Patch Tuesday de Septiembre
GoIvanti
142 views
40 slides
Sep 12, 2024
Slide 1 of 40
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
About This Presentation
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar ...
Slide Content
PresentadoporCarlos Francesy Kamel Karabelli
Patch Tuesday Webinar
Jueves 12 Septiembre2024
Patch Tuesday Webinar
Jueves 12 Septiembre2024
Copyright © 2024Ivanti. All rights reserved. 2
Agenda
▪September 2024 Patch Tuesday Overview
▪In the News
▪Bulletins and Releases
▪Between Patch Tuesdays
▪Q & A
Agenda
▪September 2024 Patch Tuesday Overview
▪In the News
▪Bulletins and Releases
▪Between Patch Tuesdays
▪Q & A
Copyright © 2024Ivanti. All rights reserved. 3
September 2024 Patch Tuesday is here and brings
updates from Microsoft, Adobe, and Ivanti. Microsoft
has released updates for the Windows OS, Office,
Sharepoint, SQL Server, and several Azure services
and components. Adobe released updates for several
products including Adobe Acrobat and Reader. Ivanti
has also released updates for three products.
Out of these releases the highest priorities this month
are going to be to address Zero-day vulnerabilities in
the Windows OS and Office.
For more details check out thismonth's Patch Tuesday
blog.
September Patch Tuesday 2024
September 2024 Patch Tuesday is here and brings
updates from Microsoft, Adobe, and Ivanti. Microsoft
has released updates for the Windows OS, Office,
Sharepoint, SQL Server, and several Azure services
and components. Adobe released updates for several
products including Adobe Acrobat and Reader. Ivanti
has also released updates for three products.
Out of these releases the highest priorities this month
are going to be to address Zero-day vulnerabilities in
the Windows OS and Office.
For more details check out thismonth's Patch Tuesday
blog.
September Patch Tuesday 2024
Copyright © 2024 Ivanti. All rights reserved. 4
In the News
In the News
Copyright © 2024 Ivanti. All rights reserved. 5
In the News
▪The AI Wild West: Unraveling the Security and Privacy Risks of GenAI Apps
▪https://www.securityweek.com/the-ai-wild-west-unraveling-the-security-and-privacy-risks-of-genai-
apps/
▪Ivanti Patches Critical Vulnerabilities in Endpoint Manager
▪https://www.securityweek.com/ivanti-patches-critical-vulnerabilities-in-endpoint-manager/
▪It’s Time to Take Ransomware Seriously
▪https://www.forbes.com/councils/forbestechcouncil/2024/09/11/its-time-to-take-ransomware-seriously/
▪Russia accused of EU and Nato cyberattacks
▪https://www.bbc.com/news/articles/c984zenjkz5o
In the News
▪The AI Wild West: Unraveling the Security and Privacy Risks of GenAI Apps
▪https://www.securityweek.com/the-ai-wild-west-unraveling-the-security-and-privacy-risks-of-genai-
apps/
▪Ivanti Patches Critical Vulnerabilities in Endpoint Manager
▪https://www.securityweek.com/ivanti-patches-critical-vulnerabilities-in-endpoint-manager/
▪It’s Time to Take Ransomware Seriously
▪https://www.forbes.com/councils/forbestechcouncil/2024/09/11/its-time-to-take-ransomware-seriously/
▪Russia accused of EU and Nato cyberattacks
▪https://www.bbc.com/news/articles/c984zenjkz5o
Copyright © 2024 Ivanti. All rights reserved. 6
▪CVE-2024-38217 Windows Mark of the Web Security Feature Bypass Vulnerability
▪CVSS 3.1 Scores: 5.4 / 5.0
▪Severity: Important
▪Impact: Security Feature Bypass
▪Affected Systems: All currently supported Windows operating systems
▪Per Microsoft: To exploit this vulnerability, an attacker could host a file on an attacker-controlled server,
then convince a targeted user to download and open the file. This could allow the attacker to interfere
with the Mark of the Web functionality. An attacker can craft a malicious file that would evade Mark of
the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features
such as SmartScreen Application Reputation security check and/or the legacy Windows Attachment
Services security prompt.
Publicly Disclosed and Known Exploited Vulnerabilities
▪CVE-2024-38217 Windows Mark of the Web Security Feature Bypass Vulnerability
▪CVSS 3.1 Scores: 5.4 / 5.0
▪Severity: Important
▪Impact: Security Feature Bypass
▪Affected Systems: All currently supported Windows operating systems
▪Per Microsoft: To exploit this vulnerability, an attacker could host a file on an attacker-controlled server,
then convince a targeted user to download and open the file. This could allow the attacker to interfere
with the Mark of the Web functionality. An attacker can craft a malicious file that would evade Mark of
the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features
such as SmartScreen Application Reputation security check and/or the legacy Windows Attachment
Services security prompt.
Publicly Disclosed and Known Exploited Vulnerabilities
Copyright © 2024 Ivanti. All rights reserved. 7
▪CVE-2024-38014 Windows Installer Elevation of Privilege Vulnerability
▪CVSS 3.1 Scores: 7.8 / 6.8
▪Severity: Important
▪Impact: Elevation of Privilege
▪Affected Systems: All currently supported Windows operating systems
▪Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
▪CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability
▪CVSS 3.1 Scores: 7.3 / 6.4
▪Severity: Important
▪Impact: Security Feature Bypass
▪Affected Systems: Microsoft Publisher 2016, Office 2019, Office LTSC 2021
▪Per Microsoft: An attacker who successfully exploited this vulnerability could bypass Office macro policies used
to block untrusted or malicious files. The Preview Pane is not an attack vector. An authenticated attacker could
exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially
crafted file from a website which could lead to a local attack on the victim computer.
Known Exploited Vulnerabilities
▪CVE-2024-38014 Windows Installer Elevation of Privilege Vulnerability
▪CVSS 3.1 Scores: 7.8 / 6.8
▪Severity: Important
▪Impact: Elevation of Privilege
▪Affected Systems: All currently supported Windows operating systems
▪Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
▪CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability
▪CVSS 3.1 Scores: 7.3 / 6.4
▪Severity: Important
▪Impact: Security Feature Bypass
▪Affected Systems: Microsoft Publisher 2016, Office 2019, Office LTSC 2021
▪Per Microsoft: An attacker who successfully exploited this vulnerability could bypass Office macro policies used
to block untrusted or malicious files. The Preview Pane is not an attack vector. An authenticated attacker could
exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially
crafted file from a website which could lead to a local attack on the victim computer.
