Français Patch Tuesday - Mai
GoIvanti
35 views
54 slides
May 16, 2024
Slide 1 of 54
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
About This Presentation
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
Slide Content
Présenté par Genci Myrtezai et Abdel Jamli
Patch Tuesday Webinar
Jeudi 16 Mai 2024
Patch Tuesday Webinar
Jeudi 16 Mai 2024
Copyright © 2024 Ivanti. All rights reserved. 2
Agenda
§May 2024 Patch Tuesday Overview
§In the News
§Bulletins and Releases
§Between Patch Tuesdays
§Q & A
Agenda
§May 2024 Patch Tuesday Overview
§In the News
§Bulletins and Releases
§Between Patch Tuesdays
§Q & A
Copyright © 2024 Ivanti. All rights reserved. 3
Leading up to May Patch Tuesday we have a shared
zero-day vulnerability in Google Chrome and Microsoft
Edge, as well as an updated 2024 zero-day vulnerability
in macOS Ventura. Microsoft also addressed a pair of
zero-day vulnerabilities in their update resulting in 61
CVEs resolved. Mozilla and Adobe complete the lineup
of third-party updates. Priorities are the browser and OS
updates this month.
For more details check out thismonth's Patch Tuesday
blog.
May Patch Tuesday 2024
Leading up to May Patch Tuesday we have a shared
zero-day vulnerability in Google Chrome and Microsoft
Edge, as well as an updated 2024 zero-day vulnerability
in macOS Ventura. Microsoft also addressed a pair of
zero-day vulnerabilities in their update resulting in 61
CVEs resolved. Mozilla and Adobe complete the lineup
of third-party updates. Priorities are the browser and OS
updates this month.
For more details check out thismonth's Patch Tuesday
blog.
May Patch Tuesday 2024
Copyright © 2024 Ivanti. All rights reserved. 4
In the News
In the News
Copyright © 2024 Ivanti. All rights reserved. 5
In the News
§5th and 6th Chrome Zero-day in 2024
§https://thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html
§https://www.darkreading.com/vulnerabilities-threats/dangerous-google-chrome-zero-day-sandbox-
escape
§Apple resolves RTKit Zero-day for older versions of iOS, iPad and macOS
§https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-zero-day-exploited-in-attacks-to-older-
iphones/
§Microsoft resolves two Zero-day vulnerabilities
§https://krebsonsecurity.com/2024/05/patch-tuesday-may-2024-edition/
In the News
§5th and 6th Chrome Zero-day in 2024
§https://thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html
§https://www.darkreading.com/vulnerabilities-threats/dangerous-google-chrome-zero-day-sandbox-
escape
§Apple resolves RTKit Zero-day for older versions of iOS, iPad and macOS
§https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-zero-day-exploited-in-attacks-to-older-
iphones/
§Microsoft resolves two Zero-day vulnerabilities
§https://krebsonsecurity.com/2024/05/patch-tuesday-may-2024-edition/
Copyright © 2024 Ivanti. All rights reserved. 6
§CVE-2024-30051 Windows DWM Core Library Elevation of Privilege Vulnerability
§CVSS 3.1 Scores: 7.8 / 7.2
§Severity: Important
§Impact: Elevation of privilege
§Affected Systems: All Windows 10, Server 2016, and newer operating systems
§Per Microsoft – An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Known Exploited and Publicly Disclosed Vulnerability
§CVE-2024-30051 Windows DWM Core Library Elevation of Privilege Vulnerability
§CVSS 3.1 Scores: 7.8 / 7.2
§Severity: Important
§Impact: Elevation of privilege
§Affected Systems: All Windows 10, Server 2016, and newer operating systems
§Per Microsoft – An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Known Exploited and Publicly Disclosed Vulnerability
Copyright © 2024 Ivanti. All rights reserved. 7
§CVE-2024-30040 Windows MSHTML Platform Security Feature Bypass Vulnerability
§CVSS 3.1 Scores: 8.8 / 8.2
§Severity: Important
§Impact: Security Feature Bypass
§Affected Systems: All Windows 10, Server 2016, and newer operating systems
§Per Microsoft – This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office
which protect users from vulnerable COM/OLE controls. An attacker would have to convince the user
to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or
Instant Messenger message, and then convince the user to manipulate the specially crafted file, but
not necessarily click or open the malicious file.
Known Exploited Vulnerability
§CVE-2024-30040 Windows MSHTML Platform Security Feature Bypass Vulnerability
§CVSS 3.1 Scores: 8.8 / 8.2
§Severity: Important
§Impact: Security Feature Bypass
§Affected Systems: All Windows 10, Server 2016, and newer operating systems
§Per Microsoft – This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office
which protect users from vulnerable COM/OLE controls. An attacker would have to convince the user
to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or
Instant Messenger message, and then convince the user to manipulate the specially crafted file, but
not necessarily click or open the malicious file.
Known Exploited Vulnerability
Copyright © 2024 Ivanti. All rights reserved. 8
CVE-2024-2961
§CVSS 3: 8.8
§Identified in the iconv() function of glibc 2.39 and
older
§The issue: a specific set of parameters could
lead to a buffer overflow, leading to a crash of
the application calling iconv().
Background:
iconv() is a function to convert text between different
encodings, like UTF8 or plain ASCII, and is used
widely in applications and services that need to, for
example, accept or parse input in multiple
languages.
Mitigation
Upgrade package to most up-to-date version on all
distributions
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare
CVE-2024-2961
§CVSS 3: 8.8
§Identified in the iconv() function of glibc 2.39 and
older
§The issue: a specific set of parameters could
lead to a buffer overflow, leading to a crash of
the application calling iconv().
Background:
iconv() is a function to convert text between different
encodings, like UTF8 or plain ASCII, and is used
widely in applications and services that need to, for
example, accept or parse input in multiple
languages.
Mitigation
Upgrade package to most up-to-date version on all
distributions
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 9
CVE-2024-27316
§CVSS 3: 7.5
§It’s possible to cause a memory leak in an
Apache webserver configured to serve http/2
content, by sending repeated headers until a
preconfigured buffer is exhausted.
§If the client continues to send more headers
after this point, then Apache will continue to
extend the buffer, eventually exhausting all
available memory resources.
Background:
Memory leaks like this occur when a program fails
to release memory it no longer needs, leading to
gradual consumption of system resources.
Mitigation
Upgrade package to most up-to-date version on all
distributions
New and Notable Linux Vulnerabilities: 2
Highlighted by TuxCare
CVE-2024-27316
§CVSS 3: 7.5
§It’s possible to cause a memory leak in an
Apache webserver configured to serve http/2
content, by sending repeated headers until a
preconfigured buffer is exhausted.
§If the client continues to send more headers
after this point, then Apache will continue to
extend the buffer, eventually exhausting all
available memory resources.
Background:
Memory leaks like this occur when a program fails
to release memory it no longer needs, leading to
gradual consumption of system resources.
Mitigation
Upgrade package to most up-to-date version on all
distributions
New and Notable Linux Vulnerabilities: 2
Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 10
CVE-2024-32487
§CVSS 3: 8.6
§The utility "less" (a counterpart to "more") can be
tricked into executing commands if it receives a
malicious file as parameter, crafted in such a
way as to include a "newline" character in the
filename.
§The part after the "newline" character is
interpreted by "less" as a command to be
executed, which it does. Since "less" is
commonly used chained with other commands
to perform tasks sequentially, this can be quite
damaging if it is being run in a privileged
process.
Exploitation
An attacker can execute arbitrary OS commands
by using attacker-controlled file names, such as
those extracted from an untrusted archive.
Exploitation typically requires use with attacker-
controlled file names, such as the files extracted
from an untrusted archive. Exploitation also
requires the LESSOPEN environment variable, but
this is set by default in many common cases.
Mitigation
To mitigate CVE-2024-32487, you should update
"less" to version 654, as the bug is present on all
previous versions. Don’t simply unset $LESSOPEN.
