SlideShare ist ein Scribd-Unternehmen logo

February 2021 Patch Tuesday

Ivanti
Ivanti

February Patch Tuesday is upon us! Top priorities this month are some Zero Days from both Microsoft and Adobe that need immediate attention. Microsoft has fixed 56 new and re-released 2 vulnerabilities (CVEs) across the Windows Operating System, Office, .Net Framework, a host of OS components and system tools and development tools. Adobe has also released a priority 1 update for Adobe Acrobat and Reader resolving 23 CVEs, one of which is actively exploited (Zero Day).

Technologie
1 von 44
Downloaden Sie, um offline zu lesen
Copyright © 2021 Ivanti. All rights reserved. Patch Tuesday Webinar Wednesday, February 10, 2021 Hosted by: Chris Goettl & Todd Schell Dial in: 1-877-668-4490 (US) Event ID: 177 640 1649
Copyright © 2021 Ivanti. All rights reserved. Agenda February 2021 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A 1 2 3 4 5
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Overview
Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. In the News
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. In the News Source: Microsoft ▪ Lye-poisoning attack in Florida shows cybersecurity gaps in water systems ▪ https://www.nbcnews.com/tech/security/lye-poisoning-attack-florida-shows- cybersecurity-gaps-water-systems-n1257173 ▪ Malicious Code Injected via Google Chrome Extension Highlights App Risks ▪ https://www.darkreading.com/application-security/malicious-code-injected-via-google-chrome- extension-highlights-app-risks/d/d-id/1340100
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Known Exploited Vulnerability ▪ CVE-2021-1732 Windows Win32k Elevation of Privilege Vulnerability ▪ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732 Source: Microsoft ▪ Affected Products: Windows 10, Server 2016 and newer OS version ▪ Importance of Risk-based Prioritization: Microsoft Severity Important, CVSS Score 7.8
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Netlogon Secure Channel Connections ▪ Phase 2 update: Netlogon CVE-2020-1472 ▪ Deployment Guidelines ▪ Deploy August 11th updates ▪ Monitor for warning events ▪ Act on warning events ▪ Netlogon exploited in late September ▪ Emergency Directive 20-04 released on Sept 18, 2020 ▪ All Federal Agencies required to update and enable by Sept 21, 2020 ▪ Full enforcement mode goes into effect with February 9, 2021 OS update
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Known Exploited Vulnerability ▪ CVE-2021-21017 Adobe Acrobat and Reader Arbitrary Code Execution Source: Microsoft ▪ Affected Products: Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, Acrobat Reader 2017 ▪ Adobe has received a report that CVE-2021-21017 has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows. ▪ https://threatpost.com/exploited-windows-kernel- bug-takeover/163800/
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Publicly Disclosed Vulnerabilities ▪ CVE-2021-1721 .NET Core and Visual Studio Denial of Service Vulnerability ▪ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721 ▪ CVE-2021-1727 Windows Installer Elevation of Privilege Vulnerability ▪ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1727 ▪ CVE-2021-1733 Sysinternals PsExec Elevation of Privilege Vulnerability ▪ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1733 ▪ CVE-2021-24098 Windows Console Driver Denial of Service Vulnerability ▪ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24098 ▪ CVE-2021-24106 Windows DirectX Information Disclosure Vulnerability ▪ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24106 ▪ CVE-2021-26701 .NET Core Remote Code Execution Vulnerability ▪ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26701 Source: Microsoft
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest ▪ Advisory 990001 Latest Servicing Stack Updates (SSU) ▪ https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001 ▪ Updated SSUs this month ▪ Windows 10 ▪ Windows 10 1607/Server 2016 ▪ Windows 10 1809/Server 2019 ▪ Windows 10 1909/Windows Server 1909 ▪ Development Tool and Other Updates ▪ .NET Core 2.1, 3.1 and 5.0 ▪ Azure Kubernetes Service ▪ Package Manager Configurations ▪ PsExec ▪ Visual Studio 2017-2019 ▪ Visual Studio Code Source: Microsoft
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 20H2 10/20/2020 5/9/2023 2004 5/27/2020 12/14/2021 1909 11/12/2019 5/10/2022 1903 5/21/2019 12/8/2020 1809 11/13/2018 5/11/2021 1803 4/30/2018 5/11/2021 1709 10/17/2017 10/13/2020 Windows Datacenter and Standard Server Version Release Date End of Support Date 20H2 10/20/2020 5/10/2022 2004 5/27/2020 12/14/2021 1909 11/12/2019 5/11/2021 1903 5/21/2019 12/8/2020 ▪ Lifecycle Fact Sheet ▪ https://docs.microsoft.com/en-us/lifecycle/faq/windows ▪ https://docs.microsoft.com/en-us/lifecycle/products/windows-server ▪ https://docs.microsoft.com/en-us/lifecycle/products/windows-10-enterprise- and-education
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Patch Content Announcements ▪ Announcements Posted on Community Forum Pages ▪ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2 ▪ Subscribe to receive email for the desired product(s)
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Bulletins and Releases
Copyright © 2021 Ivanti. All rights reserved. APSB21-09: Security Update for Adobe Acrobat and Reader ▪ Maximum Severity: Critical ▪ Affected Products: Adobe Acrobat and Reader (all current versions) ▪ Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 23 Vulnerabilities: CVE-2021-21017 has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows ▪ https://helpx.adobe.com/security/products/acrobat/apsb21-09.html ▪ Restart Required: Requires application restart
Copyright © 2021 Ivanti. All rights reserved. MS21-02-W10: Windows 10 Update ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows 10 Versions 1607, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, Server 2016, Server 2019, Server version 1909, Server version 2004, Server version 20H2,IE 11, Legacy Edge and Edge Chromium ▪ Description: This bulletin references 6 KB articles. See KBs for the list of changes. ▪ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 28 Vulnerabilities: CVE-2021-1727, CVE-2021-24098, and CVE-2021- 24106 are publicly disclosed. CVE-2021-1732 is known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: See next slides
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. February Known Issues for Windows 10 ▪ KB 4601318 – Windows 10, Version 1607 and Server 2016 ▪ [Min Password] After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. Workaround: Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution. ▪ KB 4601345 – Windows 10, Version 1809, Server 2019 All Versions ▪ [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. February Known Issues for Windows 10 (cont) ▪ KB 4601315 – Windows 10 version 1909, Windows Server version 1909 ▪ [Outdated Updates] System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. Note: Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Workaround: If you have already encountered this issue on your device, you can mitigate it within the uninstall window by going back to your previous version of Windows. The uninstall window might be 10 or 30 days depending on the configuration of your environment and the version you’re updating to. See directions here. Microsoft is working on a resolution. ▪ NOTE: Incompatibility found with Discord app. Update Discord to latest version.