Known Exploited Vulnerabilities
Copyright © 2024 Ivanti. All rights reserved. 8
▪CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability
▪CVSS 3.1 Scores: 9.8 / 8.5
▪Severity: Critical
▪Impact: Elevation of Privilege
▪Affected Systems: Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes
for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version
released July 2015). This means that an attacker could exploit these previously mitigated
vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT
Enterprise 2015 LTSB) systems that have installed the Windows security update released on March
12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later
versions of Windows 10 are not impacted by this vulnerability.
▪Per Microsoft: If you have installed any of the previous security updates released between March and
August 2024, the rollbacks of the fixes for CVEs affecting Optional Components have already
occurred. To restore these fixes, customers need to install the September 2024 Servicing Stack
Update and Security Update for Windows 10.
▪NOTE: Although some of original CVEs were known to be exploited, no exploitation of CVE-2024-
43491 itself has been detected.
Known Exploited Vulnerabilities (cont)
▪CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability
▪CVSS 3.1 Scores: 9.8 / 8.5
▪Severity: Critical
▪Impact: Elevation of Privilege
▪Affected Systems: Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes
for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version
released July 2015). This means that an attacker could exploit these previously mitigated
vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT
Enterprise 2015 LTSB) systems that have installed the Windows security update released on March
12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later
versions of Windows 10 are not impacted by this vulnerability.
▪Per Microsoft: If you have installed any of the previous security updates released between March and
August 2024, the rollbacks of the fixes for CVEs affecting Optional Components have already
occurred. To restore these fixes, customers need to install the September 2024 Servicing Stack
Update and Security Update for Windows 10.
▪NOTE: Although some of original CVEs were known to be exploited, no exploitation of CVE-2024-
43491 itself has been detected.
Known Exploited Vulnerabilities (cont)
Copyright © 2024 Ivanti. All rights reserved. 9
Ivanti Endpoint Manager Ivanti Cloud Service Appliance
Security Advisory: Ivanti
Workspace Control
Security Advisory: EPM
September 2024
Vulnerabilities:
•Resolves 16 vulnerabilities
•9 are rated Critical
Affected Versions:
•2024
•2022 SU5 and earlier
Security Advisory: Ivanti
Cloud Service Appliance
Ivanti Workspace Control
Ivanti September Security Updates
Vulnerabilities:
•CVE-2024-8190 CVSS: 7.2
Affected Versions:
•CSA 4.6 (All versions before Patch
519)
NOTE: Ivanti CSA 4.6 is EOL. All
customers must upgrade to CSA 5.0
for continued support.
Vulnerabilities:
•Resolves 6 vulnerabilities
•All are rated HIgh
Affected Versions:
•10.18.0.0 and below
NOTE: IWC reaches End-of-Life on
December 31, 2026. Migrating to
Ivanti User Workspace Manager
provides a superior and secure
replacement.
No vulnerabilities were known to be exploited at the time of disclosure
Ivanti Endpoint Manager Ivanti Cloud Service Appliance
Security Advisory: Ivanti
Workspace Control
Security Advisory: EPM
September 2024
Vulnerabilities:
•Resolves 16 vulnerabilities
•9 are rated Critical
Affected Versions:
•2024
•2022 SU5 and earlier
Security Advisory: Ivanti
Cloud Service Appliance
Ivanti Workspace Control
Ivanti September Security Updates
Vulnerabilities:
•CVE-2024-8190 CVSS: 7.2
Affected Versions:
•CSA 4.6 (All versions before Patch
519)
NOTE: Ivanti CSA 4.6 is EOL. All
customers must upgrade to CSA 5.0
for continued support.
Vulnerabilities:
•Resolves 6 vulnerabilities
•All are rated HIgh
Affected Versions:
•10.18.0.0 and below
NOTE: IWC reaches End-of-Life on
December 31, 2026. Migrating to
Ivanti User Workspace Manager
provides a superior and secure
replacement.
No vulnerabilities were known to be exploited at the time of disclosure
Copyright © 2024 Ivanti. All rights reserved. 10
CVE-2024-39480
CVSS 3: 7.8
Impact: Affects Ubuntu 16.04 & 18.04
▪A buffer overflow was fixed in the tab-complete
behavior of the kernel debugger.
▪Length of the buffer is passed in the wrong
parameter (should be a pointer to a memory
location), and this opens the possibility of write-
past-end-of-buffer scenarios in the debugger,
inside the Kernel memory space.
▪When user attempts symbol completion with the
Tab key, kdb will use strncpy() to insert
completed symbol into the command buffer.
Unfortunately, it passes the size of the source
buffer rather than the destination to strncpy(). If
command buffer is already full but cp (cursor
position) is in the middle of the buffer, then we
will write past the end of the supplied buffer.
Mitigation
Either replace the dubious strncpy() calls with
memmove()/memcpy() calls plus explicit boundary
checks to make sure we have enough space before
we start moving characters around OR update the
kernel to the latest version available.
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare
CVE-2024-39480
CVSS 3: 7.8
Impact: Affects Ubuntu 16.04 & 18.04
▪A buffer overflow was fixed in the tab-complete
behavior of the kernel debugger.
▪Length of the buffer is passed in the wrong
parameter (should be a pointer to a memory
location), and this opens the possibility of write-
past-end-of-buffer scenarios in the debugger,
inside the Kernel memory space.
▪When user attempts symbol completion with the
Tab key, kdb will use strncpy() to insert
completed symbol into the command buffer.
Unfortunately, it passes the size of the source
buffer rather than the destination to strncpy(). If
command buffer is already full but cp (cursor
position) is in the middle of the buffer, then we
will write past the end of the supplied buffer.
Mitigation
Either replace the dubious strncpy() calls with
memmove()/memcpy() calls plus explicit boundary
checks to make sure we have enough space before
we start moving characters around OR update the
kernel to the latest version available.
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 11
CVE-2024-42154
CVSS 3: 9.8
Impact: Affects all Enterprise Linux distributions.
▪In the kernel network stack there is a length
check missing under tcp_metrics.
▪A specific metric
(TCP_METRICS_ATTR_SADDR_IPV4) if not
being limited in size, and, if an exploit path is
found, can be abused to write past the assigned
4 byte memory space that it has.
▪ip tcp_metrics is used to manipulate entries in
the kernel that keep TCP information for IPv4
and IPv6 destinations.
Mitigation
Update the kernel to the latest version available.
