2022 May Patch Tuesday

1. Patch Tuesday Webinar Wednesday, May 11, 2022 Hosted by Chris Goettl and Todd Schell

2. Agenda May 2022 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A

3. Overview

4. Copyright © 2022 Ivanti. All rights reserved. May Patch Tuesday 2022 May Patch Tuesday is upon us and there is a lot more than the monthly updates to be aware of. Windows 10 and Server editions have three end-of-life events this month, Internet Explorer 11 desktop application is only a month away from its end-of-life, Exchange Server 2019 shifts to 2 cumulative updates per year instead of quarterly, and the CVE count in the CISA Known Exploited Vulnerabilities Catalog has increased to 659 known exploited CVEs that agencies should be looking to plug in their environments. So, while this month’s Patch Tuesday update lineup is pretty standard fare with only one known exploited and a couple publicly disclosed vulnerabilities, the additional activities may keep you busy.

5. In the News

6. Copyright © 2022 Ivanti. All rights reserved. In the News  Exchange Server Servicing Model Changes  https://techcommunity.microsoft.com/t5/exchange-team-blog/released- 2022-h1-cumulative-updates-for-exchange-server/ba-p/3285026  Exchange Server 2013 and 2016 in extended support  Exchange Server 2019 going to 2 CUs per year  H1 in March  H2 in September  Next update in September  Hotfixes still an option

7. Copyright © 2022 Ivanti. All rights reserved. In the News  Internet 11 EOL  https://techcommunity.microsoft.com/t5/windows-it-pro-blog/internet- explorer-11-desktop-app-retirement-faq/ba-p/2366549  The following will continue to get security updates until their EOL:  Windows 8.1  Windows 7 Extended Security Updates (ESU)  Windows Server SAC (all versions)  Windows 10 IoT Long-Term Servicing Channel (LTSC) (all versions)  Windows Server LTSC (all versions)  Windows 10 client LTSC (all versions)  When in doubt:  IE Mode in Microsoft Edge  Supported until 2029

8. Copyright © 2022 Ivanti. All rights reserved. In the News  CISA Known Exploited Vulnerabilities Catalog Continues to Grow  Catalog is now tracking 659 known exploited vulnerabilities  Shift to risk-based vulnerability management to get real world risk visibility to improve prioritization  https://www.cisa.gov/known-exploited-vulnerabilities-catalog

9. Copyright © 2022 Ivanti. All rights reserved. Known Exploited and Publicly Disclosed Vulnerability  CVE-2022-26925 Windows LSA Spoofing Vulnerability  CVSS 3.1 Scores: 8.1 / 7.1  Severity: Important  Impacts all Windows workstation and server operating systems.  Through vulnerability chaining CVE-2022-26925 and NTLM Relay Attacks on Active Directory Certificate Services (AD CS) combined CVSS score becomes 9.8  Microsoft is urging DCs to be patched sooner because of this risk  https://msrc.microsoft.com/update-guide/vulnerability/ADV210003

10. Copyright © 2022 Ivanti. All rights reserved. Publicly Disclosed Vulnerability  CVE-2022-22713 Windows Hyper-V Denial of Service Vulnerability  CVSS 3.1 Scores: 5.6 / 5.1  Severity: Important  Impacts Windows 10 20H2, 21H1 and 21H2.

11. Copyright © 2022 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001  Updated SSUs this month  Windows Server 2012  Windows 8.1/Server 2012 R2  Windows 10 (as shown)  Windows 10 1607/Server 2016  Development Tool and Other Updates  .NET Core 3.1  .NET 5.0 and 6.0  Visual Studio 2017 - 2022 (multiple)  Visual Studio Code Source: Microsoft

12. Copyright © 2022 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H2 11/16/2021 6/11/2024 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 1909 11/12/2019 5/10/2022 Windows 10 Home and Pro Version Release Date End of Support Date 21H2 11/16/2021 6/13/2023 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/10/2022 Windows Datacenter and Standard Server Version Release Date End of Support Date 2022 8/18/2021 10/13/2026 20H2 10/20/2020 5/10/2022 Windows 11 Home and Pro Version Release Date End of Support Date 21H2 10/4/2021 10/10/2023  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows

14. Copyright © 2022 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)

15. Bulletins and Releases

16. Copyright © 2022 Ivanti. All rights reserved. MS22-05-W11: Windows 11 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 11 Version 21H2 and Edge Chromium  Description: This bulletin references KB 5013943.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 44 Vulnerabilities: CVE-2022-26925 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide

17. Copyright © 2022 Ivanti. All rights reserved. May Known Issues for Windows 11  KB 5013943 – Windows 11  [Recovery Fail] After installing the Windows updates released January 11, 2022 or later Windows versions on an affected version of Windows, recovery discs (CD or DVD) created by using the Backup and Restore (Windows 7) app in Control Panel might be unable to start. Workaround: None. Microsoft is working on a resolution. Note: No third-party backup or recovery apps are currently known to be affected by this issue.