New and Notable Linux Vulnerabilities: 3
Highlighted by TuxCare
CVE-2024-32487
§CVSS 3: 8.6
§The utility "less" (a counterpart to "more") can be
tricked into executing commands if it receives a
malicious file as parameter, crafted in such a
way as to include a "newline" character in the
filename.
§The part after the "newline" character is
interpreted by "less" as a command to be
executed, which it does. Since "less" is
commonly used chained with other commands
to perform tasks sequentially, this can be quite
damaging if it is being run in a privileged
process.
Exploitation
An attacker can execute arbitrary OS commands
by using attacker-controlled file names, such as
those extracted from an untrusted archive.
Exploitation typically requires use with attacker-
controlled file names, such as the files extracted
from an untrusted archive. Exploitation also
requires the LESSOPEN environment variable, but
this is set by default in many common cases.
Mitigation
To mitigate CVE-2024-32487, you should update
"less" to version 654, as the bug is present on all
previous versions. Don’t simply unset $LESSOPEN.
New and Notable Linux Vulnerabilities: 3
Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 11
Microsoft Patch Tuesday Updates of Interest
Azure and Development Tool Updates
§.NET 6.0, 7.0, & 8.0
§Azure Migrate
§Microsoft Visual Studio 2017 version 15.9 (includes 15.0 -15.8)
§Microsoft Visual Studio 2019 version 16.11 (includes 16.0 -16.10)
§Microsoft Visual Studio 2022 17.4 – 17.9
Microsoft Patch Tuesday Updates of Interest
Azure and Development Tool Updates
§.NET 6.0, 7.0, & 8.0
§Azure Migrate
§Microsoft Visual Studio 2017 version 15.9 (includes 15.0 -15.8)
§Microsoft Visual Studio 2019 version 16.11 (includes 16.0 -16.10)
§Microsoft Visual Studio 2022 17.4 – 17.9
Copyright © 2024 Ivanti. All rights reserved. 12
Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
VersionRelease DateEnd of Support Date
22H210/18/202210/14/2025
21H211/16/20216/11/2024
Windows 10 Home and Pro
VersionRelease DateEnd of Support Date
22H210/18/202210/14/2025
Windows 11 Home and Pro
VersionRelease DateEnd of Support Date
23H210/31/202311/11/2025
22H29/20/202210/8/2024
Windows 11 Enterprise and Education
VersionRelease DateEnd of Support Date
23H210/31/202311/10/2026
22H29/20/202210/14/2025
21H210/4/202110/8/2024
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows
Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
VersionRelease DateEnd of Support Date
22H210/18/202210/14/2025
21H211/16/20216/11/2024
Windows 10 Home and Pro
VersionRelease DateEnd of Support Date
22H210/18/202210/14/2025
Windows 11 Home and Pro
VersionRelease DateEnd of Support Date
23H210/31/202311/11/2025
22H29/20/202210/8/2024
Windows 11 Enterprise and Education
VersionRelease DateEnd of Support Date
23H210/31/202311/10/2026
22H29/20/202210/14/2025
21H210/4/202110/8/2024
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows
Copyright © 2024 Ivanti. All rights reserved. 13
Server Long-term Servicing Channel Support
Server LTSC Support
VersionEditionsRelease DateMainstream Support EndsExtended Support Ends
Windows Server 2022Datacenter and Standard08/18/202110/13/202610/14/2031
Windows Server 2019
(Version 1809)Datacenter, Essentials, and Standard11/13/201801/09/202401/09/2029
Windows Server 2016
(Version 1607)Datacenter, Essentials, and Standard10/15/201601/11/202201/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
§Focused on server long-term stability
§Major version releases every 2-3 years
§5 years mainstream and 5 years extended support
§Server core or server with desktop experience available
Source: Microsoft
Server Long-term Servicing Channel Support
Server LTSC Support
VersionEditionsRelease DateMainstream Support EndsExtended Support Ends
Windows Server 2022Datacenter and Standard08/18/202110/13/202610/14/2031
Windows Server 2019
(Version 1809)Datacenter, Essentials, and Standard11/13/201801/09/202401/09/2029
Windows Server 2016
(Version 1607)Datacenter, Essentials, and Standard10/15/201601/11/202201/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
§Focused on server long-term stability
§Major version releases every 2-3 years
§5 years mainstream and 5 years extended support
§Server core or server with desktop experience available
Source: Microsoft
Copyright © 2024 Ivanti. All rights reserved. 14
Patch Content Announcements
Announcements Posted on Community Forum Pages
§https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune
Patch Content Announcements
Announcements Posted on Community Forum Pages
§https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune
Copyright © 2024 Ivanti. All rights reserved. 15
Bulletins and Releases
Bulletins and Releases
Copyright © 2024 Ivanti. All rights reserved.
CHROME-240514: Security Update for Chrome Desktop
§Maximum Severity: Critical
§Affected Products: Google Chrome
§Description: The Stable channel has been updated to 124.0.6367.207/.208 for Mac and
Windows and 124.0.6367.207 for Linux. The Extended Stable channel has been updated to
124.0.6367.207 for Mac and Windows. See
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html for
more details. This update contains one security fix with the reported CVE rated High.
§Impact: Remote Code Execution
§Fixes 1 Vulnerability: CVE-2024-4761 is known exploited.
§Restart Required: Requires application restart
1
CHROME-240514: Security Update for Chrome Desktop
§Maximum Severity: Critical
§Affected Products: Google Chrome
§Description: The Stable channel has been updated to 124.0.6367.207/.208 for Mac and
Windows and 124.0.6367.207 for Linux. The Extended Stable channel has been updated to
124.0.6367.207 for Mac and Windows. See
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html for
more details. This update contains one security fix with the reported CVE rated High.
§Impact: Remote Code Execution
§Fixes 1 Vulnerability: CVE-2024-4761 is known exploited.
§Restart Required: Requires application restart
1
Copyright © 2024 Ivanti. All rights reserved.
HT214107: Security Update macOS Ventura 13.6.7
§Maximum Severity: Critical
§Affected Products: Apple macOS Ventura version 13
§Description: This update addresses security vulnerabilities in the Apple Ventura operating
system.
§Impact: Security Feature Bypass, Information Disclosure
§Fixes 3 Vulnerabilities: CVE-2024-2789, CVE-2023-42861, and CVE-2024-23296. CVE-2024-
23296 is known exploited. See the Apple Security Update https://support.apple.com/en-
us/HT214107 for complete details.
§Restart Required: Requires restart
§Known Issues: None
1
HT214107: Security Update macOS Ventura 13.6.7
§Maximum Severity: Critical
§Affected Products: Apple macOS Ventura version 13
§Description: This update addresses security vulnerabilities in the Apple Ventura operating
system.
§Impact: Security Feature Bypass, Information Disclosure
§Fixes 3 Vulnerabilities: CVE-2024-2789, CVE-2023-42861, and CVE-2024-23296. CVE-2024-
23296 is known exploited. See the Apple Security Update https://support.apple.com/en-
us/HT214107 for complete details.
§Restart Required: Requires restart
§Known Issues: None
1
Copyright © 2024 Ivanti. All rights reserved.
APSB24-29: Security Update for Adobe Acrobat and Reader
§Maximum Severity: Moderate
§Affected Products: Adobe Acrobat and Reader (DC Continuous and Classic 2020)
§Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows
and macOS. This update addresses 12 vulnerabilities; 9 are rated Critical.
§Impact: Arbitrary Code Execution, Memory Leak
§Fixes 12 Vulnerabilities: See https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
for more details. .
§Restart Required: Requires application restart
12
APSB24-29: Security Update for Adobe Acrobat and Reader
§Maximum Severity: Moderate
§Affected Products: Adobe Acrobat and Reader (DC Continuous and Classic 2020)
§Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows
and macOS. This update addresses 12 vulnerabilities; 9 are rated Critical.
§Impact: Arbitrary Code Execution, Memory Leak
§Fixes 12 Vulnerabilities: See https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
for more details. .
§Restart Required: Requires application restart
12
Copyright © 2024 Ivanti. All rights reserved.
