SlideShare uma empresa Scribd logo

2022 April Patch Tuesday

Transferir como PPTX, PDF
Ivanti
Ivanti

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

Tecnologia
1 de 45
Patch Tuesday Webinar Wednesday, April 13, 2022 Hosted by Chris Goettl and Todd Schell
Agenda April 2022 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
Overview
Copyright © 2022 Ivanti. All rights reserved. April Patch Tuesday 2022 Spring is in full swing! There were several updates leading to April Patch Tuesday you need to be aware of. Spring4Shell vulnerability updates were released for multiple versions of Apache Tomcat and a variety of VMware products. Google Chrome and Mozilla Firefox received updates leading up to Patch Tuesday as well. Adobe released a large update for Acrobat and Reader this Patch Tuesday and Microsoft provided us with 17 updates -12 rated Critical. Check out the Ivanti April Patch Tuesday blog for more details on the Zero Day and Publicly Disclosed vulnerabilities and key areas to focus your testing this month spending your time and efforts effectively!
In the News
Copyright © 2022 Ivanti. All rights reserved. In the News  Spring4Shell flaw is being used to spread botnet malware  https://www.zdnet.com/article/spring4shell-flaw-is-now-being-used-to- spread-this-botnet-malware/  https://www.microsoft.com/security/blog/2022/04/04/springshell-rce- vulnerability-guidance-for-protecting-against-and-detecting-cve-2022- 22965/  OpenSSL vulnerability can ‘definitely be weaponized’  https://www.scmagazine.com/analysis/application-security/openssl- vulnerability-can-definitely-be-weaponized-nsa-cyber-director-says  https://www.securityweek.com/cybersecurity-vendors-assessing-impact- recent-openssl-vulnerability  Russian Hackers Tried Attacking Ukraine's Power Grid  https://thehackernews.com/2022/04/russian-hackers-tried-attacking.html
Copyright © 2022 Ivanti. All rights reserved. Publicly Disclosed Vulnerability  CVE-2022-26904 Windows User Profile Service Elevation of Privilege Vulnerability  CVSS 3.1 Scores: 7.0 / 6.5  Severity: Important  Impacts all Windows workstation and server operating systems. Known Exploited Vulnerability  CVE-2022-24521 Windows Common Log File System Driver Elevation of Privilege Vulnerability  CVSS 3.1 Scores: 7.8 / 7.2  Severity: Important  Impacts all Windows workstation and server operating systems.
Copyright © 2022 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001  Updated SSUs this month  Windows Server 2012  Windows 8.1/Server 2012 R2  Windows 10 (as shown)  Development Tool and Other Updates  Azure Site Recovery VMWare to Azure  Visual Studio 2022 (multiple)  Visual Studio 2019 (multiple)  Visual Studio 2017 (multiple)  Visual Studio Code  YARP 1.0/1.1RC Source: Microsoft
Copyright © 2022 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H2 11/16/2021 6/11/2024 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 1909 11/12/2019 5/10/2022 Windows 10 Home and Pro Version Release Date End of Support Date 21H2 11/16/2021 6/13/2023 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/10/2022 Windows Datacenter and Standard Server Version Release Date End of Support Date 2022 8/18/2021 10/13/2026 20H2 10/20/2020 5/10/2022 Windows 11 Home and Pro Version Release Date End of Support Date 21H2 10/4/2021 10/10/2023  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows
Copyright © 2022 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
Copyright © 2022 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
Bulletins and Releases
Copyright © 2022 Ivanti. All rights reserved. APSB22-16: Security Update for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (all current versions)  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical, important and moderate vulnerabilities. Of the 62 reported vulnerabilities, 35 are rated Critical. See https://helpx.adobe.com/security/products/acrobat/apsb22-16.html for complete details.  Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and Information Disclosure  Fixes 62 Vulnerabilities: See link to Adobe bulletin  Restart Required: Requires application restart
Copyright © 2022 Ivanti. All rights reserved. MS22-04-W11: Windows 11 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 11 Version 21H2 and Edge Chromium  Description: This bulletin references KB 5012592.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 67 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022- 26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide
Copyright © 2022 Ivanti. All rights reserved. April Known Issues for Windows 11  KB 5012592 – Windows 11  [Recovery Fail] After installing the Windows updates released January 11, 2022 or later Windows versions on an affected version of Windows, recovery discs (CD or DVD) created by using the Backup and Restore (Windows 7) app in Control Panel might be unable to start. Workaround: None. Microsoft is working on a resolution. Note: No third-party backup or recovery apps are currently known to be affected by this issue.
Copyright © 2022 Ivanti. All rights reserved. MS22-04-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1809, 1909, 2004, 20H2, 21H1, 21H2, Server 2016, Server 2019, Server 2022, Server version 1909, Server version 2004, Server version 20H2, Server 21H1, IE 11, and Edge Chromium  Description: This bulletin references 6 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 97 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022- 26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
Copyright © 2022 Ivanti. All rights reserved. April Known Issues for Windows 10  KB 5012653 – Windows 10  [Recovery Fail]  KB 5012596 – Windows 10, version 1607, Windows Server 2016  [AD Forest Trust] After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Workaround: To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note: These out-of-band updates are not available from Windows Update and will not install automatically. See KB for a list of .NET links.  [Recovery Fail]
Copyright © 2022 Ivanti. All rights reserved. April Known Issues for Windows 10 (cont)  KB 5012647 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.  [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.  [AD Forest Trust] and [Recovery Fail]
Copyright © 2022 Ivanti. All rights reserved. April Known Issues for Windows 10  KB 5012591 – Windows 10 Enterprise, version 1909 Windows 10 Enterprise and Education, version 1909  [Recovery Fail]  KB 5012599 –Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1  [Scavaged] After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING". Workaround: In place upgrade. For more information and a workaround, see KB5005322.