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. February Known Issues for Windows 10 (cont) ▪ KB 4601319 – Windows 10 version 2004, Windows Server version 2004, Windows 10 version 20H2, Windows Server version 20H2 ▪ [Editor] When using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually. Workaround: Microsoft is working on a resolution. ▪ [Outdated Updates] ▪ NOTE: Incompatibility found with Discord app. Update Discord to latest version.
Copyright © 2021 Ivanti. All rights reserved. MS21-02-MR2K8-ESU: Monthly Rollup for Windows Server 2008 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows Server 2008 and IE 9 ▪ Description: This security update includes improvements and fixes that were a part of update KB 4598288 (released January 12, 2021). Bulletin is based on KB 4601360. Security updates to Windows App Platform and Frameworks, Windows Core Networking, and Windows Hybrid Cloud Networking. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 12 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename] See next slide.
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. February Known Issues for Server 2008 ▪ KB 4601360 – Windows Server 2008 (Monthly Rollup) ▪ [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution. ▪ KB 4601366 – Windows Server 2008 (Security-only Update) ▪ [File Rename]
Copyright © 2021 Ivanti. All rights reserved. MS21-02-SO2K8-ESU: Security-only Update for Windows Server 2008 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows Server 2008 ▪ Description: Bulletin is based on KB 4601366. Security updates to Windows App Platform and Frameworks, Windows Core Networking, and Windows Hybrid Cloud Networking. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 12 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename] See previous slide.
Copyright © 2021 Ivanti. All rights reserved. MS21-02-MR7-ESU: Monthly Rollup for Win 7 MS21-02-MR2K8R2-ESU Monthly Rollup for Server 2008 R2 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows 7, Server 2008 R2, and IE ▪ Description: This security update includes improvements and fixes that were a part of update KB 4598279 (released January 12, 2021). Bulletin is based on KB 4601347. Security updates to Windows App Platform and Frameworks, Windows Hybrid Cloud Networking, and Windows Core Networking. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 14 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename]
Copyright © 2021 Ivanti. All rights reserved. MS21-02-SO7-ESU: Security-only Update for Win 7 MS21-02-SO2K8R2-ESU: Security-only Update for Server 2008 R2 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows 7 and Server 2008 R2 ▪ Description: Bulletin is based on KB 4601363. Security updates to Windows App Platform and Frameworks, Windows Hybrid Cloud Networking, and Windows Core Networking. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 14 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename]
Copyright © 2021 Ivanti. All rights reserved. MS21-02-MR8: Monthly Rollup for Server 2012 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows Server 2012 and IE ▪ Description: This security update includes improvements and fixes that were a part of update KB 4598278 (released previous January 12, 2021). Bulletin is based on KB 4601348. Security updates to Windows App Platform and Frameworks, Windows Core Networking, Windows Hybrid Cloud Networking, and Windows Peripherals. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 16 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename]
Copyright © 2021 Ivanti. All rights reserved. MS21-02-SO8: Security-only Update for Windows Server 2012 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows Server 2012 ▪ Description: Bulletin is based on KB 4601357. Security updates to Windows App Platform and Frameworks, Windows Core Networking, Windows Hybrid Cloud Networking, and Windows Peripherals. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 16 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename]
Copyright © 2021 Ivanti. All rights reserved. MS21-02-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE ▪ Description: This security update includes improvements and fixes that were a part of update KB 4598285 (released January 12, 2021). Bulletin is based on KB 4601384. Security updates to Windows App Platform and Frameworks, Windows Hybrid Cloud Networking, and Windows Core Networking. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 16 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename]
Copyright © 2021 Ivanti. All rights reserved. MS21-02-SO81: Security-only Update for Win 8.1 and Server 2012 R2 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows 8.1, Server 2012 R2 ▪ Description: Bulletin is based on KB 4601349. Security updates to Windows App Platform and Frameworks, Windows Hybrid Cloud Networking, and Windows Core Networking. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 16 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename]
Copyright © 2021 Ivanti. All rights reserved. MS21-02-OFF: Security Updates for Microsoft Office ▪ Maximum Severity: Important ▪ Affected Products: Excel 2010-2016, Office Online Server, Office 2019 for macOS, and Office Web Apps Server ▪ Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references 5 KB articles plus release notes for the MacOS Office. ▪ Impact: Remote Code Execution ▪ Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-24067, CVE-2021-24068, CVE-2021-24069 and CVE-2021- 24070 are fixed in this release. ▪ Restart Required: Requires application restart ▪ Known Issues: None reported
Copyright © 2021 Ivanti. All rights reserved. MS21-02-O365: Security Updates Microsoft 365 Apps and Office 2019 ▪ Maximum Severity: Important ▪ Affected Products: Microsoft 365 Apps, Office 2019 ▪ Description: This month’s update resolved various bugs and performance issues in Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps security updates is available at https://docs.microsoft.com/en- us/officeupdates/microsoft365-apps-security-updates. ▪ Impact: Remote Code Execution ▪ Fixes 3 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2021-24067, CVE-2021-24069 and CVE-2021-24070 are fixed in this release. ▪ Restart Required: Requires application restart ▪ Known Issues: None reported