MFSA-2024-21: Security Update Firefox 126
§Maximum Severity: Important
§Affected Products: Security Update Firefox
§Description: This update from Mozilla addresses security vulnerabilities in the Firefox browser on
multiple platforms. Fixes 16 vulnerabilities; 3 are rated High.
§Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege, Information
Disclosure
§Fixes 16 Vulnerabilities: See the Mozilla Security Advisory https://www.mozilla.org/en-
US/security/advisories/mfsa2024-21/ for complete details.
§Restart Required: Requires application restart
§Known Issues: None
12
MFSA-2024-21: Security Update Firefox 126
§Maximum Severity: Important
§Affected Products: Security Update Firefox
§Description: This update from Mozilla addresses security vulnerabilities in the Firefox browser on
multiple platforms. Fixes 16 vulnerabilities; 3 are rated High.
§Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege, Information
Disclosure
§Fixes 16 Vulnerabilities: See the Mozilla Security Advisory https://www.mozilla.org/en-
US/security/advisories/mfsa2024-21/ for complete details.
§Restart Required: Requires application restart
§Known Issues: None
12
Copyright © 2024 Ivanti. All rights reserved.
MFSA-2024-22: Security Update Firefox ESR 115.11
§Maximum Severity: Important
§Affected Products: Security Update Firefox ESR
§Description: This update from Mozilla addresses security vulnerabilities in the Firefox ESR
browser on multiple platforms.
§Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information
Disclosure
§Fixes 6 Vulnerabilities: See the Mozilla Security Advisory https://www.mozilla.org/en-
US/security/advisories/mfsa2024-22/ for complete details.
§Restart Required: Requires application restart
§Known Issues: None
12
MFSA-2024-22: Security Update Firefox ESR 115.11
§Maximum Severity: Important
§Affected Products: Security Update Firefox ESR
§Description: This update from Mozilla addresses security vulnerabilities in the Firefox ESR
browser on multiple platforms.
§Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information
Disclosure
§Fixes 6 Vulnerabilities: See the Mozilla Security Advisory https://www.mozilla.org/en-
US/security/advisories/mfsa2024-22/ for complete details.
§Restart Required: Requires application restart
§Known Issues: None
12
Copyright © 2024 Ivanti. All rights reserved.
HT214106: Security Update macOS Sonoma 14.5
§Maximum Severity: Important
§Affected Products: Apple macOS Sonoma version 14
§Description: This update addresses security vulnerabilities in the Apple Sonoma operating
system.
§Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege, Information Disclosure
§Fixes 22 Vulnerabilities: See the Apple Security Update https://support.apple.com/en-
us/HT214106 for complete details.
§Restart Required: Requires restart
§Known Issues: None
12
HT214106: Security Update macOS Sonoma 14.5
§Maximum Severity: Important
§Affected Products: Apple macOS Sonoma version 14
§Description: This update addresses security vulnerabilities in the Apple Sonoma operating
system.
§Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege, Information Disclosure
§Fixes 22 Vulnerabilities: See the Apple Security Update https://support.apple.com/en-
us/HT214106 for complete details.
§Restart Required: Requires restart
§Known Issues: None
12
Copyright © 2024 Ivanti. All rights reserved.
HT214105: Security Update macOS Monterey 12.7.5
§Maximum Severity: Important
§Affected Products: Apple macOS Monterey version 12
§Description: This update addresses security vulnerabilities in the Apple Monterey operating
system.
§Impact: Information Disclosure
§Fixes 2 Vulnerabilities: CVE-2024-23229 and CVE-2024-27789. See the Apple Security Update
https://support.apple.com/en-us/HT214105 for complete details.
§Restart Required: Requires restart
§Known Issues: None
12
HT214105: Security Update macOS Monterey 12.7.5
§Maximum Severity: Important
§Affected Products: Apple macOS Monterey version 12
§Description: This update addresses security vulnerabilities in the Apple Monterey operating
system.
§Impact: Information Disclosure
§Fixes 2 Vulnerabilities: CVE-2024-23229 and CVE-2024-27789. See the Apple Security Update
https://support.apple.com/en-us/HT214105 for complete details.
§Restart Required: Requires restart
§Known Issues: None
12
Copyright © 2024 Ivanti. All rights reserved.
HT214103: Security Update Apple Safari 17.5
§Maximum Severity: Important
§Affected Products: Apple Safari
§Description: This update addresses security vulnerabilities in Apple Safari running on the
Ventura or Monterey operating systems.
§Impact: Security Feature Bypass
§Fixes 1 Vulnerability: CVE-2024-27834. See the Apple Security Update
https://support.apple.com/en-us/HT214103 for complete details.
§Restart Required: Requires application restart
§Known Issues: None
12
HT214103: Security Update Apple Safari 17.5
§Maximum Severity: Important
§Affected Products: Apple Safari
§Description: This update addresses security vulnerabilities in Apple Safari running on the
Ventura or Monterey operating systems.
§Impact: Security Feature Bypass
§Fixes 1 Vulnerability: CVE-2024-27834. See the Apple Security Update
https://support.apple.com/en-us/HT214103 for complete details.
§Restart Required: Requires application restart
§Known Issues: None
12
Copyright © 2024 Ivanti. All rights reserved. 24
§Maximum Severity: Critical
§Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
§Description: This security update resolves a Microsoft SharePoint Server information disclosure
vulnerability and Microsoft SharePoint Server remote code execution vulnerability. This bulletin
is based on 3 KB articles.
§Impact: Remote Code Execution and Information Disclosure
§Fixes 2 Vulnerabilities: CVE-2024-30043 and CVE-2024-30044. They are not known to be
exploited or publicly disclosed
§Restart Required: Requires application restart
§Known Issues: None reported
MS24-05-SPT: Security Updates for Sharepoint Server1
§Maximum Severity: Critical
§Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
§Description: This security update resolves a Microsoft SharePoint Server information disclosure
vulnerability and Microsoft SharePoint Server remote code execution vulnerability. This bulletin
is based on 3 KB articles.
§Impact: Remote Code Execution and Information Disclosure
§Fixes 2 Vulnerabilities: CVE-2024-30043 and CVE-2024-30044. They are not known to be
exploited or publicly disclosed
§Restart Required: Requires application restart
§Known Issues: None reported
MS24-05-SPT: Security Updates for Sharepoint Server1
Copyright © 2024 Ivanti. All rights reserved. 25
MS24-05-W11: Windows 11 Update
§Maximum Severity: Moderate
§Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2 and Edge Chromium
§Description: This bulletin references KB 5037770 (21H2) and KB 5037771 (22H2/23H2).
§Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and
Information Disclosure
§Fixes 41 Vulnerabilities: CVE-2024-30051 is reported publicly disclosed and known exploited,
and CVE-2024-300040 is known exploited. See the Security Update Guide for the complete list
of CVEs.
§Restart Required: Requires restart
§Known Issues: See next slide
12
MS24-05-W11: Windows 11 Update
§Maximum Severity: Moderate
§Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2 and Edge Chromium
§Description: This bulletin references KB 5037770 (21H2) and KB 5037771 (22H2/23H2).
§Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and
Information Disclosure
§Fixes 41 Vulnerabilities: CVE-2024-30051 is reported publicly disclosed and known exploited,
and CVE-2024-300040 is known exploited. See the Security Update Guide for the complete list
of CVEs.
§Restart Required: Requires restart
§Known Issues: See next slide
12
Copyright © 2024 Ivanti. All rights reserved. 26
May Known Issues for Windows 11
§KB 5037770 – Windows 11 version 21H2, all editions
§[Prof_Pic] After installing this update, you might be unable to change your user account
profile picture. When attempting to change a profile picture by selecting the button Start>
Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error
message with error code 0x80070520. Workaround: Microsoft is working on a resolution.
§KB 5037771 – Windows 11 version 22H2, all editions; Windows 11 version 23H2, all editions
§[Prof_Pic]
May Known Issues for Windows 11
§KB 5037770 – Windows 11 version 21H2, all editions
§[Prof_Pic] After installing this update, you might be unable to change your user account
profile picture. When attempting to change a profile picture by selecting the button Start>
Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error
message with error code 0x80070520. Workaround: Microsoft is working on a resolution.
