Weitere ähnliche Inhalte Ähnlich wie 2021 June Patch Tuesday (20) Kürzlich hochgeladen (20) 2021 June Patch Tuesday1. Copyright © 2021 Ivanti. All rights reserved.
Patch Tuesday Webinar
Wednesday, June 9, 2021
Hosted by: Chris Goettl & Todd Schell
2. Copyright © 2021 Ivanti. All rights reserved.
Agenda
June 2021 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A
1
2
3
4
5
3. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Overview
4. Copyright © 2021 Ivanti. All rights reserved.
June Patch Tuesday 2021
Microsoft has just released the June Patch Tuesday updates and it is a hot one! There are 49 unique
vulnerabilities, six of which have been detected in exploits in the wild. Fortunately, these are all in the
monthly OS rollups so you can knock them out in one update per system. Many of the exploited
vulnerabilities are only rated as Important and have lower CVSSv3 base scores, which can cause them to
be missed in prioritization in some organizations. This brings a very important prioritization challenge to the
forefront this month. Vendor severity ratings and scoring systems like CVSS may not reflect the real-world
risk in many cases. Adopting a Risk-based Vulnerability Management approach and using additional risk
indicators and telemetry on real-world attack trends is vital to stay ahead of threats like modern
ransomware. And good news for Microsoft Exchange admins, if you are caught up you get this month off! No
additional updates for exchange this month!
5. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
In the News
6. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
In the News
Source: Microsoft
Windows 10 21H1 Released May 18
https://docs.microsoft.com/en-us/windows/release-
health/release-information
Enablement packages provide updates from Windows 10 2004
or Windows 10 20H2
PuzzleMaker attacks exploit Windows zero-day,
chrome vulnerabilities
https://www.zdnet.com/article/puzzlemaker-attacks-exploit-
windows-chrome-zero-day-vulnerabilities/
Feds recover more than $2 million in ransomware
payments from Colonial Pipeline hackers
https://www.washingtonpost.com/business/2021/06/07/colonial
-pipeline-ransomware-payment-recovered/
7. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Threat Actors Shift Tactics Quickly
Q4 2020 Q1 2020
8. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Known Exploited Vulnerabilities
CVE-2021-31199 Enhanced Cryptographic Provider Elevation of Privilege
Vulnerability
CVSS 3.0 Scores: 5.2 / 4.8
Severity: Important
CVE-2021-31201 Microsoft Enhanced Cryptographic Provider Elevation of
Privilege Vulnerability
CVSS 3.0 Scores 5.2 / 4.8
Severity: Important
CVE-2021-31955 Windows Kernel Information Disclosure Vulnerability
CVSS 3.0 Scores 5.5 / 5.1
Severity: Important
Source: Microsoft
9. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Known Exploited Vulnerabilities (cont)
CVE-2021-31956 Windows NTFS Elevation of Privilege Vulnerability
CVSS 3.0 Scores: 7.8 / 7.2
Severity: Important
CVE-2021-33742 Windows MSHTML Platform Remote Code Execution
Vulnerability
CVSS 3.0 Scores: 7.5 / 7.0
Severity: Critical
Source: Microsoft
10. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Known Exploited and Disclosed Vulnerability
CVE-2021-33739 Microsoft DWM Core Library Elevation of Privilege
Vulnerability
CVSS 3.0 Scores: 8.4 / 7.8
Severity: Important
Source: Microsoft
11. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Publicly Disclosed Vulnerability
CVE-2021-31968 Windows Remote Desktop Services Denial of
Service Vulnerability
CVSS 3.0 Scores: 7.5 / 6.5
Severity: Important
Source: Microsoft
12. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Microsoft Patch Tuesday Updates of Interest
Advisory 990001 Latest Servicing Stack Updates (SSU)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
Updated SSUs this month
Windows 10 1809/Server 2019
Windows 10 1909/Server, version 1909
Development Tool and Other Updates
.NET 5.0 and .NET Core 3.1
Visual Studio 2019 v16.4-16.10
Visual Studio 2019 for Mac version 8.10
Visual Studio Code (Kubernetes Tools)
Source: Microsoft
13. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Windows 10 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
21H1 5/18/2021 12/13/2022
20H2 10/20/2020 5/9/2023
2004 5/27/2020 12/14/2021
1909 11/12/2019 5/10/2022
Windows 10 Pro and Pro Workstation
Version Release Date End of Support Date
21H1 5/18/2021 12/13/2022
20H2 10/20/2020 5/10/2022
2004 5/27/2020 12/14/2021
Windows Datacenter and Standard Server
Version Release Date End of Support Date
20H2 10/20/2020 5/10/2022
2004 5/27/2020 12/14/2021
Lifecycle Fact Sheet
https://docs.microsoft.com/en-us/lifecycle/faq/windows
14. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Patch Content Announcements
Announcements Posted on Community Forum Pages
https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
Subscribe to receive email for the desired product(s)
15. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Bulletins and Releases
16. Copyright © 2021 Ivanti. All rights reserved.
APSB21-37: Security Update for Adobe Acrobat and Reader
Maximum Severity: Critical
Affected Products: Adobe Acrobat and Reader (all current versions)
Description: Adobe has released security updates for Adobe Acrobat and Reader for
Windows and macOS. These updates address 5 critical vulnerabilities. Successful
exploitation could lead to arbitrary code execution in the context of the current user.
See https://helpx.adobe.com/security/products/acrobat/apsb21-37.html for more
details.
Impact: Remote Code Execution
Fixes 5 Vulnerabilities: CVE-2021-28551, CVE-2021-28552, CVE-2021-28554,
CVE-2021-28631 and CVE-2021-28632
Restart Required: Requires application restart
17. Copyright © 2021 Ivanti. All rights reserved.
MS21-06-W10: Windows 10 Update
Maximum Severity: Critical
Affected Products: Microsoft Windows 10 Versions 1607, 1809, 1909, 2004, 20H2,
21H1, Server 2016, Server 2019, Server version 1909, Server version 2004, Server
version 20H2, IE 11, and Edge Chromium
Description: This bulletin references 5 KB articles. See KBs for the list of changes.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege and Information Disclosure
Fixes 26 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, CVE-2021-31955,
CVE-2021-31956, CVE-2021-33739 and CVE-2021-33742 are known exploited. CVE-
2021-31968 and CVE-2021-33739 are publicly disclosed. See the Security Update
Guide for the complete list of CVEs.
Restart Required: Requires restart
Known Issues: See next slides
18. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
June Known Issues for Windows 10
KB 5003646 – Windows 10, Version 1809, Server 2019
[Asian Packs] After installing KB 4493509, devices with some Asian language
packs installed may receive the error, "0x800f0982 -
PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall
and reinstall any recently added language packs or select Check for Updates and
install the April 2019 Cumulative Update. See KB for more recovery details.
Microsoft is working on a resolution.
[Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail
to start because a Cluster Network Driver is not found. Workaround: This issue
occurs because of an update to the PnP class drivers used by this service. After
about 20 minutes, you should be able to restart your device and not encounter this
issue. For more information about the specific errors, cause, and workaround for
this issue, please see KB 5003571.
19. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
June Known Issues for Windows 10 (cont)
KB 5003635 – Windows 10 version 1909
[Outdated Updates] System and user certificates might be lost when updating a
device from Windows 10, version 1809 or later to a later version of Windows 10.
This primarily happens when managed devices are updated using outdated
bundles or media through an update management tool such as Windows Server
Update Services (WSUS) or Microsoft Endpoint Configuration Manager.
Note: Devices using Windows Update for Business or that connect directly to
Windows Update are not impacted.
Workaround: If you have already encountered this issue on your device, you can
mitigate it within the uninstall window by going back to your previous version of
Windows. The uninstall window might be 10 or 30 days depending on the
configuration of your environment and the version you’re updating to. See
directions here.