Copyright © 2021 Ivanti. All rights reserved. MS21-02-SPT: Security Updates for SharePoint Server ▪ Maximum Severity: Important ▪ Affected Products: Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation Server 2010 and 2013, and Microsoft SharePoint Server 2019 ▪ Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on 4 KB articles. ▪ Impact: Remote Code Execution, Spoofing and Information Disclosure ▪ Fixes 4 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2021-1726, CVE-2021-24066, CVE-2021-24071 and CVE-2021-24072 are fixed in this release. ▪ Restart Required: Requires restart ▪ Known Issues: If your customized SharePoint pages use the SPWorkflowDataSource or FabricWorkflowInstanceProvider user control, some functions on those pages may not work. To resolve this issue, see KB 5000640.
Copyright © 2021 Ivanti. All rights reserved. MS21-02-MRNET: Monthly Rollup for Microsoft .Net ▪ Maximum Severity: Important ▪ Affected Products: Microsoft Windows .Net Framework 4.6 through 4.8 ▪ Description: This security update addresses a denial of service vulnerability in .NET Framework. This bulletin references 11 KB articles. ▪ Impact: Denial of Service ▪ Fixes 1 Vulnerability: CVE-2021-24111 is not publicly disclosed or known exploited. ▪ Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used. ▪ Known Issues: See next slide
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. February Known Issues for .NET Framework Source: Microsoft
Copyright © 2021 Ivanti. All rights reserved. MS21-02-SONET: Security-only Update for Microsoft .Net ▪ Maximum Severity: Important ▪ Affected Products: Microsoft Windows .Net Framework 4.6 through 4.8 ▪ Description: This security update addresses a denial of service vulnerability in .NET Framework. This bulletin references 4 KB articles. ▪ Impact: Denial of Service ▪ Fixes 1 Vulnerability: CVE-2021-24111 is not publicly disclosed or known exploited. ▪ Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used. ▪ Known Issues: See previous slide
Copyright © 2021 Ivanti. All rights reserved. MS21-02-EXCH: Security Updates for Exchange Server ▪ Maximum Severity: Important ▪ Affected Products: Microsoft Exchange Server 2016 and 2019 ▪ Description: This security update fixes vulnerabilities in Microsoft Exchange. This bulletin is based on KBs 4571787, 4571788, and 4602269. ▪ Impact: Spoofing ▪ Fixes 2 Vulnerabilities: CVE-2021-1730 and CVE-2021-24085 are not publicly disclosed or known exploited. ▪ Restart Required: Requires restart ▪ Known Issues: Multiple issues and workarounds per each respective KB
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Between Patch Tuesdays
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Release Summary ▪ Security Updates: Firefox (1), Firefox ESR (1), Google Chrome (3), Java 8 (1), Java Development Kit 8 (1), SeaMonkey (1), Thunderbird (1), Wireshark (1) ▪ Non-Security Updates: AIMP (1), AdoptOpenJDK JDK 11 (1), AdoptOpenJDK JDK 8 (1), AdoptOpenJDK JRE 11 (1), AdoptOpenJDK JRE 8 (1), Azul Zulu JDK 11 (1), Azul Zulu JDK 8 (1), Azul Zulu JRE 11 (1), Azul Zulu JRE 8Box Edit (1), BlueJeans Outlook Addin (1), Box Drive (1), Ccleaner (1), ClickShare App Machine-Wide Installer (2), Amazon Corretto 11 (1), Amazon Corretto 8 (1), Cisco WebEx Teams (3), Citrix Workspace App (2), Dropbox (3), Evernote (2), Firefox (1), Firefox ESR, (1), FileZilla Client (1), Google Drive File Stream (1), Falcon sensor for Windows (1), Google Backup and Sync (2), Google Chrome (1), GIT for windows (1), GoodSync (3), Inkscape (1), IrfanView (1), Cisco Jabber (1), Jabra Direct (1), Java Development Kit 11 (1), LibreOffice (1), Nitro Pro (1), Nitro Pro Enterprise (1), Node.JS (4), NextCloud Desktop Client (1), Opera Browser (2), Apache OpenOffice (1), VirtualBox (1), PDF-Xchange PRO (3), Paint.NET (1), Plantronics Hub (1), Plex Media Server (3), RingCentral App (Machine-Wide Installer) (1), Skype (1), Snagit (1), Splunk Universal Forwarder (1), Sourcetree for Windows Enterprise (1), Tableau Desktop (4), Tableau Prep Builder (1), Tableau Reader (1), Thunderbird (1), TortoiseHG (1), Apache Tomcat (3), TeamViewer (2), UltraVNC (1), VLC Media Player (1), VMWare Tools (1), WinDVD Pro (1), WinSCP (1), Wireshark (1), WinMerge (1), WinZip (1), XnView (1), Zoom Client (3), Zoom Outlook Plugin (1)
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information ▪ Firefox 85.0 ▪ FF-210126, QFF850 ▪ Fixes 13 Vulnerabilities: CVE-2021-23953, CVE-2021-23954, CVE-2021-23955, CVE-2021-23956, CVE-2021-23957, CVE-2021-23958, CVE-2021-23959, CVE- 2021-23960, CVE-2021-23961, CVE-2021-23962, CVE-2021-23963, CVE-2021- 23964, CVE-2021-23965 ▪ Firefox ESR 78.7.0 ▪ FFE-210126, QFFE7870 ▪ Fixes 5 Vulnerabilities: CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont) ▪ Google Chrome 88.0.4324.96 ▪ CHROME-210118, QGC880432496 ▪ Fixes 39 Vulnerabilities: CVE-2020-15995, CVE-2020-16043, CVE-2020-16044, CVE-2021-21106, CVE-2021-21107, CVE-2021-21108, CVE-2021-21109, CVE- 2021-21110, CVE-2021-21111, CVE-2021-21112, CVE-2021-21113, CVE-2021- 21114, CVE-2021-21115, CVE-2021-21116, CVE-2021-21117, CVE-2021-21118, CVE-2021-21119, CVE-2021-21120, CVE-2021-21121, CVE-2021-21122, CVE- 2021-21123, CVE-2021-21124, CVE-2021-21125, CVE-2021-21126, CVE-2021- 21127, CVE-2021-21128, CVE-2021-21129, CVE-2021-21130, CVE-2021-21131, CVE-2021-21132, CVE-2021-21133, CVE-2021-21134, CVE-2021-21135, CVE- 2021-21136, CVE-2021-21137, CVE-2021-21138, CVE-2021-21139, CVE-2021- 21140, CVE-2021-21141
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont) ▪ Google Chrome 88.0.4324.146 ▪ CHROME-210202, QGC8804324146 ▪ Fixes 26 Vulnerabilities: CVE-2020-16044, CVE-2021-21117, CVE-2021-21118, CVE-2021-21119, CVE-2021-21120, CVE-2021-21121, CVE-2021-21122, CVE- 2021-21123, CVE-2021-21124, CVE-2021-21125, CVE-2021-21126, CVE-2021- 21127, CVE-2021-21128, CVE-2021-21129, CVE-2021-21130, CVE-2021-21131, CVE-2021-21132, CVE-2021-21133, CVE-2021-21134, CVE-2021-21135, CVE- 2021-21136, CVE-2021-21137, CVE-2021-21138, CVE-2021-21139, CVE-2021- 21140, CVE-2021-21141 ▪ Google Chrome 88.0.4324.150 ▪ CHROME-210204, QGC8804324150 ▪ Fixes 1 Vulnerability: CVE-2021-21148
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont) ▪ Java 8 Update 281 ▪ JAVA8-281, QJAVA8U281 ▪ Fixes 1 Vulnerability: CVE-2021-14803 ▪ Java Development Kit 8 Update 281 ▪ JDK8-281, QJDK8U281 ▪ Fixes 1 Vulnerability: CVE-2021-14803 ▪ Wireshark 3.4.3 ▪ WIRES34-210201, QWIRES343 ▪ Fixes 2 Vulnerabilities: CVE-2021-22173, CVE-2021-22174 ▪ Thunderbird 78.7.0 ▪ TB-210127, QTB7870 ▪ Fixes 6 Vulnerabilities: CVE-2020-15685, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont) ▪ SeaMonkey 2.53.6 ▪ SM20-210122, QSM2536 ▪ Fixes 14 Vulnerabilities: CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE- 2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12371, CVE-2018-5156, CVE-2018-5187, CVE-2018-5188
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Q & A
Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Thank You!

