2024 Ivanti October Patch Tuesday Webinar
GoIvanti
616 views
45 slides
Oct 10, 2024
Slide 1 of 45
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
About This Presentation
October is Cybersecurity Awareness Month! What better way to stay cyber-aware than to read up on the latest security updates hitting the market. Microsoft released updates for Windows, Office, .Net and several Azure services resolving a total of 117 new CVEs. There are two Zero-Day Exploits both of ...
Slide Content
Hosted by Chris Goettl and Todd Schell Patch Tuesday Webinar Wednesday, October 9, 2024
Agenda October 2024 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
October is Cybersecurity Awareness Month! What better way to stay cyber-aware than to read up on the latest security updates hitting the market. Microsoft released updates for Windows, Office, .Net and several Azure services resolving a total of 117 new CVEs. There are two Zero-Day Exploits both of which have also been publicly disclosed. In addition, there are three CVEs that have been publicly disclosed, but no reports of exploitation. Additional security updates from Google and Zoom were released, but the top priority will be the Windows OS update this month which addresses both zero-day exploits that Microsoft resolved. For more details check out this month's Patch Tuesday blog . October Patch Tuesday 2024
In the News
In the News Windows 11 24H2 is RTM as of October 1 https://learn.microsoft.com/en-us/windows/whats-new/whats-new-windows-11-version-24h2 Windows 11 Pro: Serviced for 24 months from the release date. Windows 11 Enterprise: Serviced for 36 months from the release date. Windows 11 Enterprise LTSC 2024 https://learn.microsoft.com/en-us/windows/whats-new/ltsc/whats-new-windows-11-2024 The LTSC release is intended for special use devices Five years of Mainstream Support; no Extended Support The IoT Enterprise LTSC 2024 version receives 10 years of support Office LTSC 2024 https://learn.microsoft.com/en-us/office/ltsc/2024/overview Designed for disconnected environments F ive years of Mainstream Support; no Extended Support Standard devices should use O365 Apps Windows Server 2025 (preview) https://learn.microsoft.com/en-us/windows-server/get-started/whats-new-windows-server-2025 Formal RTM expected at Ignite 2024 in November
In the News Windows Security Function Bypassed By New 0-Day Threat, Microsoft Says https://www.forbes.com/sites/daveywinder/2024/09/11/windows-security-function-bypassed-by-new-0-day-threat-microsoft-says/ 'Void Banshee' Exploits Second Microsoft Zero-Day https://www.darkreading.com/application-security/void-banshee-exploits-second-microsoft-zero-day Patch Tuesday: Microsoft Fixes Management Console RCE Zero-Day https://www.channele2e.com/brief/patch-tuesday-microsoft-fixes-management-console-rce-zero-day
CVE-2024 -43572 Microsoft Management Console Remote Code Execution Vulnerability CVSS 3.1 Scores: 7.8 / 7.2 Severity: Important Impact: Remote Code Execution Affected Systems: All currently supported Windows operating systems Per Microsoft: To exploit this vulnerability, an attacker through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. The security update will prevent untrusted Microsoft Saved Console (MSC) files from being opened to protect customers against the risks associated with this vulnerability. Publicly Disclosed and Known Exploited Vulnerabilities