Microsoft is working on a resolution.
20. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
June Known Issues for Windows 10 (cont)
KB 5003637 – Windows 10 version 2004, Windows Server version
2004, Windows 10 version 20H2, Windows Server version 20H2,
Windows 10 version 21H1
[Editor] When using the Microsoft Japanese Input Method Editor (IME) to enter
Kanji characters in an app that automatically allows the input of Furigana
characters, you might not get the correct Furigana characters. You might need to
enter the Furigana characters manually. Workaround: Microsoft is working on a
resolution.
[Edge Removed] Devices with Windows installations created from custom offline
media or custom ISO image might have Microsoft Edge Legacy removed by this
update, but not automatically replaced by the new Microsoft Edge. Devices that
connect directly to Windows Update to receive updates are not affected.
Workaround: Slipstream the SSU released March 29, 2021 or later into the
custom offline media or ISO image before slipstreaming the LCU. See KB for
details.
21. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
June Known Issues for Windows 10 (cont)
[Game Lag] A small subset of users have reported lower than expected
performance in games after installing this update. Most users affected by this issue
are running games full screen or borderless windowed modes and using two or
more monitors. Workaround: This issue is resolved using Known Issue Rollback
(KIR). Please note that it might take up to 24 hours for the resolution to propagate
automatically to consumer devices and non-managed business devices.
Restarting your device might help the resolution apply to your device faster. See
KB for more info on KIR and Group Policy options.
[Audio] After installing this update, 5.1 Dolby Digital audio may play containing a
high-pitched noise or squeak in certain apps when using certain audio devices and
Windows settings. Workaround: Try streaming the video or audio in a web
browser or different app, instead of the app affected by this issue. Enable Spatial
sound settings by right clicking or long pressing on the volume icon in the
notification area, selecting Spatial sound (Off) and selecting any of the available
options. Microsoft is working on a resolution.
[Outdated Updates]
22. Copyright © 2021 Ivanti. All rights reserved.
MS21-06-IE: Security Updates for Internet Explorer
Maximum Severity: Critical
Affected Products: Internet Explorer 9 and 11
Description: The fixes that are included in the cumulative Security Update for
Internet Explorer are also included in the June 2020 Security Monthly Quality Rollup.
Installing either the Security Update for Internet Explorer or the Security Monthly
Quality Rollup installs the fixes that are in the cumulative update. This bulletin
references KB 5003636.
Impact: Remote Code Execution
Fixes 3 Vulnerabilities: CVE-2021-33742 is known exploited. It also fixes CVE-
2021-31959 and CVE-2021-31971.
Restart Required: Requires browser restart
Known Issues: None reported
23. Copyright © 2021 Ivanti. All rights reserved.
MS21-06-MR2K8-ESU: Monthly Rollup for Windows Server 2008
Maximum Severity: Critical
Affected Products: Microsoft Windows Server 2008 and IE 9
Description: This security update includes improvements and fixes that were a part
of update KB 5003210 (released May 11, 2021). Bulletin is based on KB 5003661.
Security updates to Windows App Platform and Frameworks, Windows Cloud
Infrastructure, Windows Authentication, Windows Fundamentals, Windows Storage
and Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.
Impact: Remote Code Execution, Security Feature Bypass, and Elevation of Privilege
Fixes 12 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, CVE-2021-31956,
and CVE-2021-33742 are known exploited. No vulnerabilities are publicly disclosed.
See the Security Update Guide for the complete list of CVEs.
Restart Required: Requires restart
Known Issues: [File Rename] See next slide.
24. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
June Known Issues for Server 2008
KB 5003661 – Windows Server 2008 (Monthly Rollup)
[SQL Failure] After installing this update or later updates, connections to SQL Server 2005
might fail. Workaround: This is expected behavior due to a security hardening change in
this update. To resolve this issue, you will need to update to a supported version of SQL
Server.