Empfohlen

March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch TuesdayIvanti
 
May 2021 Patch Tuesday
May 2021 Patch TuesdayMay 2021 Patch Tuesday
May 2021 Patch TuesdayIvanti
 
January 2021 Patch Tuesday
January 2021 Patch TuesdayJanuary 2021 Patch Tuesday
January 2021 Patch TuesdayIvanti
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch TuesdayIvanti
 
December Patch Tuesday 2020
December Patch Tuesday 2020December Patch Tuesday 2020
December Patch Tuesday 2020Ivanti
 
Fr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslidesFr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslidesIvanti
 
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti
 
Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti
 

Empfohlen

March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch TuesdayIvanti
 
May 2021 Patch Tuesday
May 2021 Patch TuesdayMay 2021 Patch Tuesday
May 2021 Patch TuesdayIvanti
 
January 2021 Patch Tuesday
January 2021 Patch TuesdayJanuary 2021 Patch Tuesday
January 2021 Patch TuesdayIvanti
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch TuesdayIvanti
 
December Patch Tuesday 2020
December Patch Tuesday 2020December Patch Tuesday 2020
December Patch Tuesday 2020Ivanti
 
Fr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslidesFr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslidesIvanti
 
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti
 
Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch TuesdayIvanti
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch TuesdayIvanti
 
2021 July Patch Tuesday
2021 July Patch Tuesday2021 July Patch Tuesday
2021 July Patch TuesdayIvanti
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesIvanti
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021Ivanti
 
August 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchAugust 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchIvanti
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch TuesdayIvanti
 
October2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-onlyOctober2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-onlyIvanti
 
December 2021 patch tuesday
December 2021 patch tuesdayDecember 2021 patch tuesday
December 2021 patch tuesdayIvanti
 
Fr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slidesFr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slidesIvanti
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch TuesdayIvanti
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch TuesdayIvanti
 
2021 August Patch Tuesday
2021 August Patch Tuesday2021 August Patch Tuesday
2021 August Patch TuesdayIvanti
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepIvanti
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesdayIvanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch TuesdayIvanti
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti
 
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020Ivanti
 
Workspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge IntelligenceWorkspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge IntelligenceIvanti
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch TuesdayIvanti
 
2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptxIvanti
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch TuesdayIvanti
 

Weitere ähnliche Inhalte

Was ist angesagt?

2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch TuesdayIvanti
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch TuesdayIvanti
 
2021 July Patch Tuesday
2021 July Patch Tuesday2021 July Patch Tuesday
2021 July Patch TuesdayIvanti
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesIvanti
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021Ivanti
 
August 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchAugust 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchIvanti
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch TuesdayIvanti
 
October2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-onlyOctober2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-onlyIvanti
 
December 2021 patch tuesday
December 2021 patch tuesdayDecember 2021 patch tuesday
December 2021 patch tuesdayIvanti
 
Fr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slidesFr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slidesIvanti
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch TuesdayIvanti
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch TuesdayIvanti
 
2021 August Patch Tuesday
2021 August Patch Tuesday2021 August Patch Tuesday
2021 August Patch TuesdayIvanti
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepIvanti
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesdayIvanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch TuesdayIvanti
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti
 
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020Ivanti
 
Workspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge IntelligenceWorkspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge IntelligenceIvanti
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch TuesdayIvanti
 

Was ist angesagt? (20)

2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch Tuesday
 
2021 July Patch Tuesday
2021 July Patch Tuesday2021 July Patch Tuesday
2021 July Patch Tuesday
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slides
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021
 
August 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchAugust 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - French
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch Tuesday
 
October2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-onlyOctober2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-only
 
December 2021 patch tuesday
December 2021 patch tuesdayDecember 2021 patch tuesday
December 2021 patch tuesday
 
Fr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slidesFr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slides
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch Tuesday
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch Tuesday
 
2021 August Patch Tuesday
2021 August Patch Tuesday2021 August Patch Tuesday
2021 August Patch Tuesday
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeep
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
 
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
 
Workspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge IntelligenceWorkspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge Intelligence
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch Tuesday
 