§KB 5037771 – Windows 11 version 22H2, all editions; Windows 11 version 23H2, all editions
§[Prof_Pic]
Copyright © 2024 Ivanti. All rights reserved. 27
MS24-05-W10: Windows 10 Update
§Maximum Severity: Moderate
§Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H2, 22H2, Server 2016,
Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
§Description: This bulletin references 7 KB articles. See KBs for the list of changes.
§Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege, and Information Disclosure
§Fixes 47 Vulnerabilities: CVE-2024-30051 is reported publicly disclosed and known exploited,
and CVE-2024-300040 is known exploited. See the Security Update Guide for the complete list
of CVEs.
§Restart Required: Requires restart
§Known Issues: See next slide
12
MS24-05-W10: Windows 10 Update
§Maximum Severity: Moderate
§Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H2, 22H2, Server 2016,
Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
§Description: This bulletin references 7 KB articles. See KBs for the list of changes.
§Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege, and Information Disclosure
§Fixes 47 Vulnerabilities: CVE-2024-30051 is reported publicly disclosed and known exploited,
and CVE-2024-300040 is known exploited. See the Security Update Guide for the complete list
of CVEs.
§Restart Required: Requires restart
§Known Issues: See next slide
12
Copyright © 2024 Ivanti. All rights reserved. 28
May Known Issues for Windows 10
§KB 5037768 – Windows 10 Enterprise and Education, version 21H2 Windows 10 IoT Enterprise,
version 21H2 Windows 10 Enterprise Multi-Session, version 21H2 Windows 10, version 22H2,
all editions
§[Copilot Not Supported] Copilot in Windows (in preview) is not currently supported when
your taskbar is located vertically on the right or left of your screen. Workaround: To
access Copilot in Windows, make sure your taskbar is positioned horizontally on the top or
bottom of your screen.
§[Icon Display] Windows devices using more than one (1) monitor might experience issues
with desktop icons moving unexpectedly between monitors or other icon alignment issues
when attempting to use Copilot in Windows (in preview).
§[Cache] After you install KB5034203 (dated 01/23/2024) or later updates, some Windows
devices that use the DHCP Option 235 to discover Microsoft Connected Cache (MCC)
nodes in their network might be unable to use those nodes. Instead, these Windows
devices will download updates and apps from the public internet. Workaround: See KB for
configuration options.
§[Prof_Pic]
§Microsoft is working on a resolution for all issues.
May Known Issues for Windows 10
§KB 5037768 – Windows 10 Enterprise and Education, version 21H2 Windows 10 IoT Enterprise,
version 21H2 Windows 10 Enterprise Multi-Session, version 21H2 Windows 10, version 22H2,
all editions
§[Copilot Not Supported] Copilot in Windows (in preview) is not currently supported when
your taskbar is located vertically on the right or left of your screen. Workaround: To
access Copilot in Windows, make sure your taskbar is positioned horizontally on the top or
bottom of your screen.
§[Icon Display] Windows devices using more than one (1) monitor might experience issues
with desktop icons moving unexpectedly between monitors or other icon alignment issues
when attempting to use Copilot in Windows (in preview).
§[Cache] After you install KB5034203 (dated 01/23/2024) or later updates, some Windows
devices that use the DHCP Option 235 to discover Microsoft Connected Cache (MCC)
nodes in their network might be unable to use those nodes. Instead, these Windows
devices will download updates and apps from the public internet. Workaround: See KB for
configuration options.
§[Prof_Pic]
§Microsoft is working on a resolution for all issues.
Copyright © 2024 Ivanti. All rights reserved. 29
May Known Issues for Windows 10 (cont)
§KB 5037782 – Windows Server 2022
§[Prof_Pic]
May Known Issues for Windows 10 (cont)
§KB 5037782 – Windows Server 2022
§[Prof_Pic]
Copyright © 2024 Ivanti. All rights reserved. 30
§Maximum Severity: Important
§Affected Products: Excel 2016 and Office Online Server
§Description: This security update resolves a Microsoft Excel remote code execution vulnerability.
This bulletin references KB 5002587 and KB 5002503.
§Impact: Remote Code Execution
§Fixes 1 Vulnerability: CVE-2024-30042 is not known to be exploited or publicly disclosed
§Restart Required: Requires application restart
§Known Issues: None reported
MS24-05-O365: Security Updates for Microsoft Office12
§Maximum Severity: Important
§Affected Products: Excel 2016 and Office Online Server
§Description: This security update resolves a Microsoft Excel remote code execution vulnerability.
This bulletin references KB 5002587 and KB 5002503.
§Impact: Remote Code Execution
§Fixes 1 Vulnerability: CVE-2024-30042 is not known to be exploited or publicly disclosed
§Restart Required: Requires application restart
§Known Issues: None reported
MS24-05-O365: Security Updates for Microsoft Office12
Copyright © 2024 Ivanti. All rights reserved. 31
§Maximum Severity: Important
§Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021, and Office LTSC for Mac
2021
§Description: This month’s update resolves a vulnerability which could allow a remote user to
perform code execution. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
§Impact: Remote Code Execution
§Fixes 1 Vulnerability: CVE-2024-30042 is not known to be exploited or publicly disclosed
§Restart Required: Requires application restart
§Known Issues: None reported
MS24-05-O365: Security Updates for Microsoft 365 Apps12
§Maximum Severity: Important
§Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021, and Office LTSC for Mac
2021
§Description: This month’s update resolves a vulnerability which could allow a remote user to
perform code execution. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
§Impact: Remote Code Execution
§Fixes 1 Vulnerability: CVE-2024-30042 is not known to be exploited or publicly disclosed
§Restart Required: Requires application restart
§Known Issues: None reported
MS24-05-O365: Security Updates for Microsoft 365 Apps12
Copyright © 2024 Ivanti. All rights reserved. 32
Between
Patch Tuesdays
Between
Patch Tuesdays
Copyright © 2024 Ivanti. All rights reserved. 33
Windows Release Summary
§Security Updates (with CVEs): Apple Mobile Device Support (1), AutoCAD (1), Azul Zulu (4), Google
Chrome (5), Corretto (4), Eclipse Adoptium (4), Firefox (1), Firefox ESR (1), FileZilla Client (1), Foxit
PDF Editor (4), Foxit PDF Reader Consumer (1), Foxit PDF Reader Enterprise (1),Apple ITunes (1),
Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1), Java Development Kit 21 (1),
VirtualBox (1), PuTTY (1), RedHat OpenJDK (4), Snagit (4), Thunderbird (1), TortoiseGit (2),
TortoiseSVN (1), WinSCP (1)
§Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (2), Apache Tomcat (3),
Audacity (2), CCleaner (1), Google Chrome (1), ClickShareApp Machine-Wide Installer (1), Falcon
Sensor for Windows (1), Citrix Workspace App (1), Docker For Windows (1), Dropbox (2), Evernote (8),
Firefox (2), GoodSync (1), GIMP (1), Git for Windows (1), Grammarly for Windows (4), Jabra Direct (2),
LibreOffice (2), LogMeIn (1), Malwarebytes (1), Node.JS (LTS Upper) (2), Notepad++ (1), Opera (3),
VirtualBox (1), Plex Media Server (1), Royal TS (1), Screenpresso (1), Skype (2), Slack Machine-Wide
Installer (2), Snagit (1), Sourcetree for WindowsEnterprise (1), Tableau Desktop (5), Tableau Prep
Builder (1), Tableau Reader (1), Thunderbird (2), TeamViewer (2), VMware Horizon Client (1), Zoom
Client (3), Zoom Rooms Client (2), Zoom VDI (1)
Windows Release Summary
§Security Updates (with CVEs): Apple Mobile Device Support (1), AutoCAD (1), Azul Zulu (4), Google
Chrome (5), Corretto (4), Eclipse Adoptium (4), Firefox (1), Firefox ESR (1), FileZilla Client (1), Foxit
PDF Editor (4), Foxit PDF Reader Consumer (1), Foxit PDF Reader Enterprise (1),Apple ITunes (1),
Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1), Java Development Kit 21 (1),
VirtualBox (1), PuTTY (1), RedHat OpenJDK (4), Snagit (4), Thunderbird (1), TortoiseGit (2),
TortoiseSVN (1), WinSCP (1)
§Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (2), Apache Tomcat (3),
Audacity (2), CCleaner (1), Google Chrome (1), ClickShareApp Machine-Wide Installer (1), Falcon
Sensor for Windows (1), Citrix Workspace App (1), Docker For Windows (1), Dropbox (2), Evernote (8),
Firefox (2), GoodSync (1), GIMP (1), Git for Windows (1), Grammarly for Windows (4), Jabra Direct (2),
LibreOffice (2), LogMeIn (1), Malwarebytes (1), Node.JS (LTS Upper) (2), Notepad++ (1), Opera (3),
VirtualBox (1), Plex Media Server (1), Royal TS (1), Screenpresso (1), Skype (2), Slack Machine-Wide
Installer (2), Snagit (1), Sourcetree for WindowsEnterprise (1), Tableau Desktop (5), Tableau Prep
Builder (1), Tableau Reader (1), Thunderbird (2), TeamViewer (2), VMware Horizon Client (1), Zoom
Client (3), Zoom Rooms Client (2), Zoom VDI (1)
Copyright © 2024 Ivanti. All rights reserved. 34
Windows Release Summary (cont)
§Non-Security Updates: 8x8 Work Desktop (1), AIMP (1), Amazon WorkSpaces (1), Bandicut (1), Box
Drive (1), Bitwarden (2), Camtasia (2), Cisco Webex Teams (1), Google Drive File Stream (1),
GeoGebra Classic (1), KeePassXC (1), NextCloud Desktop Client (1), R for Windows (1), RingCentral
App (Machine-Wide Installer) (1), RealVNC Server (1), RealVNC Viewer (1), TreeSize Free (1),
WinMerge (1)
Windows Release Summary (cont)
§Non-Security Updates: 8x8 Work Desktop (1), AIMP (1), Amazon WorkSpaces (1), Bandicut (1), Box
Drive (1), Bitwarden (2), Camtasia (2), Cisco Webex Teams (1), Google Drive File Stream (1),
GeoGebra Classic (1), KeePassXC (1), NextCloud Desktop Client (1), R for Windows (1), RingCentral
App (Machine-Wide Installer) (1), RealVNC Server (1), RealVNC Viewer (1), TreeSize Free (1),
WinMerge (1)
Copyright © 2024 Ivanti. All rights reserved. 35
Windows Third Party CVE Information
§AutoCAD 2025.0.1
§ADAC25-240506, QACAD202501
§Fixes 19 Vulnerabilities: CVE-2024-0446, CVE-2024-23120, CVE-2024-23121, CVE-2024-23122,
CVE-2024-23123, CVE-2024-23124, CVE-2024-23125, CVE-2024-23126, CVE-2024-23127,
CVE-2024-23128, CVE-2024-23129, CVE-2024-23130, CVE-2024-23131, CVE-2024-23132,
CVE-2024-23133, CVE-2024-23134, CVE-2024-23135, CVE-2024-23136, CVE-2024-23137
§Apple Mobile DeviceSupport 17.
§AMDS-240510, QAMDS175012
§Fixes 1 Vulnerability: CVE-2024-2793
§Google Chrome 124.0.6367.61
§CHROME-240416, QGC1240636761
§Fixes 14 Vulnerabilities: CVE-2024-3832, CVE-2024-3833, CVE-2024-3834, CVE-2024-3837,
CVE-2024-3838, CVE-2024-3839, CVE-2024-3840, CVE-2024-3841, CVE-2024-3843, CVE-2024-
3844, CVE-2024-3845, CVE-2024-3846, CVE-2024-3847, CVE-2024-3914
Windows Third Party CVE Information
§AutoCAD 2025.0.1
§ADAC25-240506, QACAD202501
§Fixes 19 Vulnerabilities: CVE-2024-0446, CVE-2024-23120, CVE-2024-23121, CVE-2024-23122,
CVE-2024-23123, CVE-2024-23124, CVE-2024-23125, CVE-2024-23126, CVE-2024-23127,
CVE-2024-23128, CVE-2024-23129, CVE-2024-23130, CVE-2024-23131, CVE-2024-23132,
CVE-2024-23133, CVE-2024-23134, CVE-2024-23135, CVE-2024-23136, CVE-2024-23137
§Apple Mobile DeviceSupport 17.
§AMDS-240510, QAMDS175012
§Fixes 1 Vulnerability: CVE-2024-2793
§Google Chrome 124.0.6367.61
§CHROME-240416, QGC1240636761
§Fixes 14 Vulnerabilities: CVE-2024-3832, CVE-2024-3833, CVE-2024-3834, CVE-2024-3837,
CVE-2024-3838, CVE-2024-3839, CVE-2024-3840, CVE-2024-3841, CVE-2024-3843, CVE-2024-
3844, CVE-2024-3845, CVE-2024-3846, CVE-2024-3847, CVE-2024-3914
Copyright © 2024 Ivanti. All rights reserved. 36
Windows Third Party CVE Information (cont)
§Google Chrome 124.0.6367.79
§CHROME-240423, QGC124063679
§Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4059, CVE-2024-4060
§Google Chrome 124.0.6367.119
§CHROME-240430, QGC12406367119
§Fixes 2 Vulnerabilities: CVE-2024-4331, CVE-2024-4368
§Google Chrome 124.0.6367.156
§CHROME-240507, QGC12406367156
§Fixes 2 Vulnerabilities: CVE-2024-4558, CVE-2024-4559
§Google Chrome 124.0.6367.202
§CHROME-240509
§Fixes 1 Vulnerability: CVE-2024-4671
Windows Third Party CVE Information (cont)
§Google Chrome 124.0.6367.79
§CHROME-240423, QGC124063679
§Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4059, CVE-2024-4060
§Google Chrome 124.0.6367.119
§CHROME-240430, QGC12406367119
§Fixes 2 Vulnerabilities: CVE-2024-4331, CVE-2024-4368
§Google Chrome 124.0.6367.156
§CHROME-240507, QGC12406367156
§Fixes 2 Vulnerabilities: CVE-2024-4558, CVE-2024-4559
§Google Chrome 124.0.6367.202
§CHROME-240509
§Fixes 1 Vulnerability: CVE-2024-4671
Copyright © 2024 Ivanti. All rights reserved. 37
Windows Third Party CVE Information (cont)
§Azul Zulu 21.34.19 (21.0.3) Note: FX version of JDK also supported
§ZULU21-240416, QZULUJDK213419
§Fixes 9 Vulnerabilities: CVE-2024-21002, CVE-2024-21003, CVE-2024-21004, CVE-
2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-
21085, CVE-2024-21094
§Azul Zulu 17.50.19 (17.0.11) Note: FX version of JDK also supported
§ZULU17-240416, QZULUJDK175019 and QZULUJRE175019
§Fixes 10 Vulnerabilities: CVE-2023-41993, CVE-2024-21002, CVE-2024-21003, CVE-
2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-
21068, CVE-2024-21085, CVE-2024-21094
§Azul Zulu 11.72.19 (11.0.23) Note: FX version of JDK also supported