CVE-2024 -43573 Windows MSHTML Platform Spoofing Vulnerability CVSS 3.1 Scores: 6.5 / 6.0 Severity: Moderate Impact: Spoofing Affected Systems: Windows 10, Windows 11, Server 2016, Server 2019, and Server 2022 Per Microsoft: While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML , and scripting platforms are still supported. These supported components are still used by several applications and the operating system. Publicly Disclosed and Known Exploited Vulnerabilities ( cont )
CVE-2024 -6197 Open Source Curl Remote Code Execution Vulnerability CVSS 3.1 Scores: 8.8 / 7.7 Severity: Important Impact: Remote Code Execution Affected Systems: Windows 10, Windows 11, Server 2019, and Server 2022 Per Microsoft: While the upstream advisory applies to curl, the command line tool, and libcurl as embedded in all manner of software, Windows does not ship libcurl but only ships the curl command line. This vulnerability requires user interaction to select the server and to communicate with it. CVE-2024 -20659 Windows Hyper-V Security Feature Bypass Vulnerability CVSS 3.1 Scores: 7.1 / 6.6 Severity: Important Impact: Security Feature Bypass Affected Systems: Windows 10, Windows 11, Server 2019, and Server 2022 Per Microsoft: Successful exploitation of this vulnerability requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token. Publicly Disclosed Vulnerabilities
CVE-2024 -43583 Winlogon Elevation of Privilege Vulnerability CVSS 3.1 Scores: 7.8 / 6.8 Severity: Important Impact: Elevation of Privilege Affected Systems: All currently supported Windows operating systems Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To address this vulnerability, ensure that a Microsoft first-party IME is enabled on your device. By doing so, you can help protect your device from potential vulnerabilities associated with a third-party (3P) IME during the sign in process. For further information on how to enable a Microsoft first-party IME on your device, see KB5046254: Vulnerability when using a third-party Input Method Editor at the Microsoft Windows sign in screen . Publicly Disclosed Vulnerabilities ( cont )
Velocity License Server Ivanti Cloud Service Appliance Security Advisory: Ivanti Endpoint Manager Mobile Security Advisory: Velocity License Server Vulnerabilities: CVE-2024-9167 CVSS: 7.0 Affected Versions: 5.1 versions prior to 5.1.2 Security Advisory: Ivanti Cloud Service Appliance Ivanti Endpoint Manager Mobile Ivanti October Security Updates Vulnerabilities: CVE-2024-9379 CVSS: 6.5 CVE-2024-9380 CVSS: 7.2 CVE-2024-9381 CVSS: 7.2 Affected Versions: CSA 5.0.1 and prior NOTE: Ivanti CSA 4.6 is EOL . All customers must upgrade to CSA 5.0 for continued support. Vulnerabilities: CVE-2024-7612 CVSS: 8.8 Affected Versions: 12.1.0.3 and prior Exploitation of CSA 4.6 is reported when CVE-2024-9379 or CVE-2024-9380 are chained with CVE-2024-8963, which is present in CSA version 4.6 patch 518 and below.
Ivanti Connect Secure and Policy Secure Ivanti Avalanche Security Advisory: Ivanti Connect Secure and Policy Secure Vulnerabilities: CVE-2024-37404 CVSS: 9.1 Affected Versions: Connect Secure: All versions before 22.7R2.1 Policy Secure: All versions before 22.7R1.1 Security Advisory: Ivanti Avalanche 6.4.5 Ivanti October Security Updates ( cont ) Vulnerabilities: CVE-2024-47007 CVSS: 7.5 CVE-2024-47008 CVSS: 7.5 CVE-2024-47009 CVSS: 7.3 CVE-2024-47010 CVSS: 7.3 CVE-2024-47011 CVSS: 7.5 Affected Versions: 6.4.2.313 and below Thanks to Richard Warren from AmberWolf for his assistance in helping protect our customers