Copyright © 2022 Ivanti. All rights reserved. April Known Issues for Windows 10 (cont)  KB 5012599 –Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1 (cont)  [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. See KB for details.  [Smart Card Failure] After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red. Workaround: Requires use of Known Issue Rollback (KIR). See KB for details.  [Recovery Fail]
Copyright © 2022 Ivanti. All rights reserved. April Known Issues for Windows 10 (cont)  KB 5012604 – Server 2022  [Smart Card Failure]  [AD Forest Trust]
Copyright © 2022 Ivanti. All rights reserved. MS22-04-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This security update includes improvements and fixes that were a part of update KB 5011534 (released March 8, 2022). Addresses a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, an issue in which domain joins may fail, and an issue that prevents you from changing a password that has expired. Bulletin is based on KB 5012658.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 45 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022- 26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide.
Copyright © 2022 Ivanti. All rights reserved. April Known Issues for Server 2008  KB 5012658 – Windows Server 2008 (Monthly Rollup)  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  KB 5012632 – Windows Server 2008 (Security-only Update)  [File Rename]
Copyright © 2022 Ivanti. All rights reserved. MS22-04-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Addresses a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, and an issue in which domain joins may fail. Bulletin is based on KB 5012632.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 45 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022- 26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See previous slide.
Copyright © 2022 Ivanti. All rights reserved. MS22-04-MR7-ESU: Monthly Rollup for Win 7 MS22-04-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11  Description: This security update includes improvements and fixes that were a part of update KB 5011552 (released March 8, 2022). Addresses a Windows Media Center configuration issue, a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, an issue in which domain joins may fail, a service principal name (SPN) alias write issue and an issue that prevents you from changing a password that has expired. Bulletin is based on KB 5012626.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 51 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022-26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
Copyright © 2022 Ivanti. All rights reserved. MS22-04-SO7-ESU: Security-only Update for Win 7 MS22-04-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Addresses a Windows Media Center configuration issue, a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, an issue in which domain joins may fail, and a service principal name (SPN) alias write issue. Bulletin is based on KB 5012649.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 51 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022-26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
Copyright © 2022 Ivanti. All rights reserved. MS22-04-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB 5011535 (released previous March 8, 2022). Addresses a Windows Media Center configuration issue, a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, an issue in which domain joins may fail, a service principal name (SPN) alias write issue and an issue that prevents you from changing a password that has expired. Bulletin is based on KB 5012650.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 59 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022-26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]
Copyright © 2022 Ivanti. All rights reserved. MS22-04-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Addresses a Windows Media Center configuration issue, a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, an issue in which domain joins may fail, and a service principal name (SPN) alias write issue. Bulletin is based on KB 5012666.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 59 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022- 26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]
Copyright © 2022 Ivanti. All rights reserved. MS22-04-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 5011564 (released March 8, 2022) Addresses a Windows Media Center configuration issue, a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, an issue in which domain joins may fail, a service principal name (SPN) alias write issue and an issue that prevents you from changing a password that has expired and an issue in which Windows might go into BitLocker recovery. Bulletin is based on KB 5012670.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 65 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022-26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]
Copyright © 2022 Ivanti. All rights reserved. MS22-04-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Addresses a Windows Media Center configuration issue, a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, and an issue in which domain joins may fail. Bulletin is based on KB 5012639.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 65 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022-26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]
Copyright © 2022 Ivanti. All rights reserved. MS22-04-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Excel 2013 and 2016, Office 2013 and 2016, Office 2019 & LTSC 2021 for macOS, Office Online Server, Lync Server 2013, and Skype Server for Business 2015 & 2019  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references just the release notes for the macOS Office.  Impact: Remote Code Execution, Spoofing, and Information Disclosure  Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-24473, CVE-2022-26901, CVE-2022-26910 and CVE-2022- 26911 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-04-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021  Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution  Fixes 2 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-24473 and CVE-2022-26901 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-04-SPT: Security Updates for SharePoint Server  Maximum Severity: Important  Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Foundation Server 2013, SharePoint Enterprise Server 2016, and SharePoint Server 2019  Description: This update contains an extensive list of security, performance, and bug fixes. Review the KB articles for details. This bulletin is based on 4 KB articles.  Impact: Remote Code Execution and Spoofing  Fixes 2 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-24472 and CVE-2022-26901 are fixed in this release.  Restart Required: Requires restart  Known Issues: See next slide
