Office 2019 & LTSC 2021 for Mac, and Word 2103 & 2016
§ Description: This security update resolves multiple security issues in Microsoft
Office suite. This bulletin references 10 KB articles and release notes for the Mac
updates.
§ Impact: Remote Code Execution, Security Feature Bypass, Spoofing, and
Information Disclosure
§ Fixes 6 Vulnerabilities: CVE-2023-36761 is publicly disclosed and known

MS23-09-IE: Security Updates for Internet Explorer
§ Affected Products: Internet Explorer 11 on Server 2012/2012 R2 or Server 2008 R2
§ Description: The improvements that are included in this Internet Explorer update are
also included in the September 2023 Security Monthly Quality Rollup. Installing either
this Internet Explorer update or the Security Monthly Quality Rollup installs the same
improvements. This bulletin references KB 5030209.
§ Impact: Security Feature Bypass
§ Fixes 1 Vulnerability: CVE-2023-36805 is fixed in this update and is not known
exploited or publicly disclosed.
§ Restart Required: Requires browser restart

MS23-09-SPT: Security Updates for SharePoint Server
§ Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint
Enterprise Server 2016, and SharePoint Server 2019
§ Description: This security update resolves a Microsoft Word remote code execution
vulnerability and Microsoft SharePoint Server elevation of privilege vulnerability. This
bulletin is based on 4 KB articles.
§ Impact: Remote Code Execution and Elevation of Privilege
§ Fixes 4 Vulnerabilities: This update addresses CVE-2023-36762 and CVE-2023-
36764 which are not publicly disclosed or known exploited.
§ Known Issues: New security enhancements in SharePoint Server might cause
custom .aspx files not to be displayed under certain circumstances. See KB 5030804
for more details.

MS23-09-EXCH: Security Updates for Exchange Server
§ Affected Products: Microsoft Exchange Server 2016 CU23 and Exchange
Server 2019 CU11 & CU12.
§ Description: This security update rollup resolves multiple security issues in
Microsoft Exchange Server. This bulletin is based on KB 5029388.
§ Impact: Remote Code Execution, Spoofing, Elevation of Privilege
§ Fixes 6 Vulnerabilities: CVE-2023-21709, CVE-2023-35368, CVE-2023-35388,
CVE-2023-38181, CVE-2023-38182, and CVE-2023-38185 are not publicly
disclosed or known exploited.
§ Known Issues: After this update is installed, webpage previews for URLs that are
shared in Outlook on the web (OWA) are not rendered correctly.
NOTE: Per Microsoft Techcommunity Blog, this is the same release as the August Server SU.

MS23-09-MRNET: Monthly Rollup for Microsoft .NET
§ Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
§ Description: This security update addresses 4 vulnerabilities in DiaSymReader.dll
when reading a corrupted PDB file can lead to remote code execution, and a
vulnerability in the WPF XAML parser where an unsandboxed parser can lead to
remote code execution. This bulletin references 11 KB articles.
CVE-2023-36794 and CVE-2023-36796 are not publicly disclosed or known exploited.
§ Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

MS23-09-SONET: Security-only Update for Microsoft .NET
§ Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
§ Description: This security update addresses 4 vulnerabilities in DiaSymReader.dll
when reading a corrupted PDB file can lead to remote code execution, and a
vulnerability in the WPF XAML parser where an unsandboxed parser can lead to
remote code execution. This bulletin references 11 KB articles.
CVE-2023-36794 and CVE-2023-36796 are not publicly disclosed or known exploited.
§ Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

Windows Release Summary
§ Security Updates (with CVEs): Google Chrome (4), Firefox (1), Firefox ESR (2), GIMP (1),
Notepad++ (1), Python (1), Splunk Universal Forwarder (2), Thunderbird (2), Apache Tomcat (3), VMware
Tools (10, Wireshark (2)
§ Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader (1), CCleaner (1), ClickShare
App Machine-Wide Installer (1), Falcon Sensor for Windows (2), Docker For Windows (1), Dropbox (2),
Evernote (4), Firefox (1), GoodSync (3), GIT for windows (2), Cisco Jabber (1), LibreOffice (1), Malwarebytes
(1), Node.JS (Current) (1), Notepad++ (1), Opera (5), Plantronics Hub (1), PuTTY (1), PeaZip (1),
Screenpresso (1), Skype (2), Slack Machine-Wide Installer (3), Snagit (1), Tableau Desktop (4), Tableau Prep
(1), Tableau Reader (1), Thunderbird (1), Apache Tomcat (2), TeamViewer (2), VMware Horizon Client (1),
VMware Tools (1), Zoom Client (4), Zoom Rooms Client (1), Zoom VDI (2)
§ Non-Security Updates: 8x8 Work Desktop (1), AIMP (1), Amazon WorkSpaces (2), Bitwarden (2),
Camtasia (1), Google Drive File Stream (1), GeoGebra Classic (1), KeePassXC (1), NextCloud Desktop
Client (2), PDF-Xchange PRO (1), Plantronics Hub (1), Password Safe (1), RingCentral App (Machine-Wide
Installer) (1), TortoiseHG (1), TreeSize Free (1), Cisco WebEx Teams (2), WeCom (2), XnView (2)