New and Notable Linux Vulnerabilities: 2
Highlighted by TuxCare
CVE-2024-42154
CVSS 3: 9.8
Impact: Affects all Enterprise Linux distributions.
▪In the kernel network stack there is a length
check missing under tcp_metrics.
▪A specific metric
(TCP_METRICS_ATTR_SADDR_IPV4) if not
being limited in size, and, if an exploit path is
found, can be abused to write past the assigned
4 byte memory space that it has.
▪ip tcp_metrics is used to manipulate entries in
the kernel that keep TCP information for IPv4
and IPv6 destinations.
Mitigation
Update the kernel to the latest version available.
New and Notable Linux Vulnerabilities: 2
Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 12
CVE-2024-38428
CVSS 3: 9.1
Impact: Affects all Enterprise Linux distributions’
versions of wget, up to wget 1.24.5.
▪The venerable wget utility mishandles colons in
the userinfo portion of a URI and can mistakenly
use it as host component instead.
▪Using semicolons in the userinfo component isn't
common, but a user could be tricked into
thinking they are connecting to a different host
than they are.
▪This can lead to scenarios where specific firewall
rules are bypassed and access to otherwise
blocked resources could be possible. DNS
queries may be sent to incorrect and potentially
malicious domains.
▪Possible consequences: resource restriction
bypass, sensitive data leakage, and remote
code execution.
Mitigation
Patch to a higher version than 1.24.5
New and Notable Linux Vulnerabilities: 3
Highlighted by TuxCare
CVE-2024-38428
CVSS 3: 9.1
Impact: Affects all Enterprise Linux distributions’
versions of wget, up to wget 1.24.5.
▪The venerable wget utility mishandles colons in
the userinfo portion of a URI and can mistakenly
use it as host component instead.
▪Using semicolons in the userinfo component isn't
common, but a user could be tricked into
thinking they are connecting to a different host
than they are.
▪This can lead to scenarios where specific firewall
rules are bypassed and access to otherwise
blocked resources could be possible. DNS
queries may be sent to incorrect and potentially
malicious domains.
▪Possible consequences: resource restriction
bypass, sensitive data leakage, and remote
code execution.
Mitigation
Patch to a higher version than 1.24.5
New and Notable Linux Vulnerabilities: 3
Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 13
Microsoft Patch Tuesday Updates of Interest
Advisory 990001
Latest Servicing Stack Updates (SSU)
▪https://msrc.microsoft.com/update-
guide/en-US/vulnerability/ADV990001
▪Server 2012/2012 R2 ESU and Windows
10 (see graphic)
Azure and Development Tool Updates
▪Azure CycleCloud 8.0.0 – 8.6.3
▪Azure Network Watcher VM Extension
for Windows
▪Azure Stack Hub
▪Azure Web Apps
Source: Microsoft
Microsoft Patch Tuesday Updates of Interest
Advisory 990001
Latest Servicing Stack Updates (SSU)
▪https://msrc.microsoft.com/update-
guide/en-US/vulnerability/ADV990001
▪Server 2012/2012 R2 ESU and Windows
10 (see graphic)
Azure and Development Tool Updates
▪Azure CycleCloud 8.0.0 – 8.6.3
▪Azure Network Watcher VM Extension
for Windows
▪Azure Stack Hub
▪Azure Web Apps
Source: Microsoft
Copyright © 2024 Ivanti. All rights reserved. 14
Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 10 Home and Pro
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
Version Release Date End of Support Date
23H2 10/31/2023 11/11/2025
22H2 9/20/2022 10/8/2024
Windows 11 Enterprise and Education
Version Release Date End of Support Date
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
21H2 10/4/2021 10/8/2024
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows
Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 10 Home and Pro
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
Version Release Date End of Support Date
23H2 10/31/2023 11/11/2025
22H2 9/20/2022 10/8/2024
Windows 11 Enterprise and Education
Version Release Date End of Support Date
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
21H2 10/4/2021 10/8/2024
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows
Copyright © 2024 Ivanti. All rights reserved. 15
Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
▪Focused on server long-term stability
▪Major version releases every 2-3 years
▪5 years mainstream and 5 years extended support
▪Server core or server with desktop experience available
Source: Microsoft
Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
▪Focused on server long-term stability
▪Major version releases every 2-3 years
▪5 years mainstream and 5 years extended support
▪Server core or server with desktop experience available
Source: Microsoft
Copyright © 2024 Ivanti. All rights reserved. 16
Patch Content Announcements
Announcements Posted on Community Forum Pages
▪https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
▪Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune
Patch Content Announcements
Announcements Posted on Community Forum Pages
▪https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
▪Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune
Copyright © 2024 Ivanti. All rights reserved. 17
Bulletins and Releases
Bulletins and Releases
Copyright © 2024 Ivanti. All rights reserved.
APSB24-70: Security Update for Adobe Acrobat and Reader
▪Maximum Severity: Critical
▪Affected Products: Adobe Acrobat and Reader (DC Continuous, Classic 2020, and Classic 2024)
▪Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows
and macOS. This update addresses 2 vulnerabilities; both are rated Critical.
▪Impact: Arbitrary Code Execution
▪Fixes 2 Vulnerabilities: See https://helpx.adobe.com/security/products/acrobat/apsb24-70.html
for more details.
▪Restart Required: Requires application restart
1
APSB24-70: Security Update for Adobe Acrobat and Reader
▪Maximum Severity: Critical
▪Affected Products: Adobe Acrobat and Reader (DC Continuous, Classic 2020, and Classic 2024)
▪Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows
and macOS. This update addresses 2 vulnerabilities; both are rated Critical.
▪Impact: Arbitrary Code Execution
▪Fixes 2 Vulnerabilities: See https://helpx.adobe.com/security/products/acrobat/apsb24-70.html
for more details.
▪Restart Required: Requires application restart
1
Copyright © 2024 Ivanti. All rights reserved. 19
MS24-09-W11: Windows 11 Update
▪Maximum Severity: Critical
▪Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2, 24H2* and Edge
Chromium
▪Description: This bulletin references KB 5043067 (21H2), KB 5043076 (22H2/23H2), and KB
5043080 (24H2). See KBs for details of all changes.
▪Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
▪Fixes 31 Vulnerabilities: CVE-2024-38217 is publicly disclosed and known exploited. CVE-2024-
38217 and CVE-2024-38014 are known exploited. See the Security Update Guide for the
complete list of CVEs.