Copyright © 2022 Ivanti. All rights reserved. April Known Issues for SharePoint Server  KB 5002191 – SharePoint Server Subscription Edition  [Home Page] Modern home page (or any site pages) cannot render well in Internet Explorer browser and on modern home page (or any site pages), you cannot do the "open the detail pane" action in the List web part and Document Library web part. Workaround: Access the corresponding list or document page to do the similar operation.
Copyright © 2022 Ivanti. All rights reserved. MS22-04-MRNET: Monthly Rollup for Microsoft .NET  Maximum Severity: Important  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8  Description: This update addresses an issue where an unauthenticated attacker could cause a denial of service on an affected system. Additional quality and reliability updates are included as well. This bulletin references 14 KB articles.  Impact: Denial of Service  Fixes 1 Vulnerability: CVE-2022-26832 is not publicly disclosed or known exploited.  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-04-SONET: Security-only Update for Microsoft .NET  Maximum Severity: Important  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8  Description: This update addresses an issue where an unauthenticated attacker could cause a denial of service on an affected system. Additional quality and reliability updates are included as well. This bulletin references 14 KB articles.  Impact: Denial of Service  Fixes 1 Vulnerability: CVE-2022-26832 is not publicly disclosed or known exploited.  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported
Between Patch Tuesdays
Copyright © 2022 Ivanti. All rights reserved. Release Summary  Security Updates (with CVEs): Apache Tomcat (3), Apple iTunes (1), Google Chrome (4), Amazon Corretto (1), Docker for Windows (2), Firefox (1), Firefox ESR (1), Node.JS (4), Snagit (1), Thunderbird (1)  Security (w/o CVEs): Adobe Acrobat DC and Acrobat Reader (1), Adobe Acrobat and Acrobat Reader (2), Box Edit (2), Camtasia (1), Google Chrome (1), Falcon Sensor for Windows (3), Citrix Workspace App (3), Docker for Windows Stable (1), Dropbox (2), Evernote (3), Firefox (2), Firefox ESR (1), FileZilla Client (1), GoodSync (5), Google Earth Pro (1), IrfanView (1), Jabra Direct (1), LibreOffice (2), Malwarebytes (2), Node.JS (Current) (4), Node.JS (LTS Upper) (1), Node.JS (Maintain) (1), Notepad++ (1), Opera (5), Paint.net (2), Plantronics Hub (1), Plex Media Server (3), Skype (1), Slack Machine-Wide Installer (2), Splunk Universal Forwarder (1), Sourcetree for Windows Enterprise (1), Tableau Desktop (5), Tableau Prep Builder (1), Tableau Reader (1), Apache Tomcat (3), TortoiseSVN (1), TeamViewer (4), UltraVNC (2), VMware Horizon Client (3), VMware Workstation Player (1), VMware Workstation Pro (1), Wireshark (2), WinRAR (1), Zoom Client (3), Zoom Outlook Plugin (1), Zoom VDI (1)  Non-Security Updates: AIMP (2), Apple Mobile Device Support (1), Beyond Compare (1), BlueJeans Outlook Addin (1), Cisco WebEx Teams (1), Google Drive File Stream (1), GeoGebra Classic (3), BlueJeans (2), NextCloud Desktop Client (1), PDF-Xchange PRO (1), Plantronics Hub (1), Python (4), R for Windows (1), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (4), RealVNC Server (2), RealVNC Viewer (2), TortoiseHG (1)
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information  Apple iTunes 12.12.3.5  AI-220309, QAI121235  Fixes 4 Vulnerabilities: CVE-2022-22611, CVE-2022-22662, CVE-2022-22612, CVE-2022- 22629  Apache Tomcat 10.0.20.0, 9.0.62.0, 8.5.78.0  Date: 220401, Multiple Qcodes  Fixes 1 Vulnerability: CVE-2022-22965  Docker for Windows Stable 4.6.0.0  DOCKER-220315, QDOCKER4600  Fixes 1 Vulnerability: CVE-2022-0847  Docker for Windows Stable 4.7.0.0  DOCKER-220407, QDOCKER4700  Fixes 1 Vulnerability: CVE-2022-24769
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Google Chrome 99.0.4844.74  CHROME-220315, QGC990484474  Fixes 10 Vulnerabilities: CVE-2022-0971, CVE-2022-0973, CVE-2022-0979, CVE-2022- 0974, CVE-2022-0972, CVE-2022-0980, CVE-2022-0975, CVE-2022-0976, CVE-2022- 0977, CVE-2022-0978  Google Chrome 99.0.4844.84  CHROME-220325, QGC990484484  Fixes 1 Vulnerability: CVE-2022-1096  Google Chrome 100.0.4896.60  CHROME-220329, QGC1000489660  Fixes 20 Vulnerabilities: CVE-2022-1130, CVE-2022-1128, CVE-2022-1125, CVE-2022- 1129, CVE-2022-1131, CVE-2022-1138, CVE-2022-1127, CVE-2022-1133, CVE-2022-1132, CVE-2022-1143, CVE-2022-1135, CVE-2022-1134, CVE-2022-1139, CVE-2022-1144, CVE- 2022-1136, CVE-2022-1141, CVE-2022-1145, CVE-2022-1137, CVE-2022-1146, CVE- 2022-1142
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Google Chrome 100.0.4896.75  CHROME-220325, QGC1000489675  Fixes 1 Vulnerability: CVE-2022-1232  Snagit 2021.4.5  SNAG21-220315, QSNAG2145  Fixes 1 Vulnerability: CVE-2018-1285  Amazon Corretto 8 Update 322  CORRETTO8-322, QCRTOJRE8322  Fixes 13 Vulnerabilities: CVE-2022-21305, CVE-2022-21283, CVE-2022-21282, CVE- 2022-21248, CVE-2022-21294, CVE-2022-21293, CVE-2022-21296, CVE-2022- 21340, CVE-2022-21360, CVE-2022-21299, CVE-2022-21341, CVE-2022-21349, CVE-2022-21365
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox 99.0  FF-220405, QFF99  Fixes 11 Vulnerabilities: CVE-2022-28283, CVE-2022-28282, CVE-2022-28288, CVE-2022- 1097, CVE-2022-28289, CVE-2022-28284, CVE-2022-24713, CVE-2022-28286, CVE- 2022-28281, CVE-2022-28285, CVE-2022-28287  Firefox ESR 91.8.0  FFE-220405, QFFE9180  Fixes 8 Vulnerabilities: CVE-2022-24713, CVE-2022-28282, CVE-2022-28289, CVE-2022- 1097, CVE-2022-28281, CVE-2022-1196, CVE-2022-28285, CVE-2022-28286  Thunderbird 91.8.0  TB-220405, QTB9180  Fixes 9 Vulnerabilities: CVE-2022-1197, CVE-2022-28289, CVE-2022-1097, CVE-2022- 1196, CVE-2022-28282, CVE-2022-24713, CVE-2022-28286, CVE-2022-28281, CVE- 2022-28285
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Node.JS 17.7.2 (Current)  NOJSC-220318, QNODEJSC1772  Node.JS 14.19.1 (LTS Lower)  NOJSLL-220318, QNODEJSL14191  Node.JS 16.14.2 (LTS Upper)  NOJSLU-220318, QNODEJSLU16142  Node.JS 12.22.11 (Maintain)  NOJSM-220318, QNODEJSLU122211  Fixes 1 Vulnerability in each: CVE-2022-0778
Q & A
Copyright © 2022 Ivanti. All rights reserved. Thank You!