Ähnlich wie February 2021 Patch Tuesday

2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptxIvanti
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch TuesdayIvanti
 
2022 September Patch Tuesday
2022 September Patch Tuesday2022 September Patch Tuesday
2022 September Patch TuesdayIvanti
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch TuesdayIvanti
 
Patch Tuesday November - 2020
Patch Tuesday November - 2020Patch Tuesday November - 2020
Patch Tuesday November - 2020Ivanti
 
November Patch Tuesday 2020
November Patch Tuesday 2020 November Patch Tuesday 2020
November Patch Tuesday 2020 Ivanti
 
2022 August Patch Tuesday
2022 August Patch Tuesday2022 August Patch Tuesday
2022 August Patch TuesdayIvanti
 
2022 FR April Patch Tuesday
2022 FR April Patch Tuesday2022 FR April Patch Tuesday
2022 FR April Patch TuesdayIvanti
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch TuesdayIvanti
 
2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch TuesdayIvanti
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020Ivanti
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch TuesdayIvanti
 
September Patch Tuesday- 2020
September Patch Tuesday- 2020September Patch Tuesday- 2020
September Patch Tuesday- 2020Ivanti
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch TuesdayIvanti
 
2022 November Patch Tuesday
2022 November Patch Tuesday2022 November Patch Tuesday
2022 November Patch TuesdayIvanti
 
Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020Ivanti
 
Patch Tuesday August 2020
Patch Tuesday August 2020 Patch Tuesday August 2020
Patch Tuesday August 2020 Ivanti
 
2022 June FR Patch Tuesday
2022 June FR Patch Tuesday2022 June FR Patch Tuesday
2022 June FR Patch TuesdayIvanti
 
August 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisAugust 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisIvanti
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch TuesdayIvanti
 

Ähnlich wie February 2021 Patch Tuesday (20)

2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch Tuesday
 
2022 September Patch Tuesday
2022 September Patch Tuesday2022 September Patch Tuesday
2022 September Patch Tuesday
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch Tuesday
 
Patch Tuesday November - 2020
Patch Tuesday November - 2020Patch Tuesday November - 2020
Patch Tuesday November - 2020
 
November Patch Tuesday 2020
November Patch Tuesday 2020 November Patch Tuesday 2020
November Patch Tuesday 2020
 
2022 August Patch Tuesday
2022 August Patch Tuesday2022 August Patch Tuesday
2022 August Patch Tuesday
 
2022 FR April Patch Tuesday
2022 FR April Patch Tuesday2022 FR April Patch Tuesday
2022 FR April Patch Tuesday
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch Tuesday
 
2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch Tuesday
 
September Patch Tuesday- 2020
September Patch Tuesday- 2020September Patch Tuesday- 2020
September Patch Tuesday- 2020
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch Tuesday
 
2022 November Patch Tuesday
2022 November Patch Tuesday2022 November Patch Tuesday
2022 November Patch Tuesday
 
Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020
 
Patch Tuesday August 2020
Patch Tuesday August 2020 Patch Tuesday August 2020
Patch Tuesday August 2020
 
2022 June FR Patch Tuesday
2022 June FR Patch Tuesday2022 June FR Patch Tuesday
2022 June FR Patch Tuesday
 
August 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisAugust 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday Analysis
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch Tuesday
 

Mehr von Ivanti

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de AbrilIvanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - AvrilIvanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia AprileIvanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - MarsIvanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de MarzoIvanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia MarzoIvanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de FebreroIvanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - FévrierIvanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioIvanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch TuesdayIvanti
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch TuesdayIvanti
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch TuesdayIvanti
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch TuesdayIvanti
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de EneroIvanti
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – JanvierIvanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch TuesdayIvanti
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de DiciembreIvanti
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – DécembreIvanti
 

Mehr von Ivanti (20)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – Décembre
 