▪Restart Required: Requires restart
▪Known Issues: See next slide
NOTE: Win 11 24H2* update is targeted for Copilot+ PCs devices and devices that were previously
using Windows Insider 24H2 builds
1
MS24-09-W11: Windows 11 Update
▪Maximum Severity: Critical
▪Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2, 24H2* and Edge
Chromium
▪Description: This bulletin references KB 5043067 (21H2), KB 5043076 (22H2/23H2), and KB
5043080 (24H2). See KBs for details of all changes.
▪Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
▪Fixes 31 Vulnerabilities: CVE-2024-38217 is publicly disclosed and known exploited. CVE-2024-
38217 and CVE-2024-38014 are known exploited. See the Security Update Guide for the
complete list of CVEs.
▪Restart Required: Requires restart
▪Known Issues: See next slide
NOTE: Win 11 24H2* update is targeted for Copilot+ PCs devices and devices that were previously
using Windows Insider 24H2 builds
1
Copyright © 2024 Ivanti. All rights reserved. 20
September Known Issues for Windows 11
▪KB 5043067 – Windows 11 version 21H2, all editions
▪[Prof_Pic] After installing this update, you might be unable to change your user account
profile picture. When attempting to change a profile picture by selecting the button Start>
Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error
message with error code 0x80070520.
▪[Dual_Boot] After installing this security update, you might face issues with booting Linux if
you have enabled the dual-boot setup for Windows and Linux in your device. On some
devices, the dual-boot detection did not detect some customized methods of dual-booting
and applied the Secure Boot Active Targeting value when it should not have been applied..
▪Workaround: Microsoft is working on a resolution
▪KB 5043076 – Windows 11 version 22H2 and 23H2, all editions
▪[Dual_Boot]
September Known Issues for Windows 11
▪KB 5043067 – Windows 11 version 21H2, all editions
▪[Prof_Pic] After installing this update, you might be unable to change your user account
profile picture. When attempting to change a profile picture by selecting the button Start>
Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error
message with error code 0x80070520.
▪[Dual_Boot] After installing this security update, you might face issues with booting Linux if
you have enabled the dual-boot setup for Windows and Linux in your device. On some
devices, the dual-boot detection did not detect some customized methods of dual-booting
and applied the Secure Boot Active Targeting value when it should not have been applied..
▪Workaround: Microsoft is working on a resolution
▪KB 5043076 – Windows 11 version 22H2 and 23H2, all editions
▪[Dual_Boot]
Copyright © 2024 Ivanti. All rights reserved. 21
September Known Issues for Windows 11 (cont)
▪KB 5043080 – Windows 11 version 24H2, all editions
▪[Roblox] We’re aware of an issue where players on Arm devices are unable to download
and play Roblox via the Microsoft Store on Windows.
▪Workaround: Download Roblox directly from vendor.
September Known Issues for Windows 11 (cont)
▪KB 5043080 – Windows 11 version 24H2, all editions
▪[Roblox] We’re aware of an issue where players on Arm devices are unable to download
and play Roblox via the Microsoft Store on Windows.
▪Workaround: Download Roblox directly from vendor.
Copyright © 2024 Ivanti. All rights reserved. 22
MS24-09-W10: Windows 10 Update
▪Maximum Severity: Critical
▪Affected Products: Microsoft Windows 10 Versions 1607, 1809, 22H2, Server 2016, Server
2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
▪Description: This bulletin references multiple KB articles. See Windows 10 and associated
server KBs for details of all changes.
▪Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
▪Fixes 45 Vulnerabilities: : CVE-2024-38217 is publicly disclosed and known exploited. CVE-
2024-38217, CVE-2024-38014 and, CVE-2024-43491 are known exploited. See the Security
Update Guide for the complete list of CVEs.
▪Restart Required: Requires restart
▪Known Issues: See next slide
1
MS24-09-W10: Windows 10 Update
▪Maximum Severity: Critical
▪Affected Products: Microsoft Windows 10 Versions 1607, 1809, 22H2, Server 2016, Server
2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
▪Description: This bulletin references multiple KB articles. See Windows 10 and associated
server KBs for details of all changes.
▪Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
▪Fixes 45 Vulnerabilities: : CVE-2024-38217 is publicly disclosed and known exploited. CVE-
2024-38217, CVE-2024-38014 and, CVE-2024-43491 are known exploited. See the Security
Update Guide for the complete list of CVEs.
▪Restart Required: Requires restart
▪Known Issues: See next slide
1
Copyright © 2024 Ivanti. All rights reserved. 23
September Known Issues for Windows 10
▪KB 5043083 – Windows 10
▪[Dual_Boot]
▪KB 5043051 – Windows 10 version 1607, all editions; Windows Server 2016, all editions
▪[Dual_Boot]
▪KB 5043050 – Win 10 Enterprise LTSC 2019, Win 10 IoT Enterprise LTSC 2019, Windows 10
IoT Core 2019 LTSC, Windows Server 2019
▪[Dual_Boot]
▪KB 5043064 – Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021,
Windows 10, version 22H2, all editions
▪[Prof_Pic]
▪[Dual_Boot]
▪KB 5042881 – Windows Server 2022
▪[Prof_Pic]
▪[Dual_Boot]
September Known Issues for Windows 10
▪KB 5043083 – Windows 10
▪[Dual_Boot]
▪KB 5043051 – Windows 10 version 1607, all editions; Windows Server 2016, all editions
▪[Dual_Boot]
▪KB 5043050 – Win 10 Enterprise LTSC 2019, Win 10 IoT Enterprise LTSC 2019, Windows 10
IoT Core 2019 LTSC, Windows Server 2019
▪[Dual_Boot]
▪KB 5043064 – Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021,
Windows 10, version 22H2, all editions
▪[Prof_Pic]
▪[Dual_Boot]
▪KB 5042881 – Windows Server 2022
▪[Prof_Pic]
▪[Dual_Boot]
Copyright © 2024 Ivanti. All rights reserved. 24
▪Maximum Severity: Critical
▪Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
▪Description: This security update resolves several Microsoft SharePoint Server remote code
execution and denial of service vulnerabilities. This bulletin is based on KB 5002639 (2019), KB
5002640 (sub), and KB 5002624 (2016) articles.
▪Impact: Remote Code Execution, Denial of Service
▪Fixes 5 Vulnerabilities: CVE-2024-38018, CVE-2024-38227, CVE-2024-38228, CVE-2024-
43464, and CVE-2024-43466. No CVEs are reported exploited or publicly disclosed.