Recomendados

2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch TuesdayIvanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch TuesdayIvanti
 
2022 September Patch Tuesday
2022 September Patch Tuesday2022 September Patch Tuesday
2022 September Patch TuesdayIvanti
 
2022 August Patch Tuesday
2022 August Patch Tuesday2022 August Patch Tuesday
2022 August Patch TuesdayIvanti
 
2022 December Patch Tuesday
2022 December Patch Tuesday2022 December Patch Tuesday
2022 December Patch TuesdayIvanti
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch TuesdayIvanti
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch TuesdayIvanti
 
2022 November Patch Tuesday
2022 November Patch Tuesday2022 November Patch Tuesday
2022 November Patch TuesdayIvanti
 

Recomendados

2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch TuesdayIvanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch TuesdayIvanti
 
2022 September Patch Tuesday
2022 September Patch Tuesday2022 September Patch Tuesday
2022 September Patch TuesdayIvanti
 
2022 August Patch Tuesday
2022 August Patch Tuesday2022 August Patch Tuesday
2022 August Patch TuesdayIvanti
 
2022 December Patch Tuesday
2022 December Patch Tuesday2022 December Patch Tuesday
2022 December Patch TuesdayIvanti
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch TuesdayIvanti
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch TuesdayIvanti
 
2022 November Patch Tuesday
2022 November Patch Tuesday2022 November Patch Tuesday
2022 November Patch TuesdayIvanti
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch TuesdayIvanti
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch TuesdayIvanti
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch TuesdayIvanti
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch TuesdayIvanti
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch TuesdayIvanti
 
2023 March Patch Tuesday
2023 March Patch Tuesday2023 March Patch Tuesday
2023 March Patch TuesdayIvanti
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch TuesdayIvanti
 
2023 July Patch Tuesday
2023 July Patch Tuesday2023 July Patch Tuesday
2023 July Patch TuesdayIvanti
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch TuesdayIvanti
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch TuesdayIvanti
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch TuesdayIvanti
 
2023 November Patch Tuesday
2023 November Patch Tuesday2023 November Patch Tuesday
2023 November Patch TuesdayIvanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch TuesdayIvanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch TuesdayIvanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch TuesdayIvanti
 
Evolucion de los Sistemas de Windows y Linux
Evolucion de los Sistemas de Windows y LinuxEvolucion de los Sistemas de Windows y Linux
Evolucion de los Sistemas de Windows y LinuxMarko Papac
 
A very brief history of Microsoft Windows
A very brief history of Microsoft WindowsA very brief history of Microsoft Windows
A very brief history of Microsoft WindowsVikas Dhyani
 
Mayur rawat
Mayur rawatMayur rawat
Mayur rawatMayur Rawat
 
Windows y linux
Windows y linuxWindows y linux
Windows y linuxJesus Quevedo
 
2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptxIvanti
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesIvanti
 

Mais conteúdo relacionado

Mais procurados

2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch TuesdayIvanti
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch TuesdayIvanti
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch TuesdayIvanti
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch TuesdayIvanti
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch TuesdayIvanti
 
2023 March Patch Tuesday
2023 March Patch Tuesday2023 March Patch Tuesday
2023 March Patch TuesdayIvanti
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch TuesdayIvanti
 
2023 July Patch Tuesday
2023 July Patch Tuesday2023 July Patch Tuesday
2023 July Patch TuesdayIvanti
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch TuesdayIvanti
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch TuesdayIvanti
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch TuesdayIvanti
 
2023 November Patch Tuesday
2023 November Patch Tuesday2023 November Patch Tuesday
2023 November Patch TuesdayIvanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch TuesdayIvanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch TuesdayIvanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch TuesdayIvanti
 
Evolucion de los Sistemas de Windows y Linux
Evolucion de los Sistemas de Windows y LinuxEvolucion de los Sistemas de Windows y Linux
Evolucion de los Sistemas de Windows y LinuxMarko Papac
 
A very brief history of Microsoft Windows
A very brief history of Microsoft WindowsA very brief history of Microsoft Windows
A very brief history of Microsoft WindowsVikas Dhyani
 

Mais procurados (20)

2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch Tuesday
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch Tuesday
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch Tuesday
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch Tuesday
 
2023 March Patch Tuesday
2023 March Patch Tuesday2023 March Patch Tuesday
2023 March Patch Tuesday
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
 
2023 July Patch Tuesday
2023 July Patch Tuesday2023 July Patch Tuesday
2023 July Patch Tuesday
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch Tuesday
 
2023 November Patch Tuesday
2023 November Patch Tuesday2023 November Patch Tuesday
2023 November Patch Tuesday
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
 
Evolucion de los Sistemas de Windows y Linux
Evolucion de los Sistemas de Windows y LinuxEvolucion de los Sistemas de Windows y Linux
Evolucion de los Sistemas de Windows y Linux
 