Kürzlich hochgeladen

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 

Kürzlich hochgeladen (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 

February 2021 Patch Tuesday

  • 1. Copyright © 2021 Ivanti. All rights reserved. Patch Tuesday Webinar Wednesday, February 10, 2021 Hosted by: Chris Goettl & Todd Schell Dial in: 1-877-668-4490 (US) Event ID: 177 640 1649
  • 2. Copyright © 2021 Ivanti. All rights reserved. Agenda February 2021 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A 1 2 3 4 5
  • 3. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Overview
  • 4. Copyright © 2021 Ivanti. All rights reserved.
  • 5. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. In the News
  • 6. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. In the News Source: Microsoft ▪ Lye-poisoning attack in Florida shows cybersecurity gaps in water systems ▪ https://www.nbcnews.com/tech/security/lye-poisoning-attack-florida-shows- cybersecurity-gaps-water-systems-n1257173 ▪ Malicious Code Injected via Google Chrome Extension Highlights App Risks ▪ https://www.darkreading.com/application-security/malicious-code-injected-via-google-chrome- extension-highlights-app-risks/d/d-id/1340100
  • 7. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Known Exploited Vulnerability ▪ CVE-2021-1732 Windows Win32k Elevation of Privilege Vulnerability ▪ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732 Source: Microsoft ▪ Affected Products: Windows 10, Server 2016 and newer OS version ▪ Importance of Risk-based Prioritization: Microsoft Severity Important, CVSS Score 7.8
  • 8. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Netlogon Secure Channel Connections ▪ Phase 2 update: Netlogon CVE-2020-1472 ▪ Deployment Guidelines ▪ Deploy August 11th updates ▪ Monitor for warning events ▪ Act on warning events ▪ Netlogon exploited in late September ▪ Emergency Directive 20-04 released on Sept 18, 2020 ▪ All Federal Agencies required to update and enable by Sept 21, 2020 ▪ Full enforcement mode goes into effect with February 9, 2021 OS update
  • 9. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Known Exploited Vulnerability ▪ CVE-2021-21017 Adobe Acrobat and Reader Arbitrary Code Execution Source: Microsoft ▪ Affected Products: Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, Acrobat Reader 2017 ▪ Adobe has received a report that CVE-2021-21017 has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows. ▪ https://threatpost.com/exploited-windows-kernel- bug-takeover/163800/
  • 10. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Publicly Disclosed Vulnerabilities ▪ CVE-2021-1721 .NET Core and Visual Studio Denial of Service Vulnerability ▪ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721 ▪ CVE-2021-1727 Windows Installer Elevation of Privilege Vulnerability ▪ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1727 ▪ CVE-2021-1733 Sysinternals PsExec Elevation of Privilege Vulnerability ▪ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1733 ▪ CVE-2021-24098 Windows Console Driver Denial of Service Vulnerability ▪ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24098 ▪ CVE-2021-24106 Windows DirectX Information Disclosure Vulnerability ▪ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24106 ▪ CVE-2021-26701 .NET Core Remote Code Execution Vulnerability ▪ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26701 Source: Microsoft
  • 11. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest ▪ Advisory 990001 Latest Servicing Stack Updates (SSU) ▪ https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001 ▪ Updated SSUs this month ▪ Windows 10 ▪ Windows 10 1607/Server 2016 ▪ Windows 10 1809/Server 2019 ▪ Windows 10 1909/Windows Server 1909 ▪ Development Tool and Other Updates ▪ .NET Core 2.1, 3.1 and 5.0 ▪ Azure Kubernetes Service ▪ Package Manager Configurations ▪ PsExec ▪ Visual Studio 2017-2019 ▪ Visual Studio Code Source: Microsoft
  • 12. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 20H2 10/20/2020 5/9/2023 2004 5/27/2020 12/14/2021 1909 11/12/2019 5/10/2022 1903 5/21/2019 12/8/2020 1809 11/13/2018 5/11/2021 1803 4/30/2018 5/11/2021 1709 10/17/2017 10/13/2020 Windows Datacenter and Standard Server Version Release Date End of Support Date 20H2 10/20/2020 5/10/2022 2004 5/27/2020 12/14/2021 1909 11/12/2019 5/11/2021 1903 5/21/2019 12/8/2020 ▪ Lifecycle Fact Sheet ▪ https://docs.microsoft.com/en-us/lifecycle/faq/windows ▪ https://docs.microsoft.com/en-us/lifecycle/products/windows-server ▪ https://docs.microsoft.com/en-us/lifecycle/products/windows-10-enterprise- and-education
  • 13. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Patch Content Announcements ▪ Announcements Posted on Community Forum Pages ▪ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2 ▪ Subscribe to receive email for the desired product(s)
  • 14. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Bulletins and Releases
  • 15. Copyright © 2021 Ivanti. All rights reserved. APSB21-09: Security Update for Adobe Acrobat and Reader ▪ Maximum Severity: Critical ▪ Affected Products: Adobe Acrobat and Reader (all current versions) ▪ Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 23 Vulnerabilities: CVE-2021-21017 has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows ▪ https://helpx.adobe.com/security/products/acrobat/apsb21-09.html ▪ Restart Required: Requires application restart
  • 16. Copyright © 2021 Ivanti. All rights reserved. MS21-02-W10: Windows 10 Update ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows 10 Versions 1607, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, Server 2016, Server 2019, Server version 1909, Server version 2004, Server version 20H2,IE 11, Legacy Edge and Edge Chromium ▪ Description: This bulletin references 6 KB articles. See KBs for the list of changes. ▪ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 28 Vulnerabilities: CVE-2021-1727, CVE-2021-24098, and CVE-2021- 24106 are publicly disclosed. CVE-2021-1732 is known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: See next slides
  • 17. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. February Known Issues for Windows 10 ▪ KB 4601318 – Windows 10, Version 1607 and Server 2016 ▪ [Min Password] After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. Workaround: Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution. ▪ KB 4601345 – Windows 10, Version 1809, Server 2019 All Versions ▪ [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.
  • 18. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. February Known Issues for Windows 10 (cont) ▪ KB 4601315 – Windows 10 version 1909, Windows Server version 1909 ▪ [Outdated Updates] System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. Note: Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Workaround: If you have already encountered this issue on your device, you can mitigate it within the uninstall window by going back to your previous version of Windows. The uninstall window might be 10 or 30 days depending on the configuration of your environment and the version you’re updating to. See directions here. Microsoft is working on a resolution. ▪ NOTE: Incompatibility found with Discord app. Update Discord to latest version.