[File Rename] Certain operations, such as rename, that you perform on files or folders that
are on a Cluster Shared Volume (CSV) may fail with the error,
“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform
the operation on a CSV owner node from a process that doesn’t have administrator
privilege. Workaround: Perform the operation from a process that has administrator
privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft
is working on a resolution.
KB 5003695 – Windows Server 2008 (Security-only Update)
[SQL Failure]
[File Rename]
25. Copyright © 2021 Ivanti. All rights reserved.
MS21-06-SO2K8-ESU: Security-only Update for Windows Server 2008
Maximum Severity: Important
Affected Products: Microsoft Windows Server 2008
Description: Bulletin is based on KB 5003695. Security updates to Windows App
Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication,
Windows Fundamentals, and Windows Storage and Filesystems.
Impact: Security Feature Bypass and Elevation of Privilege
Fixes 10 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, and CVE-2021-
31956 are known exploited. No vulnerabilities are publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
Restart Required: Requires restart
Known Issues: See previous slide.
26. Copyright © 2021 Ivanti. All rights reserved.
MS21-06-MR7-ESU: Monthly Rollup for Win 7
MS21-06-MR2K8R2-ESU Monthly Rollup for Server 2008 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
Description: This security update includes improvements and fixes that were a part of
update KB 5003233 (released May 11, 2021). Bulletin is based on KB 5003667. Security
updates to Windows App Platform and Frameworks, Windows Cloud Infrastructure,
Windows Authentication, Windows Fundamentals, Windows Remote Desktop, Windows
Storage and Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service and
Elevation of Privilege
Fixes 14 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, CVE-2021-31956,
and CVE-2021-33742 are known exploited. CVE-2021-31968 is publicly disclosed. See
the Security Update Guide for the complete list of CVEs.
Restart Required: Requires restart
Known Issues: [SQL Failure] and [File Rename]
27. Copyright © 2021 Ivanti. All rights reserved.
MS21-06-SO7-ESU: Security-only Update for Win 7
MS21-06-SO2K8R2-ESU: Security-only Update for Server 2008 R2
Maximum Severity: Important
Affected Products: Microsoft Windows 7 and Server 2008 R2
Description: Bulletin is based on KB 5003694. Security updates to Windows App
Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication,
Windows Fundamentals, Windows Remote Desktop, and Windows Storage and
Filesystems.
Impact: Security Feature Bypass, Denial of Service and Elevation of Privilege
Fixes 11 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, and CVE-2021-
31956 are known exploited. CVE-2021-31968 is publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
Restart Required: Requires restart
Known Issues: [SQL Failure] and [File Rename]
28. Copyright © 2021 Ivanti. All rights reserved.
MS21-06-MR8: Monthly Rollup for Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Windows Server 2012 and IE
Description: This security update includes improvements and fixes that were a part of
update KB 5003208 (released previous May 11, 2021). Bulletin is based on KB
5003697. Security updates to Windows App Platform and Frameworks, Windows Cloud
Infrastructure, Windows Authentication, Windows Fundamentals, Windows Storage and
Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege and Information Disclosure
Fixes 18 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, CVE-2021-31956,
and CVE-2021-33742 are known exploited. CVE-2021-31968 is publicly disclosed. See
the Security Update Guide for the complete list of CVEs.
Restart Required: Requires restart
Known Issues: [File Rename]
29. Copyright © 2021 Ivanti. All rights reserved.
MS21-06-SO8: Security-only Update for Windows Server 2012
Maximum Severity: Important
Affected Products: Microsoft Windows Server 2012
Description: Bulletin is based on KB 5003696. Security updates to Windows App
Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication,
Windows Fundamentals, and Windows Storage and Filesystems.
Impact: Security Feature Bypass, Denial of Service, Elevation of Privilege and
Information Disclosure
Fixes 15 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, and CVE-2021-
31956 are known exploited. CVE-2021-31968 is publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
Restart Required: Requires restart
Known Issues: [File Rename]
30. Copyright © 2021 Ivanti. All rights reserved.
MS21-06-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
Description: This security update includes improvements and fixes that were a part
of update KB 5003209 (released May 11, 2021). Bulletin is based on KB 5003671.