A very brief history of Microsoft Windows
A very brief history of Microsoft WindowsA very brief history of Microsoft Windows
A very brief history of Microsoft Windows
 
Mayur rawat
Mayur rawatMayur rawat
Mayur rawat
 
Windows y linux
Windows y linuxWindows y linux
Windows y linux
 

Semelhante a 2022 April Patch Tuesday

2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptxIvanti
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesIvanti
 
2022 June FR Patch Tuesday
2022 June FR Patch Tuesday2022 June FR Patch Tuesday
2022 June FR Patch TuesdayIvanti
 
2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch TuesdayIvanti
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch TuesdayIvanti
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch TuesdayIvanti
 
May 2021 Patch Tuesday
May 2021 Patch TuesdayMay 2021 Patch Tuesday
May 2021 Patch TuesdayIvanti
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch TuesdayIvanti
 
2022 July Patch Tuesday
2022 July Patch Tuesday2022 July Patch Tuesday
2022 July Patch TuesdayIvanti
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch TuesdayIvanti
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch TuesdayIvanti
 
2021 July Patch Tuesday
2021 July Patch Tuesday2021 July Patch Tuesday
2021 July Patch TuesdayIvanti
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021Ivanti
 
2021 August Patch Tuesday
2021 August Patch Tuesday2021 August Patch Tuesday
2021 August Patch TuesdayIvanti
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch TuesdayIvanti
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxIvanti
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesdayIvanti
 
Analyse Patch Tuesday - juin
Analyse Patch Tuesday - juinAnalyse Patch Tuesday - juin
Analyse Patch Tuesday - juinIvanti
 
August 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchAugust 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchIvanti
 
February 2021 Patch Tuesday
February 2021 Patch TuesdayFebruary 2021 Patch Tuesday
February 2021 Patch TuesdayIvanti
 

Semelhante a 2022 April Patch Tuesday (20)

2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slides
 
2022 June FR Patch Tuesday
2022 June FR Patch Tuesday2022 June FR Patch Tuesday
2022 June FR Patch Tuesday
 
2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch Tuesday
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch Tuesday
 
May 2021 Patch Tuesday
May 2021 Patch TuesdayMay 2021 Patch Tuesday
May 2021 Patch Tuesday
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch Tuesday
 
2022 July Patch Tuesday
2022 July Patch Tuesday2022 July Patch Tuesday
2022 July Patch Tuesday
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch Tuesday
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch Tuesday
 
2021 July Patch Tuesday
2021 July Patch Tuesday2021 July Patch Tuesday
2021 July Patch Tuesday
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021
 
2021 August Patch Tuesday
2021 August Patch Tuesday2021 August Patch Tuesday
2021 August Patch Tuesday
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch Tuesday
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
 
Analyse Patch Tuesday - juin
Analyse Patch Tuesday - juinAnalyse Patch Tuesday - juin
Analyse Patch Tuesday - juin
 
August 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchAugust 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - French
 
February 2021 Patch Tuesday
February 2021 Patch TuesdayFebruary 2021 Patch Tuesday
February 2021 Patch Tuesday
 

Mais de Ivanti

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de AbrilIvanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - AvrilIvanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia AprileIvanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - MarsIvanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de MarzoIvanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia MarzoIvanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de FebreroIvanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - FévrierIvanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioIvanti
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch TuesdayIvanti
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch TuesdayIvanti
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch TuesdayIvanti
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de EneroIvanti
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – JanvierIvanti
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de DiciembreIvanti
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – DécembreIvanti
 
2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia DicembreIvanti
 
Patch Tuesday Italia Novembre
Patch Tuesday Italia NovembrePatch Tuesday Italia Novembre
Patch Tuesday Italia NovembreIvanti
 
Français Patch Tuesday – Novembre
Français Patch Tuesday – NovembreFrançais Patch Tuesday – Novembre
Français Patch Tuesday – NovembreIvanti
 

Mais de Ivanti (20)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – Décembre
 
2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre
 
Patch Tuesday Italia Novembre
Patch Tuesday Italia NovembrePatch Tuesday Italia Novembre
Patch Tuesday Italia Novembre
 
Français Patch Tuesday – Novembre
Français Patch Tuesday – NovembreFrançais Patch Tuesday – Novembre
Français Patch Tuesday – Novembre
 