▪Restart Required: Requires application restart
▪Known Issues: See next slide
MS24-09-SPT: Security Updates for Sharepoint Server1
▪Maximum Severity: Critical
▪Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
▪Description: This security update resolves several Microsoft SharePoint Server remote code
execution and denial of service vulnerabilities. This bulletin is based on KB 5002639 (2019), KB
5002640 (sub), and KB 5002624 (2016) articles.
▪Impact: Remote Code Execution, Denial of Service
▪Fixes 5 Vulnerabilities: CVE-2024-38018, CVE-2024-38227, CVE-2024-38228, CVE-2024-
43464, and CVE-2024-43466. No CVEs are reported exploited or publicly disclosed.
▪Restart Required: Requires application restart
▪Known Issues: See next slide
MS24-09-SPT: Security Updates for Sharepoint Server1
Copyright © 2024 Ivanti. All rights reserved. 25
September Known Issues for Sharepoint Server
▪KB 5002624 – Microsoft SQL Server 2016
▪[Serial_Data] After you apply this update, you might experience an issue that affects the
deserialization of custom types that inherit from IDictionary.
▪[Type_Blocked] You might experience an issue in which SharePoint workflows can't be
published because the unauthorized type is blocked. This issue also generates event tag
"c42q0" in SharePoint Unified Logging System (ULS) logs.
▪Workaround. See KB for detailed instructions.
▪KB 5002639 – Microsoft SQL Server 2019
▪[Serial_Data]
▪[Type_Blocked]
▪KB 5002640 – Microsoft SQL Server Subscription Edition
▪[Serial_Data]
▪[Type_Blocked]
September Known Issues for Sharepoint Server
▪KB 5002624 – Microsoft SQL Server 2016
▪[Serial_Data] After you apply this update, you might experience an issue that affects the
deserialization of custom types that inherit from IDictionary.
▪[Type_Blocked] You might experience an issue in which SharePoint workflows can't be
published because the unauthorized type is blocked. This issue also generates event tag
"c42q0" in SharePoint Unified Logging System (ULS) logs.
▪Workaround. See KB for detailed instructions.
▪KB 5002639 – Microsoft SQL Server 2019
▪[Serial_Data]
▪[Type_Blocked]
▪KB 5002640 – Microsoft SQL Server Subscription Edition
▪[Serial_Data]
▪[Type_Blocked]
Copyright © 2024 Ivanti. All rights reserved. 26
MS24-09-SQL: Security Updates for SQL Server
▪Maximum Severity: Important
▪Affected Products: Microsoft SQL Server 2016 SP3 (GDR and Azure Connect Feature Pack),
Microsoft SQL Server 2017 (GDR and CU31), Microsoft SQL Server 2019 (GDR and CU28)
and Microsoft SQL Server 2022 (GDR and CU14)
▪Description: This security update fixes a wide spectrum of security vulnerabilities related to SQL
Server machine learning services and others. This bulletin is based on 8 KB articles.
▪Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
▪Fixes 13 Vulnerabilities: No CVEs are known exploited or publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
▪Restart Required: Requires restart
▪Known Issues: None reported
2
MS24-09-SQL: Security Updates for SQL Server
▪Maximum Severity: Important
▪Affected Products: Microsoft SQL Server 2016 SP3 (GDR and Azure Connect Feature Pack),
Microsoft SQL Server 2017 (GDR and CU31), Microsoft SQL Server 2019 (GDR and CU28)
and Microsoft SQL Server 2022 (GDR and CU14)
▪Description: This security update fixes a wide spectrum of security vulnerabilities related to SQL
Server machine learning services and others. This bulletin is based on 8 KB articles.
▪Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
▪Fixes 13 Vulnerabilities: No CVEs are known exploited or publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
▪Restart Required: Requires restart
▪Known Issues: None reported
2
Copyright © 2024 Ivanti. All rights reserved. 27
▪Maximum Severity: Important
▪Affected Products: Excel 2016, Publisher 2016, Office Online Server, and Office LTSC for Mac
2021
▪Description: This security update resolves a security feature bypass and an elevation of privilege
vulnerability in Microsoft Office. This bulletin references 3 KBs plus a set of release notes.
▪Impact: Security Feature Bypass, Elevation of Privilege
▪Fixes 3 Vulnerabilities: CVE-2024-38226 is known exploited. CVE-2024-38250 and CVE-2024-
43465 are not known to be exploited or publicly disclosed.
▪Restart Required: Requires application restart
▪Known Issues: None reported
MS24-09-OFF: Security Updates for Microsoft Office12
▪Maximum Severity: Important
▪Affected Products: Excel 2016, Publisher 2016, Office Online Server, and Office LTSC for Mac
2021
▪Description: This security update resolves a security feature bypass and an elevation of privilege
vulnerability in Microsoft Office. This bulletin references 3 KBs plus a set of release notes.
▪Impact: Security Feature Bypass, Elevation of Privilege
▪Fixes 3 Vulnerabilities: CVE-2024-38226 is known exploited. CVE-2024-38250 and CVE-2024-
43465 are not known to be exploited or publicly disclosed.
▪Restart Required: Requires application restart
▪Known Issues: None reported
MS24-09-OFF: Security Updates for Microsoft Office12
Copyright © 2024 Ivanti. All rights reserved. 28
▪Maximum Severity: Important
▪Affected Products: Microsoft 365 Apps, Office 2019, and Office LTSC 2021
▪Description: This security update resolves a remote code execution, security feature bypass,
and an elevation of privilege vulnerability in Microsoft Office. Information on the security updates
is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
▪Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege
▪Fixes 3 Vulnerabilities: CVE-2024-38226 is known exploited. CVE-2024-43463 and CVE-2024-
43465 are not known to be exploited or publicly disclosed.
▪Restart Required: Requires application restart
▪Known Issues: None reported
MS24-9-O365: Security Updates for Microsoft 365 Apps12
▪Maximum Severity: Important
▪Affected Products: Microsoft 365 Apps, Office 2019, and Office LTSC 2021
▪Description: This security update resolves a remote code execution, security feature bypass,
and an elevation of privilege vulnerability in Microsoft Office. Information on the security updates
is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
▪Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege
▪Fixes 3 Vulnerabilities: CVE-2024-38226 is known exploited. CVE-2024-43463 and CVE-2024-
43465 are not known to be exploited or publicly disclosed.