Windows Third Party CVE Information
§ Google Chrome 116.0.5845.97
§ CHROME-230815, QGC1160584597
§ Fixes 21 Vulnerabilities: CVE-2023-2312, CVE-2023-4349, CVE-2023-4350, CVE-
2023-4351, CVE-2023-4352, CVE-2023-4353, CVE-2023-4354, CVE-2023-4355,
CVE-2023-4356, CVE-2023-4357, CVE-2023-4358, CVE-2023-4359, CVE-2023-
4360, CVE-2023-4361, CVE-2023-4362, CVE-2023-4363, CVE-2023-4364, CVE-
2023-4365, CVE-2023-4366, CVE-2023-4367, CVE-2023-4368
§ CHROME-230823, QGC11605845111
2023-4430, CVE-2023-4431
§ CHROME-230830, QGC11605845141
§ Fixes 1 Vulnerability: CVE-2023-4572

Windows Third Party CVE Information (cont)
§ CHROME-230905, QGC11605845180
2023-4764
§ Firefox 117.0
§ FF-230829, QFF1170
2023-4576, CVE-2023-4577, CVE-2023-4578, CVE-2023-4579, CVE-2023-4580,
CVE-2023-4581, CVE-2023-4582, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585
§ Firefox ESR 102.15.0
§ FFE-230828, QFFE102150
2023-4576, CVE-2023-4581, CVE-2023-4584

§ FFE115-230829, QFFE11520
§ Fixes 13 Vulnerabilities: CVE-2023-4573, CVE-2023-4574, CVE-2023-4575, CVE-2023-4576,
CVE-2023-4577, CVE-2023-4578, CVE-2023-4579, CVE-2023-4580, CVE-2023-4581, CVE-2023-
4582, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585
§ GIMP 2.10.34 revision 2
§ GIMP-230813, QGIMP21034V2
§ Notepad++ 8.5.7.0
§ NPPP-230908, QNPPP857
§ Fixes 4 Vulnerabilities: CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166
§ Python 3.11.5150.0
§ PYTHN311-23082, QPYTH31151500

§ Thunderbird 102.14.0
§ TB-230814, QTB102140
§ Fixes 9 Vulnerabilities: CVE-2023-4045, CVE-2023-4046, CVE-2023-4047, CVE-2023-4048, CVE-
2023-4049, CVE-2023-4050, CVE-2023-4054, CVE-2023-4055, CVE-2023-4056
§ TB-230829, QTB11520
§ Fixes 14 Vulnerabilities: CVE-2023-4051, CVE-2023-4053, CVE-2023-4573, CVE-2023-4574, CVE-
2023-4575, CVE-2023-4576, CVE-2023-4577, CVE-2023-4578, CVE-2023-4580, CVE-2023-4581,
CVE-2023-4582, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585

§ Splunk Universal Forwarder 8.2.12
§ SPLUNKF-230831, QSPLUNKF8212
§ Fixes 58 Vulnerabilities: See Advisory SVD-2023-0809 | Splunk Vulnerability Disclosure
§ Splunk Universal Forwarder 9.1.1
§ SPLUNKF9-230831, QSPLUNKF911
§ Fixes 58 Vulnerabilities: See Advisory SVD-2023-0809 | Splunk Vulnerability Disclosure
§ Apache Tomcat 10.1.13.0
§ TMCAT101-230828, QTOMCAT101130
§ TOMCAT9-230828, QTOMCAT90800
§ TMCAT85-230828, QTOMCAT85930
§ Fixes 1 Vulnerability in each version: CVE-2023-41080