CVE-2024-37371 CVSS 3: 9.1 Impact: Debian 11,12, Ubuntu 16, 18, Enterprise Linux 6, 7, 8 and derivatives. A bug in MIT Kerberos 5 (krb5) before 1.21.3 can be exploited to trigger invalid memory reads (during GSS message token handling by sending message tokens with invalid length fields) by an attacker. This piece of software is especially critical in mixed Windows/Linux environments, as it is a component of the Kerberos protocol negotiation that happens with Active Directory. This flaw was originally disclosed in June, but has been updated to reflect also affecting Debian 11 and 12 Mitigation The most effective way to mitigate this vulnerability is to update the MIT Kerberos 5 to version 1.21.3 or later. The latest version contains patches that address this specific issue. You can find the latest version on the official MIT Kerberos website and your distro repositories. New and Notable Linux Vulnerabilities: 1 Highlighted by TuxCare
CVE-2024-45492 CVSS 3: 9 .8 Impact: Affects Ubuntu 16,18, and all Enterprise Linux 6, 7, 8 and variants expat is an XML parsing utility. libexpat , the component providing expat functionality to third party applications, contains a flaw in its xml parsing logic which can be abused in 32-bit platforms by overflowing a buffer. Buffer overflow can lead to memory corruption, unstable systems or data exfiltration. libexpat is a component of multiple third-party applications, so you could be running it unknowingly Mitigation To mitigate, ensure that you are using libexpat version 2.6.3 or later. The patch addressing this issue is available and should be applied as soon as possible. New and Notable Linux Vulnerabilities: 2 Highlighted by TuxCare
CVE-2024-47076 , CVE-2024-47175 , CVE-2024-47176 and CVE-2024-47177 (chain of CVEs affecting CUPS) CVSS 3: disputed score of 10.0* Impact: This flaw affects all CUPS installations across the board The CUPS daemon (the printing component for a Linux system) can be tricked, remotely, into accepting any IP as a “printer,” and when the system then tries to print to that printer, can be exploited into running arbitrary code as root Mitigation Check or disable cups on all systems, or at least never expose cupsd to the internet (which is sane advice in any scenario, regardless of CVEs) To stop a running cups-browsed service, an administrator should use the following command: $ sudo systemctl stop cups-browsed The cups-browsed service can also be prevented from starting on reboot with: $ sudo systemctl disable cups-browsed *CVSS score is disputed because cupsd is (typically) not running by default on server installations and requires a printing operation be initiated on an unknown printer New and Notable Linux Vulnerabilities: 3 Highlighted by TuxCare
Microsoft Patch Tuesday Updates of Interest Advisory 990001 Latest Servicing Stack Updates (SSU) https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001 Server 2012/2012 R2 ESU (see graphic) Azure and Development Tool Updates .NET 6.0 .NET 8.0 Azure CLI Azure Monitor Agent Azure Service Connector Azure Service Fabric for Linux Visual Studio 2017 version 15.9 Visual Studio 2019 version 16.11 Visual Studio 2022 17.6 – 17.11 Source: Microsoft
Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 Windows 10 Home and Pro Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 Windows 11 Home and Pro Version Release Date End of Support Date 23H2 10/31/2023 11/11/2025 22H2 9/20/2022 10/8/2024 Windows 11 Enterprise and Education Windows 10 Enterprise and Education Version Release Date End of Support Date 23H2 10/31/2023 11/10/2026 22H2 9/20/2022 10/14/2025 21H2 10/4/2021 10/8/2024 Source: Microsoft https://docs.microsoft.com/en-us/lifecycle/faq/windows