Último

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 

Último (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 

2022 April Patch Tuesday

  • 1. Patch Tuesday Webinar Wednesday, April 13, 2022 Hosted by Chris Goettl and Todd Schell
  • 2. Agenda April 2022 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
  • 4. Copyright © 2022 Ivanti. All rights reserved. April Patch Tuesday 2022 Spring is in full swing! There were several updates leading to April Patch Tuesday you need to be aware of. Spring4Shell vulnerability updates were released for multiple versions of Apache Tomcat and a variety of VMware products. Google Chrome and Mozilla Firefox received updates leading up to Patch Tuesday as well. Adobe released a large update for Acrobat and Reader this Patch Tuesday and Microsoft provided us with 17 updates -12 rated Critical. Check out the Ivanti April Patch Tuesday blog for more details on the Zero Day and Publicly Disclosed vulnerabilities and key areas to focus your testing this month spending your time and efforts effectively!
  • 6. Copyright © 2022 Ivanti. All rights reserved. In the News  Spring4Shell flaw is being used to spread botnet malware  https://www.zdnet.com/article/spring4shell-flaw-is-now-being-used-to- spread-this-botnet-malware/  https://www.microsoft.com/security/blog/2022/04/04/springshell-rce- vulnerability-guidance-for-protecting-against-and-detecting-cve-2022- 22965/  OpenSSL vulnerability can ‘definitely be weaponized’  https://www.scmagazine.com/analysis/application-security/openssl- vulnerability-can-definitely-be-weaponized-nsa-cyber-director-says  https://www.securityweek.com/cybersecurity-vendors-assessing-impact- recent-openssl-vulnerability  Russian Hackers Tried Attacking Ukraine's Power Grid  https://thehackernews.com/2022/04/russian-hackers-tried-attacking.html
  • 7. Copyright © 2022 Ivanti. All rights reserved. Publicly Disclosed Vulnerability  CVE-2022-26904 Windows User Profile Service Elevation of Privilege Vulnerability  CVSS 3.1 Scores: 7.0 / 6.5  Severity: Important  Impacts all Windows workstation and server operating systems. Known Exploited Vulnerability  CVE-2022-24521 Windows Common Log File System Driver Elevation of Privilege Vulnerability  CVSS 3.1 Scores: 7.8 / 7.2  Severity: Important  Impacts all Windows workstation and server operating systems.
  • 8. Copyright © 2022 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001  Updated SSUs this month  Windows Server 2012  Windows 8.1/Server 2012 R2  Windows 10 (as shown)  Development Tool and Other Updates  Azure Site Recovery VMWare to Azure  Visual Studio 2022 (multiple)  Visual Studio 2019 (multiple)  Visual Studio 2017 (multiple)  Visual Studio Code  YARP 1.0/1.1RC Source: Microsoft
  • 9. Copyright © 2022 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H2 11/16/2021 6/11/2024 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 1909 11/12/2019 5/10/2022 Windows 10 Home and Pro Version Release Date End of Support Date 21H2 11/16/2021 6/13/2023 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/10/2022 Windows Datacenter and Standard Server Version Release Date End of Support Date 2022 8/18/2021 10/13/2026 20H2 10/20/2020 5/10/2022 Windows 11 Home and Pro Version Release Date End of Support Date 21H2 10/4/2021 10/10/2023  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows
  • 10. Copyright © 2022 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
  • 11. Copyright © 2022 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
  • 13. Copyright © 2022 Ivanti. All rights reserved. APSB22-16: Security Update for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (all current versions)  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical, important and moderate vulnerabilities. Of the 62 reported vulnerabilities, 35 are rated Critical. See https://helpx.adobe.com/security/products/acrobat/apsb22-16.html for complete details.  Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and Information Disclosure  Fixes 62 Vulnerabilities: See link to Adobe bulletin  Restart Required: Requires application restart
  • 14. Copyright © 2022 Ivanti. All rights reserved. MS22-04-W11: Windows 11 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 11 Version 21H2 and Edge Chromium  Description: This bulletin references KB 5012592.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 67 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022- 26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide
  • 15. Copyright © 2022 Ivanti. All rights reserved. April Known Issues for Windows 11  KB 5012592 – Windows 11  [Recovery Fail] After installing the Windows updates released January 11, 2022 or later Windows versions on an affected version of Windows, recovery discs (CD or DVD) created by using the Backup and Restore (Windows 7) app in Control Panel might be unable to start. Workaround: None. Microsoft is working on a resolution. Note: No third-party backup or recovery apps are currently known to be affected by this issue.
  • 16. Copyright © 2022 Ivanti. All rights reserved. MS22-04-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1809, 1909, 2004, 20H2, 21H1, 21H2, Server 2016, Server 2019, Server 2022, Server version 1909, Server version 2004, Server version 20H2, Server 21H1, IE 11, and Edge Chromium  Description: This bulletin references 6 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 97 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022- 26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
  • 17. Copyright © 2022 Ivanti. All rights reserved. April Known Issues for Windows 10  KB 5012653 – Windows 10  [Recovery Fail]  KB 5012596 – Windows 10, version 1607, Windows Server 2016  [AD Forest Trust] After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Workaround: To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note: These out-of-band updates are not available from Windows Update and will not install automatically. See KB for a list of .NET links.  [Recovery Fail]
  • 18. Copyright © 2022 Ivanti. All rights reserved. April Known Issues for Windows 10 (cont)  KB 5012647 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.  [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.  [AD Forest Trust] and [Recovery Fail]
  • 19. Copyright © 2022 Ivanti. All rights reserved. April Known Issues for Windows 10  KB 5012591 – Windows 10 Enterprise, version 1909 Windows 10 Enterprise and Education, version 1909  [Recovery Fail]  KB 5012599 –Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1  [Scavaged] After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING". Workaround: In place upgrade. For more information and a workaround, see KB5005322.