§ZULU11-240416, QZULUJDK117219 and QZULUJRE117219
§Fixes 10 Vulnerabilities: CVE-2023-41993, CVE-2024-21002, CVE-2024-21003, CVE-
2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-
21068, CVE-2024-21085, CVE-2024-21094
Windows Third Party CVE Information (cont)
§Azul Zulu 21.34.19 (21.0.3) Note: FX version of JDK also supported
§ZULU21-240416, QZULUJDK213419
§Fixes 9 Vulnerabilities: CVE-2024-21002, CVE-2024-21003, CVE-2024-21004, CVE-
2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-
21085, CVE-2024-21094
§Azul Zulu 17.50.19 (17.0.11) Note: FX version of JDK also supported
§ZULU17-240416, QZULUJDK175019 and QZULUJRE175019
§Fixes 10 Vulnerabilities: CVE-2023-41993, CVE-2024-21002, CVE-2024-21003, CVE-
2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-
21068, CVE-2024-21085, CVE-2024-21094
§Azul Zulu 11.72.19 (11.0.23) Note: FX version of JDK also supported
§ZULU11-240416, QZULUJDK117219 and QZULUJRE117219
§Fixes 10 Vulnerabilities: CVE-2023-41993, CVE-2024-21002, CVE-2024-21003, CVE-
2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-
21068, CVE-2024-21085, CVE-2024-21094
Copyright © 2024 Ivanti. All rights reserved. 38
Windows Third Party CVE Information (cont)
§Azul Zulu 8.78.0.19 (8u412) Note: FX version of JDK also supported
§ZULU8-240416, QZULUJDK878019 and QZULUJRE878019
§Fixes 13 Vulnerabilities: CVE-2023-41993, CVE-2024-20954, CVE-2024-21002, CVE-2024-21003,
CVE-2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-
2024-21085, CVE-2024-21094, CVE-2024-21098, CVE-2024-21892
§Java Development Kit 21 Update 21.03
§JDK17-240416, QJDK2103
§Fixes 7 Vulnerabilities: CVE-2024-20954, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-
2024-21094, CVE-2024-21098, CVE-2024-21892
§Java Development Kit 17 Update 17.0.11
§JDK17-240416, QJDK17011
§Fixes 7 Vulnerabilities: CVE-2024-20954, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-
2024-21094, CVE-2024-21098, CVE-2024-21892
Windows Third Party CVE Information (cont)
§Azul Zulu 8.78.0.19 (8u412) Note: FX version of JDK also supported
§ZULU8-240416, QZULUJDK878019 and QZULUJRE878019
§Fixes 13 Vulnerabilities: CVE-2023-41993, CVE-2024-20954, CVE-2024-21002, CVE-2024-21003,
CVE-2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-
2024-21085, CVE-2024-21094, CVE-2024-21098, CVE-2024-21892
§Java Development Kit 21 Update 21.03
§JDK17-240416, QJDK2103
§Fixes 7 Vulnerabilities: CVE-2024-20954, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-
2024-21094, CVE-2024-21098, CVE-2024-21892
§Java Development Kit 17 Update 17.0.11
§JDK17-240416, QJDK17011
§Fixes 7 Vulnerabilities: CVE-2024-20954, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-
2024-21094, CVE-2024-21098, CVE-2024-21892
Copyright © 2024 Ivanti. All rights reserved. 39
Windows Third Party CVE Information (cont)
§Java Development Kit 11 Update 11.0.23
§JDK11-240416, QJDK11023
§Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-
2024-21094
§Java 8 Update 411 – JRE and JDK
§JAVA8-240416, QJDK8U411 and QJRE8U411
§Fixes 9 Vulnerabilities: CVE-2023-41993, CVE-2024-21002, CVE-2024-21003, CVE-2024-21004,
CVE-2024-21005, CVE-2024-21011, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094
§Corretto 21.03.9.1
§CRTO21-240416, QCRTOJDK2103
§Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
Windows Third Party CVE Information (cont)
§Java Development Kit 11 Update 11.0.23
§JDK11-240416, QJDK11023
§Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-
2024-21094
§Java 8 Update 411 – JRE and JDK
§JAVA8-240416, QJDK8U411 and QJRE8U411
§Fixes 9 Vulnerabilities: CVE-2023-41993, CVE-2024-21002, CVE-2024-21003, CVE-2024-21004,
CVE-2024-21005, CVE-2024-21011, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094
§Corretto 21.03.9.1
§CRTO21-240416, QCRTOJDK2103
§Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
Copyright © 2024 Ivanti. All rights reserved. 40
Windows Third Party CVE Information (cont)
§Corretto 17.0.11.9.1
§CRTO17-240416, QCRTOJDK17011
§Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
§Corretto 11.0.23.9.1
§CRTO11-240416, QCRTOJDK11023
§Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-
2024-21094
§Corretto 8.412.08.1 –JRE and JDK
§CRTO8-240416, QCRTOJRE8412
§CRTO8-240416, QCRTOJDK8412
§Fixes 8 Vulnerabilities: CVE-2024-21002, CVE-2024-21003, CVE-2024-21004, CVE-2024-21005,
CVE-2024-21011, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094
Windows Third Party CVE Information (cont)
§Corretto 17.0.11.9.1
§CRTO17-240416, QCRTOJDK17011
§Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
§Corretto 11.0.23.9.1
§CRTO11-240416, QCRTOJDK11023
§Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-
2024-21094
§Corretto 8.412.08.1 –JRE and JDK
§CRTO8-240416, QCRTOJRE8412
§CRTO8-240416, QCRTOJDK8412
§Fixes 8 Vulnerabilities: CVE-2024-21002, CVE-2024-21003, CVE-2024-21004, CVE-2024-21005,
CVE-2024-21011, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094
Copyright © 2024 Ivanti. All rights reserved. 41
Windows Third Party CVE Information (cont)
§Eclipse Adoptium 21.03.9
§ECL21-240418, QECLJDK21039 and QECLJRE21039
§Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
§Eclipse Adoptium 17.0.11.9
§ECL17-240418, QECLJDK170119 and QECLJRE170119
§Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-
2024-21094
§Eclipse Adoptium 11.0.23.9
§ECL11-240422, QECLJDK110239 and QECLJRE110239
§Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
§Eclipse Adoptium 8.412.08.1
§ECL8-240416, QECLJDK804128 and QECLJRE804128
§Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
Windows Third Party CVE Information (cont)
§Eclipse Adoptium 21.03.9
§ECL21-240418, QECLJDK21039 and QECLJRE21039
§Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
§Eclipse Adoptium 17.0.11.9
§ECL17-240418, QECLJDK170119 and QECLJRE170119
§Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-
2024-21094
§Eclipse Adoptium 11.0.23.9
§ECL11-240422, QECLJDK110239 and QECLJRE110239
§Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
§Eclipse Adoptium 8.412.08.1
§ECL8-240416, QECLJDK804128 and QECLJRE804128
§Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
Copyright © 2024 Ivanti. All rights reserved. 42
Windows Third Party CVE Information (cont)
§RedHat OpenJDK 21.03.0
§RHTJDK21-240419, QRHTJDK210309 and QRHTJRE210309
§Fixes 3 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068
§RedHat OpenJDK 17.0.11.0
§RHTJDK17-240419, QRHTJDK1701109 and QRHTJRE1701109
§Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094
§RedHat OpenJDK 11.0.23.9
§RHTJDK11-240419, QRHTJDK110239 and QRHTJRE110239
§Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-
2024-21094
§RedHat OpenJDK 8.0.412