Server Long-term Servicing Channel Support Server LTSC Support Version Editions Release Date Mainstream Support Ends Extended Support Ends Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031 Windows Server 2019 (Version 1809) Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029 Windows Server 2016 (Version 1607) Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027 https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info Focused on server long-term stability Major version releases every 2-3 years 5 years mainstream and 5 years extended support Server core or server with desktop experience available Source: Microsoft
Patch Content Announcements Announcements Posted on Community Forum Pages https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2 Subscribe to receive email for the desired product(s) Content Info: Endpoint Security Content Info: Endpoint Manager Content Info: macOS Updates Content Info: Linux Updates Content Info: Patch for Configuration Manager Content Info: ISEC and Neurons Patch Content Info: Neurons Patch for InTune
Bulletins and Releases
CHROME-241008: Security Update for Chrome Desktop Maximum Severity: Critical Affected Products: Google Chrome Description: The Stable channel has been updated to 129.0.6668.100/.101 for Windows, Mac and 129.0.6668.100 for Linux. This update addresses 2 reported vulnerabilities which are rated High. Impact: Remote Code Execution Fixes 2 Vulnerabilities: See https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html for more details. Restart Required: Requires application restart 1
ZSB-24037: Zoom Workplace Apps - Incorrect User Management Maximum Severity: Important Affected Products: Zoom Workplace App, Zoom Workplace VDI Client, Zoom Rooms App, Zoom Rooms Controller, and Zoom Meeting SDK Description: Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. See ZSB-24037 for full details. Impact: Information Disclosure Fixes 1 Vulnerability: CVE-2024-45425 Restart Required: Requires application restart Known Issues: None 1 2
ZSB-24038: Zoom Workplace Apps - Incorrect Ownership Assignment Maximum Severity: Important Affected Products: Zoom Workplace App, Zoom Workplace VDI Client, Zoom Rooms App, Zoom Rooms Controller, and Zoom Meeting SDK Description: Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. See ZSB-24038 for full details. Impact: Information Disclosure Fixes 1 Vulnerability: CVE-2024-45426 Restart Required: Requires application restart Known Issues: None 1 2
MS24-10-W11: Windows 11 Update Maximum Severity: Critical Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2, 24H2 and Edge Chromium Description: This bulletin references KB 5044280 (21H2), KB 5044285 (22H2/23H2), and KB 5044284 (24H2). See KBs for details of all changes. Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege, and Information Disclosure Fixes 68 Vulnerabilities: CVE-2024-43572 and CVE-2024-43573 are publicly disclosed and known exploited. CVE-2024-6197 , CVE-2024-20659 and CVE-2024-43583 are publicly disclosed. See the Security Update Guide for the complete list of CVEs. Restart Required: Requires restart Known Issues: See next slide 1
October Known Issues for Windows 11 KB 5044284 – Windows 11 version 24H2, all editions [Roblox] We’re aware of an issue where players on Arm devices are unable to download and play Roblox via the Microsoft Store on Windows. Workaround: Download Roblox directly from vendor .