▪Restart Required: Requires application restart
▪Known Issues: None reported
MS24-9-O365: Security Updates for Microsoft 365 Apps12
Copyright © 2024 Ivanti. All rights reserved. 29
Between
Patch Tuesdays
Between
Patch Tuesdays
Copyright © 2024 Ivanti. All rights reserved. 30
Windows Release Summary
▪Security Updates (with CVEs): Adobe Acrobat and Reader (1), Google Chrome (3), Eclipse Adoptium
(1), Firefox (1), Firefox ESR (2), Opera (2), Plex Media Server (1), PyCharm Professional (2), Python
(1), Wireshark (2)
▪Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (1), Audacity (1), CCleaner
(1), ClickShare App Machine-Wide Installer (1), Falcon Sensor for Windows (1), Citrix Workspace App
LTSR (1), Docker For Windows (1), Dropbox (1), Firefox (1), Grammarly for Windows (3), LibreOffice
(2), Nitro Pro (1), Node.JS (Current) (2), Node.JS (LTS Upper) (1), Opera (3), PDF24 Creator (1), Plex
Media Server (2), PeaZip (1), Skype (2), SeaMonkey (1), Slack Machine-Wide Installer (2), Snagit (1),
Tableau Desktop (6), Tableau Reader (1), Thunderbird (2), TeamViewer (2), Wireshark (1), Cisco
Webex Meetings Desktop App (1), Zoom Workplace Desktop App (2), Zoom Rooms App (2), Zoom
Workplace VDI App (1)
▪Non-Security Updates: Amazon WorkSpaces (1), Beyond Compare (1), Box Drive (1), Bitwarden (3),
Camtasia (2), DeepL Translator (1), draw.io (1), Evernote (7), Google Drive File Stream (1), GoodSync
(2), GeoGebra Classic (1), GoTo Connect (1), Logi Tune (1), NextCloud Desktop Client (1),
RingCentral App (Machine-Wide Installer) (2), Rocket.Chat Desktop Client (1), Cisco Webex Teams (2),
WeCom (1)
Windows Release Summary
▪Security Updates (with CVEs): Adobe Acrobat and Reader (1), Google Chrome (3), Eclipse Adoptium
(1), Firefox (1), Firefox ESR (2), Opera (2), Plex Media Server (1), PyCharm Professional (2), Python
(1), Wireshark (2)
▪Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (1), Audacity (1), CCleaner
(1), ClickShare App Machine-Wide Installer (1), Falcon Sensor for Windows (1), Citrix Workspace App
LTSR (1), Docker For Windows (1), Dropbox (1), Firefox (1), Grammarly for Windows (3), LibreOffice
(2), Nitro Pro (1), Node.JS (Current) (2), Node.JS (LTS Upper) (1), Opera (3), PDF24 Creator (1), Plex
Media Server (2), PeaZip (1), Skype (2), SeaMonkey (1), Slack Machine-Wide Installer (2), Snagit (1),
Tableau Desktop (6), Tableau Reader (1), Thunderbird (2), TeamViewer (2), Wireshark (1), Cisco
Webex Meetings Desktop App (1), Zoom Workplace Desktop App (2), Zoom Rooms App (2), Zoom
Workplace VDI App (1)
▪Non-Security Updates: Amazon WorkSpaces (1), Beyond Compare (1), Box Drive (1), Bitwarden (3),
Camtasia (2), DeepL Translator (1), draw.io (1), Evernote (7), Google Drive File Stream (1), GoodSync
(2), GeoGebra Classic (1), GoTo Connect (1), Logi Tune (1), NextCloud Desktop Client (1),
RingCentral App (Machine-Wide Installer) (2), Rocket.Chat Desktop Client (1), Cisco Webex Teams (2),
WeCom (1)
Copyright © 2024 Ivanti. All rights reserved. 31
Windows Third Party CVE Information
▪Adobe Acrobat and Reader
▪APSB24-57, QADC2400130159
▪Fixes 12 Vulnerabilities: CVE-2024-39383, CVE-2024-39422, CVE-2024-39423, CVE-2024-39424,
CVE-2024-39425, CVE-2024-39426, CVE-2024-41830, CVE-2024-41831, CVE-2024-41832,
CVE-2024-41833, CVE-2024-41834, CVE-2024-41835
▪Eclipse Adoptium 8.0.422.5
▪ECL8-240819, QECLJDK804225
▪Fixes 12 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144,
CVE-2024-21145, CVE-2024-21147, CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-
2024-21144, CVE-2024-21145, CVE-2024-21147
▪Opera 113.0.5230.32
▪OPERA-240826, QOP1130523032
▪Fixes 1 Vulnerability: CVE-2024-7971
Windows Third Party CVE Information
▪Adobe Acrobat and Reader
▪APSB24-57, QADC2400130159
▪Fixes 12 Vulnerabilities: CVE-2024-39383, CVE-2024-39422, CVE-2024-39423, CVE-2024-39424,
CVE-2024-39425, CVE-2024-39426, CVE-2024-41830, CVE-2024-41831, CVE-2024-41832,
CVE-2024-41833, CVE-2024-41834, CVE-2024-41835
▪Eclipse Adoptium 8.0.422.5
▪ECL8-240819, QECLJDK804225
▪Fixes 12 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144,
CVE-2024-21145, CVE-2024-21147, CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-
2024-21144, CVE-2024-21145, CVE-2024-21147
▪Opera 113.0.5230.32
▪OPERA-240826, QOP1130523032
▪Fixes 1 Vulnerability: CVE-2024-7971
Copyright © 2024 Ivanti. All rights reserved. 32
Windows Third Party CVE Information (cont)
▪Google Chrome 128.0.6613.85
▪CHROME-240821, QGC1280661385
▪Fixes 20 Vulnerabilities: CVE-2024-7964, CVE-2024-7965, CVE-2024-7966, CVE-2024-7967,
CVE-2024-7968, CVE-2024-7969, CVE-2024-7971, CVE-2024-7972, CVE-2024-7973, CVE-2024-