§RHTJDK8-240419, QRHTJDK180412
§Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-
2024-21094
Windows Third Party CVE Information (cont)
§RedHat OpenJDK 21.03.0
§RHTJDK21-240419, QRHTJDK210309 and QRHTJRE210309
§Fixes 3 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068
§RedHat OpenJDK 17.0.11.0
§RHTJDK17-240419, QRHTJDK1701109 and QRHTJRE1701109
§Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094
§RedHat OpenJDK 11.0.23.9
§RHTJDK11-240419, QRHTJDK110239 and QRHTJRE110239
§Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-
2024-21094
§RedHat OpenJDK 8.0.412
§RHTJDK8-240419, QRHTJDK180412
§Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-
2024-21094
Copyright © 2024 Ivanti. All rights reserved. 43
Windows Third Party CVE Information (cont)
§Firefox 125.0.1
§FF-240416, QFF12501
§Fixes 15 Vulnerabilities: CVE-2024-3302, CVE-2024-3852, CVE-2024-3853, CVE-2024-3854,
CVE-2024-3855, CVE-2024-3856, CVE-2024-3857, CVE-2024-3858, CVE-2024-3859, CVE-2024-
3860, CVE-2024-3861, CVE-2024-3862, CVE-2024-3863, CVE-2024-3864, CVE-2024-3865
§Firefox ESR 115.10.0
§FFE115-240416, QFFE115100
§Fixes 9 Vulnerabilities: CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE-
2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864
§FileZilla Client 3.67.0
§FILEZ-240416, QFILEZ3670X64 and QFILEZ3670X86
§Fixes 1 Vulnerability: CVE-2024-31497
Windows Third Party CVE Information (cont)
§Firefox 125.0.1
§FF-240416, QFF12501
§Fixes 15 Vulnerabilities: CVE-2024-3302, CVE-2024-3852, CVE-2024-3853, CVE-2024-3854,
CVE-2024-3855, CVE-2024-3856, CVE-2024-3857, CVE-2024-3858, CVE-2024-3859, CVE-2024-
3860, CVE-2024-3861, CVE-2024-3862, CVE-2024-3863, CVE-2024-3864, CVE-2024-3865
§Firefox ESR 115.10.0
§FFE115-240416, QFFE115100
§Fixes 9 Vulnerabilities: CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE-
2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864
§FileZilla Client 3.67.0
§FILEZ-240416, QFILEZ3670X64 and QFILEZ3670X86
§Fixes 1 Vulnerability: CVE-2024-31497
Copyright © 2024 Ivanti. All rights reserved. 44
Windows Third Party CVE Information (cont)
§Foxit PDF Editor 13.1.0.22420
§FPDFE-240505, QFPDFE131022420
§Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938
§Foxit PDF Editor (Subscription) 2024.2.0.25138
§FPDFES-240429, QFPDFE202420
§Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938
§Foxit PDF Reader Consumer 2024.2.0.25138
§FPDFRC-240429, QFPDFRC20242
§Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938
§Foxit PDF Reader Enterprise 2024.2.0.25138
§FPDFRE-240430, QFPDFRES20242
§Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938
Windows Third Party CVE Information (cont)
§Foxit PDF Editor 13.1.0.22420
§FPDFE-240505, QFPDFE131022420
§Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938
§Foxit PDF Editor (Subscription) 2024.2.0.25138
§FPDFES-240429, QFPDFE202420
§Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938
§Foxit PDF Reader Consumer 2024.2.0.25138
§FPDFRC-240429, QFPDFRC20242
§Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938
§Foxit PDF Reader Enterprise 2024.2.0.25138
§FPDFRE-240430, QFPDFRES20242
§Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938
Copyright © 2024 Ivanti. All rights reserved. 45
Windows Third Party CVE Information (cont)
§Apple iTunes 12.13.23
§ITUNES-240508, QITUNES121323
§Fixes 1 Vulnerability: CVE-2024-2793
§VirtualBox 7.0.16
§OVB70-240416, QOVB7016
§Fixes 13 Vulnerabilities: CVE-2024-21103, CVE-2024-21106, CVE-2024-21107, CVE-2024-21108,
CVE-2024-21109, CVE-2024-21110, CVE-2024-21111, CVE-2024-21112, CVE-2024-21113, CVE-
2024-21114, CVE-2024-21115, CVE-2024-21116, CVE-2024-21121
§PuTTY 0.81.0.0
§PUTTY-240416, QPUTTY08100
§Fixes 1 Vulnerability: CVE-2024-31497
§TortoiseGit 2.16.0
§TGIT-240503, QTGIT21600
§Fixes 1 Vulnerability: CVE-2024-31497
Windows Third Party CVE Information (cont)
§Apple iTunes 12.13.23
§ITUNES-240508, QITUNES121323
§Fixes 1 Vulnerability: CVE-2024-2793
§VirtualBox 7.0.16
§OVB70-240416, QOVB7016
§Fixes 13 Vulnerabilities: CVE-2024-21103, CVE-2024-21106, CVE-2024-21107, CVE-2024-21108,
CVE-2024-21109, CVE-2024-21110, CVE-2024-21111, CVE-2024-21112, CVE-2024-21113, CVE-
2024-21114, CVE-2024-21115, CVE-2024-21116, CVE-2024-21121
§PuTTY 0.81.0.0
§PUTTY-240416, QPUTTY08100
§Fixes 1 Vulnerability: CVE-2024-31497
§TortoiseGit 2.16.0
§TGIT-240503, QTGIT21600
§Fixes 1 Vulnerability: CVE-2024-31497
Copyright © 2024 Ivanti. All rights reserved. 46
Windows Third Party CVE Information (cont)
§TortoiseSVN 1.14.7
§TORT-240416, QTORT1147
§Fixes 1 Vulnerability: CVE-2024-31497
§Thunderbird 115.10.0
§TB-240416, QTB115100
§Fixes 9 Vulnerabilities: CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE-
2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864
§WinSCP 6.3.3
§WINSCP-240416, QWINSCP633EXE and QWINSCP633MSI
§Fixes 1 Vulnerability: CVE-2024-31497
§Snagit 2024.1.2
§SNAG24-240425, QSNAG202412
§Fixes 2 Vulnerabilities: CVE-2024-29187, CVE-2024-29188
Windows Third Party CVE Information (cont)
§TortoiseSVN 1.14.7
§TORT-240416, QTORT1147
§Fixes 1 Vulnerability: CVE-2024-31497
§Thunderbird 115.10.0
§TB-240416, QTB115100
§Fixes 9 Vulnerabilities: CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE-
2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864
§WinSCP 6.3.3
§WINSCP-240416, QWINSCP633EXE and QWINSCP633MSI
§Fixes 1 Vulnerability: CVE-2024-31497
§Snagit 2024.1.2
§SNAG24-240425, QSNAG202412
§Fixes 2 Vulnerabilities: CVE-2024-29187, CVE-2024-29188
Copyright © 2024 Ivanti. All rights reserved. 47
Apple Release Summary
§Security Updates (with CVEs): AutoCAD for Mac (3), Google Chrome (6), Microsoft Office
2019 Excel (1), Firefox (1), Firefox ESR (1), VMware Fusion (1), Microsoft Edge (3)
§Security Updates (w/o CVEs): Google Chrome (1), Emacs For Mac (1), Thunderbird (3),
Zoom Client for Mac (1)
§Non-Security Updates: Adobe Acrobat DC and Acrobat Reader DC (2), aText (1), Brave (6),
Calendar 366 II (2),Google Chrome (1), Docker Desktop for Mac (1), draw.io (1), Dropbox (3),
Evernote (8), Firefox (2), Figma (1), Google Drive (1), GIMP (1), Grammarly (6), Hazel (1),
IntelliJ IDEA (1), LibreOffice (1), Microsoft AutoUpdate (1), Microsoft Edge (1), Obsidian for
Mac (1), OneDrive for Mac (1), Microsoft Office 2019 OneNote (1), Microsoft Office 2019
Outlook (3), Parallels Desktop (1), PyCharm Professional for Mac (1), Microsoft Office 2019
PowerPoint (2), PowerShell (1), Python (1), Slack (2), Spotify (2), Microsoft Teams (Mac) (1),
Visual Studio Code (2), Webex Teams for Mac (1), Microsoft Office 2019 Word (1), Zoom Client
for Mac (2)
Apple Release Summary
§Security Updates (with CVEs): AutoCAD for Mac (3), Google Chrome (6), Microsoft Office