  • 19. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. February Known Issues for Windows 10 (cont) ▪ KB 4601319 – Windows 10 version 2004, Windows Server version 2004, Windows 10 version 20H2, Windows Server version 20H2 ▪ [Editor] When using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually. Workaround: Microsoft is working on a resolution. ▪ [Outdated Updates] ▪ NOTE: Incompatibility found with Discord app. Update Discord to latest version.
  • 20. Copyright © 2021 Ivanti. All rights reserved. MS21-02-MR2K8-ESU: Monthly Rollup for Windows Server 2008 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows Server 2008 and IE 9 ▪ Description: This security update includes improvements and fixes that were a part of update KB 4598288 (released January 12, 2021). Bulletin is based on KB 4601360. Security updates to Windows App Platform and Frameworks, Windows Core Networking, and Windows Hybrid Cloud Networking. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 12 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename] See next slide.
  • 21. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. February Known Issues for Server 2008 ▪ KB 4601360 – Windows Server 2008 (Monthly Rollup) ▪ [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution. ▪ KB 4601366 – Windows Server 2008 (Security-only Update) ▪ [File Rename]
  • 22. Copyright © 2021 Ivanti. All rights reserved. MS21-02-SO2K8-ESU: Security-only Update for Windows Server 2008 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows Server 2008 ▪ Description: Bulletin is based on KB 4601366. Security updates to Windows App Platform and Frameworks, Windows Core Networking, and Windows Hybrid Cloud Networking. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 12 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename] See previous slide.
  • 23. Copyright © 2021 Ivanti. All rights reserved. MS21-02-MR7-ESU: Monthly Rollup for Win 7 MS21-02-MR2K8R2-ESU Monthly Rollup for Server 2008 R2 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows 7, Server 2008 R2, and IE ▪ Description: This security update includes improvements and fixes that were a part of update KB 4598279 (released January 12, 2021). Bulletin is based on KB 4601347. Security updates to Windows App Platform and Frameworks, Windows Hybrid Cloud Networking, and Windows Core Networking. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 14 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename]
  • 24. Copyright © 2021 Ivanti. All rights reserved. MS21-02-SO7-ESU: Security-only Update for Win 7 MS21-02-SO2K8R2-ESU: Security-only Update for Server 2008 R2 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows 7 and Server 2008 R2 ▪ Description: Bulletin is based on KB 4601363. Security updates to Windows App Platform and Frameworks, Windows Hybrid Cloud Networking, and Windows Core Networking. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 14 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename]
  • 25. Copyright © 2021 Ivanti. All rights reserved. MS21-02-MR8: Monthly Rollup for Server 2012 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows Server 2012 and IE ▪ Description: This security update includes improvements and fixes that were a part of update KB 4598278 (released previous January 12, 2021). Bulletin is based on KB 4601348. Security updates to Windows App Platform and Frameworks, Windows Core Networking, Windows Hybrid Cloud Networking, and Windows Peripherals. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 16 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename]
  • 26. Copyright © 2021 Ivanti. All rights reserved. MS21-02-SO8: Security-only Update for Windows Server 2012 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows Server 2012 ▪ Description: Bulletin is based on KB 4601357. Security updates to Windows App Platform and Frameworks, Windows Core Networking, Windows Hybrid Cloud Networking, and Windows Peripherals. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 16 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename]
  • 27. Copyright © 2021 Ivanti. All rights reserved. MS21-02-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE ▪ Description: This security update includes improvements and fixes that were a part of update KB 4598285 (released January 12, 2021). Bulletin is based on KB 4601384. Security updates to Windows App Platform and Frameworks, Windows Hybrid Cloud Networking, and Windows Core Networking. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 16 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename]
  • 28. Copyright © 2021 Ivanti. All rights reserved. MS21-02-SO81: Security-only Update for Win 8.1 and Server 2012 R2 ▪ Maximum Severity: Critical ▪ Affected Products: Microsoft Windows 8.1, Server 2012 R2 ▪ Description: Bulletin is based on KB 4601349. Security updates to Windows App Platform and Frameworks, Windows Hybrid Cloud Networking, and Windows Core Networking. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 16 Vulnerabilities: CVE-2021-1727 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename]
  • 29. Copyright © 2021 Ivanti. All rights reserved. MS21-02-OFF: Security Updates for Microsoft Office ▪ Maximum Severity: Important ▪ Affected Products: Excel 2010-2016, Office Online Server, Office 2019 for macOS, and Office Web Apps Server ▪ Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references 5 KB articles plus release notes for the MacOS Office. ▪ Impact: Remote Code Execution ▪ Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-24067, CVE-2021-24068, CVE-2021-24069 and CVE-2021- 24070 are fixed in this release. ▪ Restart Required: Requires application restart ▪ Known Issues: None reported
  • 30. Copyright © 2021 Ivanti. All rights reserved. MS21-02-O365: Security Updates Microsoft 365 Apps and Office 2019 ▪ Maximum Severity: Important ▪ Affected Products: Microsoft 365 Apps, Office 2019 ▪ Description: This month’s update resolved various bugs and performance issues in Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps security updates is available at https://docs.microsoft.com/en- us/officeupdates/microsoft365-apps-security-updates. ▪ Impact: Remote Code Execution ▪ Fixes 3 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2021-24067, CVE-2021-24069 and CVE-2021-24070 are fixed in this release. ▪ Restart Required: Requires application restart ▪ Known Issues: None reported