7974, CVE-2024-7975, CVE-2024-7976, CVE-2024-7977, CVE-2024-7978, CVE-2024-7979,
CVE-2024-7980, CVE-2024-7981, CVE-2024-8033, CVE-2024-8034, CVE-2024-8035
▪Google Chrome 128.0.6613.114
▪CHROME-240828, QGC12806613114
▪Fixes 4 Vulnerabilities: CVE-2024-7969, CVE-2024-8193, CVE-2024-8194, CVE-2024-8198
▪Google Chrome 128.0.6613.120
▪CHROME-240902, QGC12806613120
▪Fixes 4 Vulnerabilities: CVE-2024-7969, CVE-2024-8193, CVE-2024-8194, CVE-2024-8198
Windows Third Party CVE Information (cont)
▪Google Chrome 128.0.6613.85
▪CHROME-240821, QGC1280661385
▪Fixes 20 Vulnerabilities: CVE-2024-7964, CVE-2024-7965, CVE-2024-7966, CVE-2024-7967,
CVE-2024-7968, CVE-2024-7969, CVE-2024-7971, CVE-2024-7972, CVE-2024-7973, CVE-2024-
7974, CVE-2024-7975, CVE-2024-7976, CVE-2024-7977, CVE-2024-7978, CVE-2024-7979,
CVE-2024-7980, CVE-2024-7981, CVE-2024-8033, CVE-2024-8034, CVE-2024-8035
▪Google Chrome 128.0.6613.114
▪CHROME-240828, QGC12806613114
▪Fixes 4 Vulnerabilities: CVE-2024-7969, CVE-2024-8193, CVE-2024-8194, CVE-2024-8198
▪Google Chrome 128.0.6613.120
▪CHROME-240902, QGC12806613120
▪Fixes 4 Vulnerabilities: CVE-2024-7969, CVE-2024-8193, CVE-2024-8194, CVE-2024-8198
Copyright © 2024 Ivanti. All rights reserved. 33
Windows Third Party CVE Information (cont)
▪Firefox 130
▪FF-240903, QFF1300
▪Fixes 10 Vulnerabilities: CVE-2023-6870, CVE-2024-8381, CVE-2024-8382, CVE-2024-8383,
CVE-2024-8384, CVE-2024-8385, CVE-2024-8386, CVE-2024-8387, CVE-2024-8388, CVE-2024-
8389
▪Firefox ESR 115.15.0
▪FFE115-240904, QFFE115150
▪Fixes 4 Vulnerabilities: CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384
▪Firefox ESR 128.2.0
▪FFE128-240904, QFFE12820
▪Fixes 7 Vulnerabilities: CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384, CVE-
2024-8385, CVE-2024-8386, CVE-2024-8387
Windows Third Party CVE Information (cont)
▪Firefox 130
▪FF-240903, QFF1300
▪Fixes 10 Vulnerabilities: CVE-2023-6870, CVE-2024-8381, CVE-2024-8382, CVE-2024-8383,
CVE-2024-8384, CVE-2024-8385, CVE-2024-8386, CVE-2024-8387, CVE-2024-8388, CVE-2024-
8389
▪Firefox ESR 115.15.0
▪FFE115-240904, QFFE115150
▪Fixes 4 Vulnerabilities: CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384
▪Firefox ESR 128.2.0
▪FFE128-240904, QFFE12820
▪Fixes 7 Vulnerabilities: CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384, CVE-
2024-8385, CVE-2024-8386, CVE-2024-8387
Copyright © 2024 Ivanti. All rights reserved. 34
Windows Third Party CVE Information (cont)
▪Python 3.12.6
▪PYTHN312-240906, QPYTH3126
▪Fixes 8 Vulnerabilities: CVE-2023-27043, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491,
CVE-2024-45492, CVE-2024-6232, CVE-2024-7592, CVE-2024-8088
▪Plex Media Server 1.40.5.8921
▪PLXS-240829, QPLXS14058921
▪Fixes 1 Vulnerability: CVE-2024-7272
▪PyCharm Professional 2023.3.6
▪PYCHARM-240827, QPYCHARM202336
▪Fixes 1 Vulnerability: CVE-2024-37051
▪Wireshark 4.2.7
▪WIRES42-240828, QWIRES427EXE and QWIRES427MSI
▪Fixes 1 Vulnerability: CVE-2024-8250
Windows Third Party CVE Information (cont)
▪Python 3.12.6
▪PYTHN312-240906, QPYTH3126
▪Fixes 8 Vulnerabilities: CVE-2023-27043, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491,
CVE-2024-45492, CVE-2024-6232, CVE-2024-7592, CVE-2024-8088
▪Plex Media Server 1.40.5.8921
▪PLXS-240829, QPLXS14058921
▪Fixes 1 Vulnerability: CVE-2024-7272
▪PyCharm Professional 2023.3.6
▪PYCHARM-240827, QPYCHARM202336
▪Fixes 1 Vulnerability: CVE-2024-37051
▪Wireshark 4.2.7
▪WIRES42-240828, QWIRES427EXE and QWIRES427MSI
▪Fixes 1 Vulnerability: CVE-2024-8250
Copyright © 2024 Ivanti. All rights reserved. 35
Apple Release Summary
▪Security Updates (with CVEs): Adobe Acrobat and Reader (1), Google Chrome (3), Firefox
(1), Firefox ESR (1), Microsoft Edge (1), SeaMonkey (1)
▪Security Updates (w/o CVEs): None
▪Non-Security Updates: 1Password for Mac (1), BetterTouchTool (5), Brave (3), Docker
Desktop (1), draw.io (1), Dropbox (1), Evernote (6), Firefox (1), Figma (1), Google Drive (1),
Grammarly (5), IntelliJ IDEA (2), Krisp (1), LibreOffice (1), Microsoft Edge (3), OneDrive (1),
Microsoft Office 2019 Outlook (1), PyCharm Professional (1), Microsoft Office 2019 PowerPoint
(1), Slack (2), Thunderbird (1), Microsoft Teams (1), Visual Studio Code (1), Webex Teams for
Mac (2), Zoom Client (2)
Apple Release Summary
▪Security Updates (with CVEs): Adobe Acrobat and Reader (1), Google Chrome (3), Firefox
(1), Firefox ESR (1), Microsoft Edge (1), SeaMonkey (1)
▪Security Updates (w/o CVEs): None
▪Non-Security Updates: 1Password for Mac (1), BetterTouchTool (5), Brave (3), Docker
Desktop (1), draw.io (1), Dropbox (1), Evernote (6), Firefox (1), Figma (1), Google Drive (1),