MS24-10-W10: Windows 10 Update Maximum Severity: Critical Affected Products: Microsoft Windows 10 Versions 1607, 1809, 22H2, Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium Description: This bulletin references multiple KB articles. See Windows 10 and associated server KBs for details of all changes. Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Tampering, Elevation of Privilege, and Information Disclosure Fixes 91 Vulnerabilities: CVE-2024-43572 and CVE-2024-43573 are publicly disclosed and known exploited. CVE-2024-6197 , CVE-2024-20659 and CVE-2024-43583 are publicly disclosed. See the Security Update Guide for the complete list of CVEs. Restart Required: Requires restart Known Issues: See next slide 1
October Known Issues for Windows 10 KB 5044273 – Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021, Windows 10, version 22H2, all editions [ Dual_Boot ] After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the Secure Boot Active Targeting value when it should not have been applied.. Workaround: Microsoft provided a workaround on their Windows release health site KB 5044281 – Windows Server 2022 [ Dual_Boot ] Workaround: Microsoft provided a workaround on their Windows release health site
Maximum Severity: Important Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise Server 2016, and SharePoint Server 2019 Description: This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability. This bulletin is based on KB 5002647 (2019), KB 5002649 (sub), and KB 5002645 (2016) articles. Impact: Elevation of privilege Fixes 1 Vulnerability: CVE-2024-43503 is not reported exploited or publicly disclosed. Restart Required: Requires application restart Known Issues: None reported MS24-10-SPT: Security Updates for Sharepoint Server 1 2
Maximum Severity: Important Affected Products: Excel 2016, Office 2016 Description: This security update resolves a remote code execution and a spoofing vulnerability in Microsoft Office. This bulletin references 3 KBs plus a set of release notes. Impact: Remote Code Execution, Spoofing Fixes 2 Vulnerabilities: CVE-2024-43504 and CVE-2024-43609 are not known to be exploited or publicly disclosed. Restart Required: Requires application restart Known Issues: None reported MS24-10-OFF: Security Updates for Microsoft Office 1 2
Maximum Severity: Important Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021 and Office LTSC 2024 Description: This security update resolves 3 remote code execution and 2 spoofing vulnerabilities in Microsoft Office. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates . Impact: Remote Code Execution, Spoofing Fixes 5 Vulnerabilities: CVE-2024-43504, CVE-2024-43505, CVE-2024-43576, CVE-2024-43609 and CVE-2024-43616 are not known to be exploited or publicly disclosed. Restart Required: Requires application restart Known Issues: None reported MS24-10-O365: Security Updates for Microsoft 365 Apps 1 2
MS24-10-MRNET: Monthly Rollup for Microsoft .NET 1 2 Maximum Severity: Important Affected Products: Microsoft Windows .Net Framework 2.0 SP2 through 4.8.1 Description: This update fixes vulnerabilities in the .NET framework whereby an attacker who successfully exploited this vulnerability could provide a denial of service. This bulletin references 17 KB articles. Impact: Denial of Service Fixes 2 Vulnerabilities: CVE-2024-43483 and CVE-2024-43484 are not known to be exploited or publicly disclosed. Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used. Known Issues: None reported
MS24-10-SONET: Monthly Rollup for Microsoft .NET 2 Maximum Severity: Important Affected Products: Microsoft Windows .Net Framework 2.0 SP2 through 4.8.1 Description: This update fixes vulnerabilities in the .NET framework whereby an attacker who successfully exploited this vulnerability could provide a denial of service . This bulletin references 17 KB articles. Impact: Denial of Service Fixes 2 Vulnerabilities: CVE-2024-43483 and CVE-2024-43484 are not known to be exploited or publicly disclosed. Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used. Known Issues: None reported