§ VMware Tools 12.3.0
§ VMWT12-230901, QVMWT1230
§ Wireshark 3.6.16
§ WIRES36-230823, QWIRES3616EXE
2023-3649, CVE-2023-4511, CVE-2023-4513
§ Wireshark 4.0.8
§ WIRES40-230823, QWIRES408EXE
2023-4513, CVE-2023-2906, CVE-2023-4511, CVE-2023-4512, CVE-2023-4513

Apple Release Summary
§ Security Updates (with CVEs): Apple macOS Ventura (1), Google Chrome (4), Microsoft Office
2019 (1), Firefox (1), Firefox ESR (1), Microsoft Edge (3), Microsoft Office 2019 OneNote (1), Microsoft
Office 2019 Outlook (1), Thunderbird (1), Microsoft Office 2019 Word (1)
§ Security Updates (w/o CVEs): Brave (3), Microsoft Office 2019 PowerPoint (1), Zoom Client for
Mac (1)
§ Non-Security Updates: Adobe Acrobat DC and Acrobat Reader DC (1), aText (1), BBEdit (1),
Calendar 366 II (1), Dropbox (2), Evernote (4), Firefox (1), Google Drive (1), Grammarly (8), IntelliJ IDEA
(1), LibreOffice (1), Microsoft AutoUpdate (1), Microsoft Edge (1), OneDrive for Mac (1), Microsoft Office
2019 Outlook (2), Microsoft Office 2019 PowerPoint (1), Skype (2), Slack (2), Spotify (2), Thunderbird (1),
Microsoft Teams (Mac) (1), Visual Studio Code (1), Microsoft Office 2019 Word (1), Zoom Client for Mac
(4)

Apple Updates CVE Information
§ macOS Ventura 13.5.2
§ HT213906
§ Fixes 149 Vulnerabilities: See https://support.apple.com/en-us/HT213906 for details.

Apple Third Party CVE Information
§ CHROMEMAC-230815
§ Fixes 28 Vulnerabilities: CVE-2023-20593, CVE-2023-2312, CVE-2023-3730, CVE-2023-
4068, CVE-2023-4071, CVE-2023-4074, CVE-2023-4075, CVE-2023-4211, CVE-2023-4349,
CVE-2023-4350, CVE-2023-4351, CVE-2023-4352, CVE-2023-4353, CVE-2023-4354, CVE-
2023-4355, CVE-2023-4356, CVE-2023-4357, CVE-2023-4358, CVE-2023-4359, CVE-2023-
4360, CVE-2023-4361, CVE-2023-4362, CVE-2023-4363, CVE-2023-4364, CVE-2023-4365,
CVE-2023-4366, CVE-2023-4367, CVE-2023-4368
§ CHROMEMAC-230823
CVE-2023-4431
§ CHROMEMAC-230829

Apple Third Party CVE Information (cont)
§ CHROMEMAC-230905
§ Fixes 4 Vulnerabilities: CVE-2023-4761, CVE-2023-4762, CVE-2023-4763, CVE-2023-4764
§ Firefox 117.0
§ FF-230829
2023-4582, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585
§ FFE115-230829
2023-4581, CVE-2023-4582, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585

§ TB-230829
2023-4581, CVE-2023-4582, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585
§ Microsoft Office 2019 Excel 16.76
§ EXCEL19-230815
§ Fixes 3 Vulnerabilities: CVE-2023-35371, CVE-2023-36895, CVE-2023-36896
§ Microsoft Office 2019 OneNote 16.76
§ ONENOTE19-230815
§ Microsoft Office 2019 Outlook 16.76
§ OUTLOOK19-230815
§ Microsoft Office 2019 Word 16.76
§ WORD19-230815
§ Fixes 1 Vulnerability in all 3 products: CVE-2023-36895

§ Microsoft Edge 116.0.1938.54
§ MEDGEMAC-230821
§ Fixes 2 Vulnerabilities: CVE-2023-36787, CVE-2023-38158
§ MEDGEMAC-230825
§ MEDGEMAC-230831

Thank You!

2023 Ivanti September Patch Tuesday

2023 Ivanti September Patch Tuesday

Recomendados

Más contenido relacionado

Was ist angesagt?

Was ist angesagt?(20)

Similar a 2023 Ivanti September Patch Tuesday

Similar a 2023 Ivanti September Patch Tuesday(20)

Último

Último(20)

2023 Ivanti September Patch Tuesday