  • 31. Copyright © 2021 Ivanti. All rights reserved. MS21-02-SPT: Security Updates for SharePoint Server ▪ Maximum Severity: Important ▪ Affected Products: Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation Server 2010 and 2013, and Microsoft SharePoint Server 2019 ▪ Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on 4 KB articles. ▪ Impact: Remote Code Execution, Spoofing and Information Disclosure ▪ Fixes 4 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2021-1726, CVE-2021-24066, CVE-2021-24071 and CVE-2021-24072 are fixed in this release. ▪ Restart Required: Requires restart ▪ Known Issues: If your customized SharePoint pages use the SPWorkflowDataSource or FabricWorkflowInstanceProvider user control, some functions on those pages may not work. To resolve this issue, see KB 5000640.
  • 32. Copyright © 2021 Ivanti. All rights reserved. MS21-02-MRNET: Monthly Rollup for Microsoft .Net ▪ Maximum Severity: Important ▪ Affected Products: Microsoft Windows .Net Framework 4.6 through 4.8 ▪ Description: This security update addresses a denial of service vulnerability in .NET Framework. This bulletin references 11 KB articles. ▪ Impact: Denial of Service ▪ Fixes 1 Vulnerability: CVE-2021-24111 is not publicly disclosed or known exploited. ▪ Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used. ▪ Known Issues: See next slide
  • 33. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. February Known Issues for .NET Framework Source: Microsoft
  • 34. Copyright © 2021 Ivanti. All rights reserved. MS21-02-SONET: Security-only Update for Microsoft .Net ▪ Maximum Severity: Important ▪ Affected Products: Microsoft Windows .Net Framework 4.6 through 4.8 ▪ Description: This security update addresses a denial of service vulnerability in .NET Framework. This bulletin references 4 KB articles. ▪ Impact: Denial of Service ▪ Fixes 1 Vulnerability: CVE-2021-24111 is not publicly disclosed or known exploited. ▪ Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used. ▪ Known Issues: See previous slide
  • 35. Copyright © 2021 Ivanti. All rights reserved. MS21-02-EXCH: Security Updates for Exchange Server ▪ Maximum Severity: Important ▪ Affected Products: Microsoft Exchange Server 2016 and 2019 ▪ Description: This security update fixes vulnerabilities in Microsoft Exchange. This bulletin is based on KBs 4571787, 4571788, and 4602269. ▪ Impact: Spoofing ▪ Fixes 2 Vulnerabilities: CVE-2021-1730 and CVE-2021-24085 are not publicly disclosed or known exploited. ▪ Restart Required: Requires restart ▪ Known Issues: Multiple issues and workarounds per each respective KB
  • 36. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Between Patch Tuesdays
  • 37. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Release Summary ▪ Security Updates: Firefox (1), Firefox ESR (1), Google Chrome (3), Java 8 (1), Java Development Kit 8 (1), SeaMonkey (1), Thunderbird (1), Wireshark (1) ▪ Non-Security Updates: AIMP (1), AdoptOpenJDK JDK 11 (1), AdoptOpenJDK JDK 8 (1), AdoptOpenJDK JRE 11 (1), AdoptOpenJDK JRE 8 (1), Azul Zulu JDK 11 (1), Azul Zulu JDK 8 (1), Azul Zulu JRE 11 (1), Azul Zulu JRE 8Box Edit (1), BlueJeans Outlook Addin (1), Box Drive (1), Ccleaner (1), ClickShare App Machine-Wide Installer (2), Amazon Corretto 11 (1), Amazon Corretto 8 (1), Cisco WebEx Teams (3), Citrix Workspace App (2), Dropbox (3), Evernote (2), Firefox (1), Firefox ESR, (1), FileZilla Client (1), Google Drive File Stream (1), Falcon sensor for Windows (1), Google Backup and Sync (2), Google Chrome (1), GIT for windows (1), GoodSync (3), Inkscape (1), IrfanView (1), Cisco Jabber (1), Jabra Direct (1), Java Development Kit 11 (1), LibreOffice (1), Nitro Pro (1), Nitro Pro Enterprise (1), Node.JS (4), NextCloud Desktop Client (1), Opera Browser (2), Apache OpenOffice (1), VirtualBox (1), PDF-Xchange PRO (3), Paint.NET (1), Plantronics Hub (1), Plex Media Server (3), RingCentral App (Machine-Wide Installer) (1), Skype (1), Snagit (1), Splunk Universal Forwarder (1), Sourcetree for Windows Enterprise (1), Tableau Desktop (4), Tableau Prep Builder (1), Tableau Reader (1), Thunderbird (1), TortoiseHG (1), Apache Tomcat (3), TeamViewer (2), UltraVNC (1), VLC Media Player (1), VMWare Tools (1), WinDVD Pro (1), WinSCP (1), Wireshark (1), WinMerge (1), WinZip (1), XnView (1), Zoom Client (3), Zoom Outlook Plugin (1)
  • 38. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information ▪ Firefox 85.0 ▪ FF-210126, QFF850 ▪ Fixes 13 Vulnerabilities: CVE-2021-23953, CVE-2021-23954, CVE-2021-23955, CVE-2021-23956, CVE-2021-23957, CVE-2021-23958, CVE-2021-23959, CVE- 2021-23960, CVE-2021-23961, CVE-2021-23962, CVE-2021-23963, CVE-2021- 23964, CVE-2021-23965 ▪ Firefox ESR 78.7.0 ▪ FFE-210126, QFFE7870 ▪ Fixes 5 Vulnerabilities: CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964
  • 39. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont) ▪ Google Chrome 88.0.4324.96 ▪ CHROME-210118, QGC880432496 ▪ Fixes 39 Vulnerabilities: CVE-2020-15995, CVE-2020-16043, CVE-2020-16044, CVE-2021-21106, CVE-2021-21107, CVE-2021-21108, CVE-2021-21109, CVE- 2021-21110, CVE-2021-21111, CVE-2021-21112, CVE-2021-21113, CVE-2021- 21114, CVE-2021-21115, CVE-2021-21116, CVE-2021-21117, CVE-2021-21118, CVE-2021-21119, CVE-2021-21120, CVE-2021-21121, CVE-2021-21122, CVE- 2021-21123, CVE-2021-21124, CVE-2021-21125, CVE-2021-21126, CVE-2021- 21127, CVE-2021-21128, CVE-2021-21129, CVE-2021-21130, CVE-2021-21131, CVE-2021-21132, CVE-2021-21133, CVE-2021-21134, CVE-2021-21135, CVE- 2021-21136, CVE-2021-21137, CVE-2021-21138, CVE-2021-21139, CVE-2021- 21140, CVE-2021-21141
  • 40. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont) ▪ Google Chrome 88.0.4324.146 ▪ CHROME-210202, QGC8804324146 ▪ Fixes 26 Vulnerabilities: CVE-2020-16044, CVE-2021-21117, CVE-2021-21118, CVE-2021-21119, CVE-2021-21120, CVE-2021-21121, CVE-2021-21122, CVE- 2021-21123, CVE-2021-21124, CVE-2021-21125, CVE-2021-21126, CVE-2021- 21127, CVE-2021-21128, CVE-2021-21129, CVE-2021-21130, CVE-2021-21131, CVE-2021-21132, CVE-2021-21133, CVE-2021-21134, CVE-2021-21135, CVE- 2021-21136, CVE-2021-21137, CVE-2021-21138, CVE-2021-21139, CVE-2021- 21140, CVE-2021-21141 ▪ Google Chrome 88.0.4324.150 ▪ CHROME-210204, QGC8804324150 ▪ Fixes 1 Vulnerability: CVE-2021-21148
  • 41. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont) ▪ Java 8 Update 281 ▪ JAVA8-281, QJAVA8U281 ▪ Fixes 1 Vulnerability: CVE-2021-14803 ▪ Java Development Kit 8 Update 281 ▪ JDK8-281, QJDK8U281 ▪ Fixes 1 Vulnerability: CVE-2021-14803 ▪ Wireshark 3.4.3 ▪ WIRES34-210201, QWIRES343 ▪ Fixes 2 Vulnerabilities: CVE-2021-22173, CVE-2021-22174 ▪ Thunderbird 78.7.0 ▪ TB-210127, QTB7870 ▪ Fixes 6 Vulnerabilities: CVE-2020-15685, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964
  • 42. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont) ▪ SeaMonkey 2.53.6 ▪ SM20-210122, QSM2536 ▪ Fixes 14 Vulnerabilities: CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE- 2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12371, CVE-2018-5156, CVE-2018-5187, CVE-2018-5188
  • 43. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Q & A
  • 44. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Thank You!