Between Patch Tuesdays
Windows Release Summary Security Updates (with CVEs): Google Chrome (3), Firefox (1), Firefox ESR (2), Foxit PDF Editor (1), Foxit PDF Editor (Subscription) (1), Foxit PDF Reader Enterprise (1), PDF-Xchange PRO (1), PDF-Xchange Editor Plus (2), Thunderbird ESR (1) Security Updates (w/o CVEs): Apache Tomcat (2), Audacity (1), CCleaner (1), Cisco Webex Meetings Desktop App (1), Falcon Sensor for Windows (1), Dropbox (2), Firefox (1), Git for Windows (2), Grammarly for Windows (3), Jabra Direct (1), LibreOffice (1), Node.JS (Current) (1), Node.JS (LTS Upper) (1), Notepad++ (1), Opera (2), VirtualBox (1), PDF24 Creator (2), Plex Media Server (1), Python (1), Screenpresso (1), Skype (3), Snagit (2), Splunk Universal Forwarder (1), Tableau Desktop (6), Tableau Prep Builder (1), Tableau Reader (1), Thunderbird (3), TeamViewer (2), VSCodium (1), Zoom Workplace Desktop App (3) Non-Security Updates: 1Password (1), Amazon WorkSpaces (1), BlueBeam Revu (1), Bitwarden (1), Camtasia (3), Cisco Webex Teams (2), Evernote (4), Google Drive File Stream (1), GoodSync (1), LogMeIn (1), NextCloud Desktop Client (2), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (1), WeCom (2)
Windows Third Party CVE Information Google Chrome 129.0.6668.59 CHROME-240917, QGC1290666859 Fixes 6 Vulnerabilities: CVE-2024-8904, CVE-2024-8905 , CVE-2024-8906 , CVE-2024-8907 , CVE-2024-8908 , CVE-2024-8909 Google Chrome 129.0.6668.71 CHROME-240924, QGC1290666871 Fixes 4 Vulnerabilities: CVE-2024-9120, CVE-2024-9121 , CVE-2024-9122 , CVE-2024-9123 Google Chrome 129.0.6668.90 CHROME-241003, QGC1290666890 Fixes 3 Vulnerabilities: CVE-2024-7025, CVE-2024-9369 , CVE-2024-9370
Windows Third Party CVE Information ( cont ) Firefox 131 FF-241003, QFF1310 Fixes 13 Vulnerabilities: CVE-2024-9391, CVE-2024-9392 , CVE-2024-9393 , CVE-2024-9394 , CVE-2024-9395 , CVE-2024-9396 , CVE-2024-9397 , CVE-2024-9398 , CVE-2024-9399 , CVE-2024-9400 , CVE-2024-9401 , CVE-2024-9402 , CVE-2024-9403 Firefox ESR 115.16.0 FFE115-241003, QFFE115160 Fixes 4 Vulnerabilities: CVE-2024-9392, CVE-2024-9393 , CVE-2024-9394 , CVE-2024-9401 Firefox ESR 128.3.0 FFE128-241003, QFFE12830 Fixes 11 Vulnerabilities: CVE-2024-8900, CVE-2024-9392 , CVE-2024-9393 , CVE-2024-9394 , CVE-2024-9396 , CVE-2024-9397 , CVE-2024-9398 , CVE-2024-9399 , CVE-2024-9400 , CVE-2024-9401 , CVE-2024-9402
Windows Third Party CVE Information ( cont ) Foxit PDF Editor 13.1.4.23147 FPDFE13-240926, QFPDFE131423147 Fixes 3 Vulnerabilities: CVE-2024-28888, CVE-2024-38393 , CVE-2024-41605 Foxit PDF Editor (Subscription) 2024.3.0.26795 FPDFES-240926, QFPDFE202430 Fixes 3 Vulnerabilities: CVE-2024-28888, CVE-2024-38393, CVE-2024-41605 Foxit PDF Reader Enterprise 2024.3.0.26795 FPDFRE-240926, QFPDFRES2024302 Fixes 3 Vulnerabilities: CVE-2024-28888, CVE-2024-38393, CVE-2024-41605 PDF-Xchange Editor Plus 10.4.0.388 PDFXE-240920, QPDFXE1040388 Fixes 8 Vulnerabilities: CVE-2024-8842, CVE-2024-8843 , CVE-2024-8844 , CVE-2024-8845 , CVE-2024-8846 , CVE-2024-8847 , CVE-2024-8848 , CVE-2024-8849