2019 Excel (1), Firefox (1), Firefox ESR (1), VMware Fusion (1), Microsoft Edge (3)
§Security Updates (w/o CVEs): Google Chrome (1), Emacs For Mac (1), Thunderbird (3),
Zoom Client for Mac (1)
§Non-Security Updates: Adobe Acrobat DC and Acrobat Reader DC (2), aText (1), Brave (6),
Calendar 366 II (2),Google Chrome (1), Docker Desktop for Mac (1), draw.io (1), Dropbox (3),
Evernote (8), Firefox (2), Figma (1), Google Drive (1), GIMP (1), Grammarly (6), Hazel (1),
IntelliJ IDEA (1), LibreOffice (1), Microsoft AutoUpdate (1), Microsoft Edge (1), Obsidian for
Mac (1), OneDrive for Mac (1), Microsoft Office 2019 OneNote (1), Microsoft Office 2019
Outlook (3), Parallels Desktop (1), PyCharm Professional for Mac (1), Microsoft Office 2019
PowerPoint (2), PowerShell (1), Python (1), Slack (2), Spotify (2), Microsoft Teams (Mac) (1),
Visual Studio Code (2), Webex Teams for Mac (1), Microsoft Office 2019 Word (1), Zoom Client
for Mac (2)
Copyright © 2024 Ivanti. All rights reserved. 48
Apple Third Party CVE Information
§AutoCAD 2022.4.1
§ADACMAC2022-240412
§Fixes 19 Vulnerabilities: CVE-2024-0446, CVE-2024-23120, CVE-2024-23121, CVE-2024-23122,
CVE-2024-23123, CVE-2024-23124, CVE-2024-23125, CVE-2024-23126, CVE-2024-23127,
CVE-2024-23128, CVE-2024-23129, CVE-2024-23130, CVE-2024-23131, CVE-2024-23132,
CVE-2024-23133, CVE-2024-23134, CVE-2024-23135, CVE-2024-23136, CVE-2024-23137
§AutoCAD 20233.1
§ADACMAC2023-240412
§Fixes 19 Vulnerabilities: Same as listed above
§AutoCAD 2025.0.1
§ADACMAC2025-240507
§Fixes 19 Vulnerabilities: Same as listed above
Apple Third Party CVE Information
§AutoCAD 2022.4.1
§ADACMAC2022-240412
§Fixes 19 Vulnerabilities: CVE-2024-0446, CVE-2024-23120, CVE-2024-23121, CVE-2024-23122,
CVE-2024-23123, CVE-2024-23124, CVE-2024-23125, CVE-2024-23126, CVE-2024-23127,
CVE-2024-23128, CVE-2024-23129, CVE-2024-23130, CVE-2024-23131, CVE-2024-23132,
CVE-2024-23133, CVE-2024-23134, CVE-2024-23135, CVE-2024-23136, CVE-2024-23137
§AutoCAD 20233.1
§ADACMAC2023-240412
§Fixes 19 Vulnerabilities: Same as listed above
§AutoCAD 2025.0.1
§ADACMAC2025-240507
§Fixes 19 Vulnerabilities: Same as listed above
Copyright © 2024 Ivanti. All rights reserved. 49
Apple Third Party CVE Information (cont)
§Google Chrome 123.0.6312.124
§CHROMEMAC-240415
§Fixes 3 Vulnerabilities: CVE-2024-3157, CVE-2024-3515, CVE-2024-3516
§Google Chrome 124.0.6367.79
§CHROMEMAC-240424
§Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4059, CVE-2024-4060
§Google Chrome 124.0.6367.94
§CHROMEMAC-240430
§Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4331, CVE-2024-4368
§Google Chrome 124.0.6367.119
§CHROMEMAC-240502
§Fixes 2 Vulnerabilities: CVE-2024-4331, CVE-2024-4368
Apple Third Party CVE Information (cont)
§Google Chrome 123.0.6312.124
§CHROMEMAC-240415
§Fixes 3 Vulnerabilities: CVE-2024-3157, CVE-2024-3515, CVE-2024-3516
§Google Chrome 124.0.6367.79
§CHROMEMAC-240424
§Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4059, CVE-2024-4060
§Google Chrome 124.0.6367.94
§CHROMEMAC-240430
§Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4331, CVE-2024-4368
§Google Chrome 124.0.6367.119
§CHROMEMAC-240502
§Fixes 2 Vulnerabilities: CVE-2024-4331, CVE-2024-4368
Copyright © 2024 Ivanti. All rights reserved. 50
Apple Third Party CVE Information (cont)
§Google Chrome 124.0.6367.155
§CHROMEMAC-240507
§Fixes 2 Vulnerabilities: CVE-2024-4558, CVE-2024-4559
§Google Chrome 124.0.6367.201
§CHROMEMAC-240509
§Fixes 1 Vulnerability: CVE-2024-4671
§Microsoft Office 2019 Excel 16.84
§EXCEL19-240416
§Fixes 1 Vulnerability: CVE-2024-26257
Apple Third Party CVE Information (cont)
§Google Chrome 124.0.6367.155
§CHROMEMAC-240507
§Fixes 2 Vulnerabilities: CVE-2024-4558, CVE-2024-4559
§Google Chrome 124.0.6367.201
§CHROMEMAC-240509
§Fixes 1 Vulnerability: CVE-2024-4671
§Microsoft Office 2019 Excel 16.84
§EXCEL19-240416
§Fixes 1 Vulnerability: CVE-2024-26257
Copyright © 2024 Ivanti. All rights reserved. 51
Apple Third Party CVE Information (cont)
§Firefox 125.0.1
§FF-240416
§Fixes 15 Vulnerabilities: CVE-2024-3302, CVE-2024-3852, CVE-2024-3853, CVE-2024-3854,
CVE-2024-3855, CVE-2024-3856, CVE-2024-3857, CVE-2024-3858, CVE-2024-3859, CVE-2024-
3860, CVE-2024-3861, CVE-2024-3862, CVE-2024-3863, CVE-2024-3864, CVE-2024-3865
§Firefox ESR 115.10.0
§FFE-240416
§Fixes 9 Vulnerabilities: CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE-
2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864
§VMware Fusion 13.
§FUSION-240425
§Fixes 1 Vulnerability: CVE-2024-22251
Apple Third Party CVE Information (cont)
§Firefox 125.0.1
§FF-240416
§Fixes 15 Vulnerabilities: CVE-2024-3302, CVE-2024-3852, CVE-2024-3853, CVE-2024-3854,
CVE-2024-3855, CVE-2024-3856, CVE-2024-3857, CVE-2024-3858, CVE-2024-3859, CVE-2024-
3860, CVE-2024-3861, CVE-2024-3862, CVE-2024-3863, CVE-2024-3864, CVE-2024-3865
§Firefox ESR 115.10.0
§FFE-240416
§Fixes 9 Vulnerabilities: CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE-
2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864
§VMware Fusion 13.
§FUSION-240425
§Fixes 1 Vulnerability: CVE-2024-22251
Copyright © 2024 Ivanti. All rights reserved. 52
Apple Third Party CVE Information (cont)
§Microsoft Edge 123.0.2420.97
§MEDGEMAC-240412
§Fixes 3 Vulnerabilities: CVE-2024-3157, CVE-2024-3515, CVE-2024-3516
§Microsoft Edge 124.0.2478.51
§MEDGEMAC-240418
§Fixes 15 Vulnerabilities: CVE-2024-29987, CVE-2024-3832, CVE-2024-3833, CVE-2024-
3834, CVE-2024-3837, CVE-2024-3838, CVE-2024-3839, CVE-2024-3840, CVE-2024-3841,
CVE-2024-3843, CVE-2024-3844, CVE-2024-3845, CVE-2024-3846, CVE-2024-3847, CVE-
2024-3914
§Microsoft Edge 124.0.2478.67
§MEDGEMAC-240426
§Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4059, CVE-2024-4060
Apple Third Party CVE Information (cont)
§Microsoft Edge 123.0.2420.97
§MEDGEMAC-240412
§Fixes 3 Vulnerabilities: CVE-2024-3157, CVE-2024-3515, CVE-2024-3516
§Microsoft Edge 124.0.2478.51
§MEDGEMAC-240418
§Fixes 15 Vulnerabilities: CVE-2024-29987, CVE-2024-3832, CVE-2024-3833, CVE-2024-
3834, CVE-2024-3837, CVE-2024-3838, CVE-2024-3839, CVE-2024-3840, CVE-2024-3841,
CVE-2024-3843, CVE-2024-3844, CVE-2024-3845, CVE-2024-3846, CVE-2024-3847, CVE-
2024-3914
§Microsoft Edge 124.0.2478.67
§MEDGEMAC-240426
§Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4059, CVE-2024-4060
Copyright © 2024 Ivanti. All rights reserved. 53
Q & A
Q & A
Copyright © 2024 Ivanti. All rights reserved.Copyright © 2024 Ivanti. All rights reserved. 54
Thank You!
Thank You!
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 35
- Slides 54
- Age 566 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
22 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views