  • 20. Copyright © 2022 Ivanti. All rights reserved. April Known Issues for Windows 10 (cont)  KB 5012599 –Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1 (cont)  [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. See KB for details.  [Smart Card Failure] After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red. Workaround: Requires use of Known Issue Rollback (KIR). See KB for details.  [Recovery Fail]
  • 21. Copyright © 2022 Ivanti. All rights reserved. April Known Issues for Windows 10 (cont)  KB 5012604 – Server 2022  [Smart Card Failure]  [AD Forest Trust]
  • 22. Copyright © 2022 Ivanti. All rights reserved. MS22-04-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This security update includes improvements and fixes that were a part of update KB 5011534 (released March 8, 2022). Addresses a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, an issue in which domain joins may fail, and an issue that prevents you from changing a password that has expired. Bulletin is based on KB 5012658.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 45 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022- 26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide.
  • 23. Copyright © 2022 Ivanti. All rights reserved. April Known Issues for Server 2008  KB 5012658 – Windows Server 2008 (Monthly Rollup)  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  KB 5012632 – Windows Server 2008 (Security-only Update)  [File Rename]
  • 24. Copyright © 2022 Ivanti. All rights reserved. MS22-04-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Addresses a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, and an issue in which domain joins may fail. Bulletin is based on KB 5012632.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 45 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022- 26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See previous slide.
  • 25. Copyright © 2022 Ivanti. All rights reserved. MS22-04-MR7-ESU: Monthly Rollup for Win 7 MS22-04-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11  Description: This security update includes improvements and fixes that were a part of update KB 5011552 (released March 8, 2022). Addresses a Windows Media Center configuration issue, a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, an issue in which domain joins may fail, a service principal name (SPN) alias write issue and an issue that prevents you from changing a password that has expired. Bulletin is based on KB 5012626.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 51 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022-26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  • 26. Copyright © 2022 Ivanti. All rights reserved. MS22-04-SO7-ESU: Security-only Update for Win 7 MS22-04-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Addresses a Windows Media Center configuration issue, a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, an issue in which domain joins may fail, and a service principal name (SPN) alias write issue. Bulletin is based on KB 5012649.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 51 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022-26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  • 27. Copyright © 2022 Ivanti. All rights reserved. MS22-04-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB 5011535 (released previous March 8, 2022). Addresses a Windows Media Center configuration issue, a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, an issue in which domain joins may fail, a service principal name (SPN) alias write issue and an issue that prevents you from changing a password that has expired. Bulletin is based on KB 5012650.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 59 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022-26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]
  • 28. Copyright © 2022 Ivanti. All rights reserved. MS22-04-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Addresses a Windows Media Center configuration issue, a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, an issue in which domain joins may fail, and a service principal name (SPN) alias write issue. Bulletin is based on KB 5012666.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 59 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022- 26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]
  • 29. Copyright © 2022 Ivanti. All rights reserved. MS22-04-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 5011564 (released March 8, 2022) Addresses a Windows Media Center configuration issue, a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, an issue in which domain joins may fail, a service principal name (SPN) alias write issue and an issue that prevents you from changing a password that has expired and an issue in which Windows might go into BitLocker recovery. Bulletin is based on KB 5012670.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 65 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022-26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]
  • 30. Copyright © 2022 Ivanti. All rights reserved. MS22-04-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Addresses a Windows Media Center configuration issue, a memory leak that was introduced by the PacRequestorEnforcement registry key, a logging error during password changes, and an issue in which domain joins may fail. Bulletin is based on KB 5012639.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 65 Vulnerabilities: CVE-2022-24521 is known exploited and CVE-2022-26904 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]
  • 31. Copyright © 2022 Ivanti. All rights reserved. MS22-04-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Excel 2013 and 2016, Office 2013 and 2016, Office 2019 & LTSC 2021 for macOS, Office Online Server, Lync Server 2013, and Skype Server for Business 2015 & 2019  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references just the release notes for the macOS Office.  Impact: Remote Code Execution, Spoofing, and Information Disclosure  Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-24473, CVE-2022-26901, CVE-2022-26910 and CVE-2022- 26911 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  • 32. Copyright © 2022 Ivanti. All rights reserved. MS22-04-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021  Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution  Fixes 2 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-24473 and CVE-2022-26901 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  • 33. Copyright © 2022 Ivanti. All rights reserved. MS22-04-SPT: Security Updates for SharePoint Server  Maximum Severity: Important  Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Foundation Server 2013, SharePoint Enterprise Server 2016, and SharePoint Server 2019  Description: This update contains an extensive list of security, performance, and bug fixes. Review the KB articles for details. This bulletin is based on 4 KB articles.  Impact: Remote Code Execution and Spoofing  Fixes 2 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-24472 and CVE-2022-26901 are fixed in this release.  Restart Required: Requires restart  Known Issues: See next slide