Windows Third Party CVE Information ( cont ) PDF-Xchange PRO 10.4.1.389 PDFX-240924, QPDFX1041389 Fixes 24 Vulnerabilities: CVE-2024-8821, CVE-2024-8822 , CVE-2024-8823 , CVE-2024-8824 , CVE-2024-8825 , CVE-2024-8826 , CVE-2024-8827 , CVE-2024-8830 , CVE-2024-8831 , CVE-2024-8832 , CVE-2024-8836 , CVE-2024-8837 , CVE-2024-8838 , CVE-2024-8839 , CVE-2024-8840 , CVE-2024-8841 , CVE-2024-8842 , CVE-2024-8843 , CVE-2024-8844 , CVE-2024-8845 , CVE-2024-8846 , CVE-2024-8847 , CVE-2024-8848 , CVE-2024-8849 PDF-Xchange Editor Plus 10.4.1.389 PDFXE-240924, QPDFXE1041389 Fixes 24 Vulnerabilities: Same as previous Thunderbird 128.3.0 ESR TB-241003, QTB12830 Fixes 11 Vulnerabilities: CVE-2024-8900, CVE-2024-9392 , CVE-2024-9393 , CVE-2024-9394 , CVE-2024-9396 , CVE-2024-9397 , CVE-2024-9398 , CVE-2024-9399 , CVE-2024-9400 , CVE-2024-9401 , CVE-2024-9402
Apple Release Summary Security Updates (with CVEs): Apple macOS Sequoia (1), Apple macOS Sonoma (1), Apple macOS Ventura (1), Apple Safari (1), Google Chrome (3), Firefox (1), Firefox ESR (2), Microsoft Edge (3) Security Updates (w/o CVEs): None Non-Security Updates: 1Password (1), Alfred (1), Adobe Acrobat DC and Acrobat Reader DC (1), Adobe Acrobat 2024 Classic (1), BetterTouchTool (8), Brave (3), draw.io (1), Dropbox (3), Microsoft Office 2019 Excel (1), Figma (1), Google Drive (1), Grammarly (4), Hazel (1), Krisp (1), LibreOffice (1), Microsoft Office 2019 OneNote (1), Microsoft Office 2019 Outlook (3), Microsoft Office 2019 PowerPoint (1), Python (1), Skype (1), Microsoft Teams (1), Visual Studio Code (1), Webex Teams (1), Microsoft Office 2019 Word (1), Zoom Client (3)
Apple Updates with CVE Information macOS Ventura 13.7 HT121234 Fixes 30 Vulnerabilities: See Apple security bulletin for details macOS Sonoma 14.7 HT121247 Fixes 37 Vulnerabilities: See Apple security bulletin for details macOS Sequoia 15.0 HT121238 Fixes 78 Vulnerabilities: See Apple security bulletin for details Safari 18 for Ventura and Sonoma HT121241 Fixes 3 Vulnerabilities: CVE-2024-40857, CVE-2024-40866 , CVE-2024-44187
Apple Third Party CVE Information ( cont ) Google Chrome 129.0.6668.59 CHROMEMAC-240917 Fixes 6 Vulnerabilities: CVE-2024-8904, CVE-2024-8905, CVE-2024-8906, CVE-2024-8907, CVE-2024-8908, CVE-2024-8909 Google Chrome 129.0.6668.71 CHROMEMAC-240924 Fixes 10 Vulnerabilities: CVE-2024-6989, CVE-2024-7967 , CVE-2024-7976 , CVE-2024-8193 , CVE-2024-8198 , CVE-2024-8362 , CVE-2024-9120 , CVE-2024-9121 , CVE-2024-9122 , CVE-2024-9123 Google Chrome 129.0.6668.90 CHROMEMAC-241002 Fixes 3 Vulnerabilities: CVE-2024-7025, CVE-2024-9369, CVE-2024-9370
Apple Third Party CVE Information Firefox 131 FF-241003 Fixes 13 Vulnerabilities: CVE-2024-9391, CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-9395, CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400, CVE-2024-9401, CVE-2024-9402, CVE-2024-9403 Firefox ESR 115.16.0 FFE115-241003 Fixes 4 Vulnerabilities: CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-9401 Firefox ESR 128.3.0 FFE128-241003 Fixes 11 Vulnerabilities: CVE-2024-8900, CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400, CVE-2024-9401, CVE-2024-9402
Apple Third Party CVE Information ( cont ) Microsoft Edge 129.0.2792.52 MEDGEMAC-240919 Fixes 14 Vulnerabilities: CVE-2024-38207, CVE-2024-38208 , CVE-2024-38209 , CVE-2024-38210 , CVE-2024-38221 , CVE-2024-41879 , CVE-2024-43489 , CVE-2024-43496 , CVE-2024-8904 , CVE-2024-8905 , CVE-2024-8906 , CVE-2024-8907 , CVE-2024-8908 , CVE-2024-8909 Microsoft Edge 129.0.2792.65 MEDGEMAC-240926 Fixes 4 Vulnerabilities: CVE-2024-9120, CVE-2024-9121 , CVE-2024-9122 , CVE-2024-9123 Microsoft Edge 129.0.2792.79 MEDGEMAC-241003 Fixes 3 Vulnerabilities: CVE-2024-7025, CVE-2024-9369 , CVE-2024-9370
Q & A
Thank You!
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 616
- Slides 45
- Age 417 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views