Security updates to Windows App Platform and Frameworks, Windows Cloud
Infrastructure, Windows Authentication, Windows Fundamentals, Windows Storage
and Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege and Information Disclosure
Fixes 19 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, CVE-2021-31956,
and CVE-2021-33742 are known exploited. CVE-2021-31968 is publicly disclosed.
See the Security Update Guide for the complete list of CVEs.
Restart Required: Requires restart
Known Issues: [File Rename]
31. Copyright © 2021 Ivanti. All rights reserved.
MS21-06-SO81: Security-only Update for Win 8.1 and Server 2012 R2
Maximum Severity: Important
Affected Products: Microsoft Windows 8.1, Server 2012 R2
Description: Bulletin is based on KB 5003681. Security updates to Windows App
Platform and Frameworks, and Windows Silicon Platform.
Impact: Security Feature Bypass, Denial of Service, Elevation of Privilege and
Information Disclosure
Fixes 16 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, and CVE-2021-
31956 are known exploited. CVE-2021-31968 is publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
Restart Required: Requires restart
Known Issues: [File Rename]
32. Copyright © 2021 Ivanti. All rights reserved.
MS21-06-SPT: Security Updates for SharePoint Server
Maximum Severity: Critical
Affected Products: Microsoft SharePoint Foundation Server 2013, Microsoft
SharePoint Enterprise Server 2013, Microsoft SharePoint Enterprise Server 2016, and
Microsoft SharePoint Server 2019
Description: This security update resolves vulnerabilities in Microsoft Office that
could allow remote code execution if a user opens a specially crafted Office file. This
bulletin is based on 8 KB articles.
Impact: Remote Code Execution, Spoofing and Information Disclosure
Fixes 7 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited. CVE-2021-26420, CVE-2021-31948, CVE-2021-31950, CVE-2021-31963,
CVE-2021-31964, CVE-2021-31965, and CVE-2021-31966 are fixed in this release.
Restart Required: Requires restart
Known Issues: See next slide
33. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
June Known Issues for SharePoint Server
KB 5001962 – SharePoint Foundation 2013
[URL Block] DataFormWebPart may be blocked from accessing an external URL, and it
generates "8scdc"event tags in SharePoint Unified Logging System (ULS) logs.
Workaround: Contact the farm administrator to use PowerShell to add the blocked host
name to SPFarm.AllowedSafeDomain. For more information, see KB 5004210.
KB 5001946 – SharePoint Enterprise Server 2016
[URL Block]
KB 5001944 – SharePoint Server 2019
[URL Block]
34. Copyright © 2021 Ivanti. All rights reserved.
MS21-06-OFF: Security Updates for Microsoft Office
Maximum Severity: Important
Affected Products: Excel 2013-2016, Office 2013-2016, Office 2019 for macOS,
Office Online Server, Office Web Apps 2013, Outlook 2013-2016
Description: This security update resolves multiple vulnerabilities in Microsoft Office
applications. Consult the Security Update Guide for specific details on each. This
bulletin references 10 KB articles plus release notes for the macOS Office.
Impact: Remote Code Execution
Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited. CVE-2021-31939, CVE-2021-31940, CVE-2021-31941 and CVE-2021-
31949 are fixed in this release.
Restart Required: Requires application restart
Known Issues: None reported
35. Copyright © 2021 Ivanti. All rights reserved.
MS21-06-O365: Security Updates Microsoft 365 Apps and Office 2019
Maximum Severity: Important
Affected Products: Microsoft 365 Apps, Office 2019
Description: This month’s update resolved various bugs and performance issues in
Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps
security updates is available at https://docs.microsoft.com/en-
us/officeupdates/microsoft365-apps-security-updates.
Impact: Remote Code Execution
Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited. CVE-2021-31939, CVE-2021-31940, CVE-2021-31941 and CVE-2021-
31949 are fixed in this release.