  • 34. Copyright © 2022 Ivanti. All rights reserved. April Known Issues for SharePoint Server  KB 5002191 – SharePoint Server Subscription Edition  [Home Page] Modern home page (or any site pages) cannot render well in Internet Explorer browser and on modern home page (or any site pages), you cannot do the "open the detail pane" action in the List web part and Document Library web part. Workaround: Access the corresponding list or document page to do the similar operation.
  • 35. Copyright © 2022 Ivanti. All rights reserved. MS22-04-MRNET: Monthly Rollup for Microsoft .NET  Maximum Severity: Important  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8  Description: This update addresses an issue where an unauthenticated attacker could cause a denial of service on an affected system. Additional quality and reliability updates are included as well. This bulletin references 14 KB articles.  Impact: Denial of Service  Fixes 1 Vulnerability: CVE-2022-26832 is not publicly disclosed or known exploited.  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported
  • 36. Copyright © 2022 Ivanti. All rights reserved. MS22-04-SONET: Security-only Update for Microsoft .NET  Maximum Severity: Important  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8  Description: This update addresses an issue where an unauthenticated attacker could cause a denial of service on an affected system. Additional quality and reliability updates are included as well. This bulletin references 14 KB articles.  Impact: Denial of Service  Fixes 1 Vulnerability: CVE-2022-26832 is not publicly disclosed or known exploited.  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported
  • 38. Copyright © 2022 Ivanti. All rights reserved. Release Summary  Security Updates (with CVEs): Apache Tomcat (3), Apple iTunes (1), Google Chrome (4), Amazon Corretto (1), Docker for Windows (2), Firefox (1), Firefox ESR (1), Node.JS (4), Snagit (1), Thunderbird (1)  Security (w/o CVEs): Adobe Acrobat DC and Acrobat Reader (1), Adobe Acrobat and Acrobat Reader (2), Box Edit (2), Camtasia (1), Google Chrome (1), Falcon Sensor for Windows (3), Citrix Workspace App (3), Docker for Windows Stable (1), Dropbox (2), Evernote (3), Firefox (2), Firefox ESR (1), FileZilla Client (1), GoodSync (5), Google Earth Pro (1), IrfanView (1), Jabra Direct (1), LibreOffice (2), Malwarebytes (2), Node.JS (Current) (4), Node.JS (LTS Upper) (1), Node.JS (Maintain) (1), Notepad++ (1), Opera (5), Paint.net (2), Plantronics Hub (1), Plex Media Server (3), Skype (1), Slack Machine-Wide Installer (2), Splunk Universal Forwarder (1), Sourcetree for Windows Enterprise (1), Tableau Desktop (5), Tableau Prep Builder (1), Tableau Reader (1), Apache Tomcat (3), TortoiseSVN (1), TeamViewer (4), UltraVNC (2), VMware Horizon Client (3), VMware Workstation Player (1), VMware Workstation Pro (1), Wireshark (2), WinRAR (1), Zoom Client (3), Zoom Outlook Plugin (1), Zoom VDI (1)  Non-Security Updates: AIMP (2), Apple Mobile Device Support (1), Beyond Compare (1), BlueJeans Outlook Addin (1), Cisco WebEx Teams (1), Google Drive File Stream (1), GeoGebra Classic (3), BlueJeans (2), NextCloud Desktop Client (1), PDF-Xchange PRO (1), Plantronics Hub (1), Python (4), R for Windows (1), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (4), RealVNC Server (2), RealVNC Viewer (2), TortoiseHG (1)
  • 39. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information  Apple iTunes 12.12.3.5  AI-220309, QAI121235  Fixes 4 Vulnerabilities: CVE-2022-22611, CVE-2022-22662, CVE-2022-22612, CVE-2022- 22629  Apache Tomcat 10.0.20.0, 9.0.62.0, 8.5.78.0  Date: 220401, Multiple Qcodes  Fixes 1 Vulnerability: CVE-2022-22965  Docker for Windows Stable 4.6.0.0  DOCKER-220315, QDOCKER4600  Fixes 1 Vulnerability: CVE-2022-0847  Docker for Windows Stable 4.7.0.0  DOCKER-220407, QDOCKER4700  Fixes 1 Vulnerability: CVE-2022-24769
  • 40. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Google Chrome 99.0.4844.74  CHROME-220315, QGC990484474  Fixes 10 Vulnerabilities: CVE-2022-0971, CVE-2022-0973, CVE-2022-0979, CVE-2022- 0974, CVE-2022-0972, CVE-2022-0980, CVE-2022-0975, CVE-2022-0976, CVE-2022- 0977, CVE-2022-0978  Google Chrome 99.0.4844.84  CHROME-220325, QGC990484484  Fixes 1 Vulnerability: CVE-2022-1096  Google Chrome 100.0.4896.60  CHROME-220329, QGC1000489660  Fixes 20 Vulnerabilities: CVE-2022-1130, CVE-2022-1128, CVE-2022-1125, CVE-2022- 1129, CVE-2022-1131, CVE-2022-1138, CVE-2022-1127, CVE-2022-1133, CVE-2022-1132, CVE-2022-1143, CVE-2022-1135, CVE-2022-1134, CVE-2022-1139, CVE-2022-1144, CVE- 2022-1136, CVE-2022-1141, CVE-2022-1145, CVE-2022-1137, CVE-2022-1146, CVE- 2022-1142
  • 41. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Google Chrome 100.0.4896.75  CHROME-220325, QGC1000489675  Fixes 1 Vulnerability: CVE-2022-1232  Snagit 2021.4.5  SNAG21-220315, QSNAG2145  Fixes 1 Vulnerability: CVE-2018-1285  Amazon Corretto 8 Update 322  CORRETTO8-322, QCRTOJRE8322  Fixes 13 Vulnerabilities: CVE-2022-21305, CVE-2022-21283, CVE-2022-21282, CVE- 2022-21248, CVE-2022-21294, CVE-2022-21293, CVE-2022-21296, CVE-2022- 21340, CVE-2022-21360, CVE-2022-21299, CVE-2022-21341, CVE-2022-21349, CVE-2022-21365
  • 42. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox 99.0  FF-220405, QFF99  Fixes 11 Vulnerabilities: CVE-2022-28283, CVE-2022-28282, CVE-2022-28288, CVE-2022- 1097, CVE-2022-28289, CVE-2022-28284, CVE-2022-24713, CVE-2022-28286, CVE- 2022-28281, CVE-2022-28285, CVE-2022-28287  Firefox ESR 91.8.0  FFE-220405, QFFE9180  Fixes 8 Vulnerabilities: CVE-2022-24713, CVE-2022-28282, CVE-2022-28289, CVE-2022- 1097, CVE-2022-28281, CVE-2022-1196, CVE-2022-28285, CVE-2022-28286  Thunderbird 91.8.0  TB-220405, QTB9180  Fixes 9 Vulnerabilities: CVE-2022-1197, CVE-2022-28289, CVE-2022-1097, CVE-2022- 1196, CVE-2022-28282, CVE-2022-24713, CVE-2022-28286, CVE-2022-28281, CVE- 2022-28285
  • 43. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Node.JS 17.7.2 (Current)  NOJSC-220318, QNODEJSC1772  Node.JS 14.19.1 (LTS Lower)  NOJSLL-220318, QNODEJSL14191  Node.JS 16.14.2 (LTS Upper)  NOJSLU-220318, QNODEJSLU16142  Node.JS 12.22.11 (Maintain)  NOJSM-220318, QNODEJSLU122211  Fixes 1 Vulnerability in each: CVE-2022-0778
  • 44. Q & A
  • 45. Copyright © 2022 Ivanti. All rights reserved. Thank You!