Grammarly (5), IntelliJ IDEA (2), Krisp (1), LibreOffice (1), Microsoft Edge (3), OneDrive (1),
Microsoft Office 2019 Outlook (1), PyCharm Professional (1), Microsoft Office 2019 PowerPoint
(1), Slack (2), Thunderbird (1), Microsoft Teams (1), Visual Studio Code (1), Webex Teams for
Mac (2), Zoom Client (2)
Copyright © 2024 Ivanti. All rights reserved. 36
Apple Third Party CVE Information
▪Adobe Acrobat 2024 Classic 24.001.30159
▪ARDC24-240813
▪Fixes 12 Vulnerabilities: CVE-2024-39383, CVE-2024-39422, CVE-2024-39423, CVE-2024-39424,
CVE-2024-39425, CVE-2024-39426, CVE-2024-41830, CVE-2024-41831, CVE-2024-41832,
CVE-2024-41833, CVE-2024-41834, CVE-2024-41835
▪Firefox 130
▪FF-240903
▪Fixes 10 Vulnerabilities: CVE-2023-6870, CVE-2024-8381, CVE-2024-8382, CVE-2024-8383,
CVE-2024-8384, CVE-2024-8385, CVE-2024-8386, CVE-2024-8387, CVE-2024-8388, CVE-2024-
8389
▪Firefox ESR 115.15.0
▪FFE115-240904
▪Fixes 4 Vulnerabilities: CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384
Apple Third Party CVE Information
▪Adobe Acrobat 2024 Classic 24.001.30159
▪ARDC24-240813
▪Fixes 12 Vulnerabilities: CVE-2024-39383, CVE-2024-39422, CVE-2024-39423, CVE-2024-39424,
CVE-2024-39425, CVE-2024-39426, CVE-2024-41830, CVE-2024-41831, CVE-2024-41832,
CVE-2024-41833, CVE-2024-41834, CVE-2024-41835
▪Firefox 130
▪FF-240903
▪Fixes 10 Vulnerabilities: CVE-2023-6870, CVE-2024-8381, CVE-2024-8382, CVE-2024-8383,
CVE-2024-8384, CVE-2024-8385, CVE-2024-8386, CVE-2024-8387, CVE-2024-8388, CVE-2024-
8389
▪Firefox ESR 115.15.0
▪FFE115-240904
▪Fixes 4 Vulnerabilities: CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384
Copyright © 2024 Ivanti. All rights reserved. 37
Apple Third Party CVE Information (cont)
▪Google Chrome 128.0.6613.85
▪CHROMEMAC -240822
▪Fixes 20 Vulnerabilities: CVE-2024-7964, CVE-2024-7965, CVE-2024-7966, CVE-2024-7967,
CVE-2024-7968, CVE-2024-7969, CVE-2024-7971, CVE-2024-7972, CVE-2024-7973, CVE-2024-
7974, CVE-2024-7975, CVE-2024-7976, CVE-2024-7977, CVE-2024-7978, CVE-2024-7979,
CVE-2024-7980, CVE-2024-7981, CVE-2024-8033, CVE-2024-8034, CVE-2024-8035
▪Google Chrome 128.0.6613.114
▪CHROMEMAC -240828
▪Fixes 4 Vulnerabilities: CVE-2024-7969, CVE-2024-8193, CVE-2024-8194, CVE-2024-8198
▪Google Chrome 128.0.6613.120
▪CHROMEMAC -240902
▪Fixes 4 Vulnerabilities: CVE-2024-7969, CVE-2024-8193, CVE-2024-8194, CVE-2024-8198
Apple Third Party CVE Information (cont)
▪Google Chrome 128.0.6613.85
▪CHROMEMAC -240822
▪Fixes 20 Vulnerabilities: CVE-2024-7964, CVE-2024-7965, CVE-2024-7966, CVE-2024-7967,
CVE-2024-7968, CVE-2024-7969, CVE-2024-7971, CVE-2024-7972, CVE-2024-7973, CVE-2024-
7974, CVE-2024-7975, CVE-2024-7976, CVE-2024-7977, CVE-2024-7978, CVE-2024-7979,
CVE-2024-7980, CVE-2024-7981, CVE-2024-8033, CVE-2024-8034, CVE-2024-8035
▪Google Chrome 128.0.6613.114
▪CHROMEMAC -240828
▪Fixes 4 Vulnerabilities: CVE-2024-7969, CVE-2024-8193, CVE-2024-8194, CVE-2024-8198
▪Google Chrome 128.0.6613.120
▪CHROMEMAC -240902
▪Fixes 4 Vulnerabilities: CVE-2024-7969, CVE-2024-8193, CVE-2024-8194, CVE-2024-8198
Copyright © 2024 Ivanti. All rights reserved. 38
Apple Third Party CVE Information (cont)
▪Microsoft Edge 128.0.2739.42
▪MEDGEMAC-240823
▪Fixes 24 Vulnerabilities: CVE-2024-38208, CVE-2024-38209, CVE-2024-38210, CVE-2024-
41879, CVE-2024-7964, CVE-2024-7965, CVE-2024-7966, CVE-2024-7967, CVE-2024-
7968, CVE-2024-7969, CVE-2024-7971, CVE-2024-7972, CVE-2024-7973, CVE-2024-7974,
CVE-2024-7975, CVE-2024-7976, CVE-2024-7977, CVE-2024-7978, CVE-2024-7979, CVE-
2024-7980, CVE-2024-7981, CVE-2024-8033, CVE-2024-8034, CVE-2024-8035
▪SeaMonkey 2.53.19
▪SM-240904
▪Fixes 8 Vulnerabilities: CVE-2019-1170, CVE-2019-1171, CVE-2019-1172, CVE-2019-1173,
CVE-2019-9811
Apple Third Party CVE Information (cont)
▪Microsoft Edge 128.0.2739.42
▪MEDGEMAC-240823
▪Fixes 24 Vulnerabilities: CVE-2024-38208, CVE-2024-38209, CVE-2024-38210, CVE-2024-
41879, CVE-2024-7964, CVE-2024-7965, CVE-2024-7966, CVE-2024-7967, CVE-2024-
7968, CVE-2024-7969, CVE-2024-7971, CVE-2024-7972, CVE-2024-7973, CVE-2024-7974,
CVE-2024-7975, CVE-2024-7976, CVE-2024-7977, CVE-2024-7978, CVE-2024-7979, CVE-
2024-7980, CVE-2024-7981, CVE-2024-8033, CVE-2024-8034, CVE-2024-8035
▪SeaMonkey 2.53.19
▪SM-240904
▪Fixes 8 Vulnerabilities: CVE-2019-1170, CVE-2019-1171, CVE-2019-1172, CVE-2019-1173,
CVE-2019-9811
Copyright © 2024 Ivanti. All rights reserved. 39
Q & A
Q & A
Copyright © 2024 Ivanti. All rights reserved.Copyright © 2024 Ivanti. All rights reserved. 40
Thank You!
Thank You!
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 142
- Slides 40
- Age 446 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views