Restart Required: Requires application restart
Known Issues: None reported
36. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Between Patch Tuesdays
37. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Release Summary
Security Updates (with CVEs): Google Chrome (1), Firefox (1), Firefox ESR (1),
Thunderbird (2), VMware Horizon Client (1), VMware Workstation Player (1), VMware
Workstation Pro (1)
Security (w/o CVEs): Audacity (1), Camtasia (1), CCleaner (1), ClickShare App Machine-
Wide Installer (1), Falcon sensor for Windows (1), Dropbox (2), Evernote (3), FileZilla Client (4),
GoodSync (6), GIT for Windows (1), LibreOffice (1), Malwarebytes (1), Node.JS 14.17.0 (3),
Notepad++ (1), Opera (4), Pidgin (1), Plex Media Server (5), Skype (2), Slack Machine-Wide
Installer (4), Snagit (2), Splunk Universal Forwarder (2), Tableau Desktop (5), Tableau Prep Builder
(1), Tableau Reader (1), Apache Tomcat (2), TeamViewer (5), VLC Media Player (2), Wireshark (2),
Zoom Client (2), Zoom Outlook Plugin (1)
Non-Security Updates: AIMP (2), Allway Sync (1), BlueJeans Outlook Addin (1), Google
Drive File Stream (1), Inkscape (1), IrfanView (1), BlueJeans (3), R for Windows 4.1.0 (1),
RingCentral App (Machine-Wide Installer) (1), TortoiseHG (1), RealVNC Viewer (1), Cisco WebEx
Teams (2)
38. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Third Party CVE Information
Google Chrome 91.0.4472.77
CHROME-210525, QGC910447277
Fixes 21 Vulnerabilities: CVE-2021-21212, CVE-2021-30521, CVE-2021-30522,
CVE-2021-30523, CVE-2021-30524, CVE-2021-30525, CVE-2021-30526, CVE-
2021-30527, CVE-2021-30528, CVE-2021-30529, CVE-2021-30530, CVE-2021-
30531, CVE-2021-30532, CVE-2021-30533, CVE-2021-30534, CVE-2021-30535,
CVE-2021-30536, CVE-2021-30537, CVE-2021-30538, CVE-2021-30539, CVE-
2021-30540
Thunderbird 78.10.2
TB-210517, QTB78102
Fixes 2 Vulnerabilities: CVE-2021-29956, CVE-2021-29957
Thunderbird 78.11.0
TB-210603, QTB78102
Fixes 2 Vulnerabilities: CVE-2021-29964, CVE-2021-29967
39. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Third Party CVE Information (cont)
Firefox 89.0
FF-210601, QFF890
Fixes 9 Vulnerabilities: CVE-2021-29959, CVE-2021-29960, CVE-2021-29961,
CVE-2021-29962, CVE-2021-29963, CVE-2021-29964, CVE-2021-29965, CVE-
2021-29966, CVE-2021-29967
Firefox ESR 78.11.0
FFE-210601, QFFE78110
Fixes 2 Vulnerabilities: CVE-2021-29964, CVE-2021-29967
VMware Horizon Client 5.5.2
VMWH5-210521, QVMWH552
Fixes 3 Vulnerabilities: CVE-2021-21987, CVE-2021-21988, CVE-2021-21989
40. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Third Party CVE Information (cont)
VMware Workstation Player 16.1.2
VMWP16-210519, QVMWP1612
Fixes 3 Vulnerabilities: CVE-2021-21987, CVE-2021-21988, CVE-2021-21989
VMware Workstation Pro 16.1.2
VMWW16-210519, QVMWW1612
Fixes 3 Vulnerabilities: CVE-2021-21987, CVE-2021-21988, CVE-2021-21989
41. Copyright © 2021 Ivanti. All rights reserved.
Copyright © 2021 Ivanti. All rights reserved.
Q & A
42. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved.
Thank You!