18. Copyright © 2022 Ivanti. All rights reserved. MS22-05-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1809, 1909, 2004, 20H2, 21H1, 21H2, Server 2016, Server 2019, Server 2022, Server version 1909, Server version 2004, Server version 20H2, Server 21H1, IE 11, and Edge Chromium  Description: This bulletin references 6 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 60 Vulnerabilities: CVE-2022-26925 is known exploited and publicly disclosed. CVE-2022-22713 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides

19. Copyright © 2022 Ivanti. All rights reserved. May Known Issues for Windows 10  KB 5013952 – Windows 10, version 1607, Windows Server 2016  [AD Forest Trust] After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Workaround: To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note: These out-of-band updates are not available from Windows Update and will not install automatically. See KB for a list of .NET links.

20. Copyright © 2022 Ivanti. All rights reserved. May Known Issues for Windows 10 (cont)  KB 5013941 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.  [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.

21. Copyright © 2022 Ivanti. All rights reserved. May Known Issues for Windows 10 (cont)  KB 5013941 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019 (cont)  [Recovery Fail] After installing the Windows updates released January 11, 2022 or later Windows versions on an affected version of Windows, recovery discs (CD or DVD) created by using the Backup and Restore (Windows 7) app in Control Panel might be unable to start. Workaround: None. Microsoft is working on a resolution. Note: No third-party backup or recovery apps are currently known to be affected by this issue.  [GPO Error] Windows server computers might log Event ID 40 in the System event log each time a Group Policy is updated or refreshed on a server or client. The error is found with the Description, ”The event logging service encountered an error when attempting to apply one or more policy settings.” This issue occurs after installing Windows updates released on or after January 11, 2022. Workaround: None. Microsoft is working on a resolution.  [AD Forest Trust]

22. Copyright © 2022 Ivanti. All rights reserved. May Known Issues for Windows 10  KB 5013942 –Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1  [Scavaged] After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING". Workaround: In place upgrade. For more information and a workaround, see KB5005322.  [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. See KB for details.  [Recovery Fail]

24. Copyright © 2022 Ivanti. All rights reserved. MS22-05-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This cumulative security update contains improvements that are part of update KB 5012658 (released April 12, 2022). Addresses a Key Distribution Center (KDC) code error and incorrect log warning and error events related to domain trust. Bulletin is based on KB 5014010.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 26 Vulnerabilities: CVE-2022-26925 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide.

25. Copyright © 2022 Ivanti. All rights reserved. May Known Issues for Server 2008  KB 5014010 – Windows Server 2008 (Monthly Rollup)  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  KB 5014006 – Windows Server 2008 (Security-only Update)  [File Rename]

26. Copyright © 2022 Ivanti. All rights reserved. MS22-05-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Addresses a Key Distribution Center (KDC) code error and incorrect log warning and error events related to domain trust. Bulletin is based on KB 5014006.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 26 Vulnerabilities: CVE-2022-26925 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See previous slide.

27. Copyright © 2022 Ivanti. All rights reserved. MS22-05-MR7-ESU: Monthly Rollup for Win 7 MS22-05-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11  Description: This cumulative security update contains improvements that are part of update KB 5012626 (released April 12, 2022). Addresses a Key Distribution Center (KDC) code error and incorrect log warning and error events related to domain trust. Bulletin is based on KB 5014012.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 28 Vulnerabilities: CVE-2022-26925 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]

28. Copyright © 2022 Ivanti. All rights reserved. MS22-05-SO7-ESU: Security-only Update for Win 7 MS22-05-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Addresses a Key Distribution Center (KDC) code error and incorrect log warning and error events related to domain trust. Bulletin is based on KB 5013999.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 28 Vulnerabilities: CVE-2022-26925 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]

29. Copyright © 2022 Ivanti. All rights reserved. MS22-05-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: This cumulative security update contains improvements that are part of update KB 5012650 (released April 12, 2022). Addresses a Key Distribution Center (KDC) code error and incorrect log warning and error events related to domain trust. Bulletin is based on KB 5014017.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 42 Vulnerabilities: CVE-2022-26925 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]

30. Copyright © 2022 Ivanti. All rights reserved. MS22-05-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Addresses a Key Distribution Center (KDC) code error and incorrect log warning and error events related to domain trust. Bulletin is based on KB 5014018.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 42 Vulnerabilities: CVE-2022-26925 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]

31. Copyright © 2022 Ivanti. All rights reserved. MS22-05-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This cumulative security update contains improvements that are part of update KB 5012670 (released April 12, 2022). Addresses a Key Distribution Center (KDC) code error and incorrect log warning and error events related to domain trust. Bulletin is based on KB 5014011.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 44 Vulnerabilities: CVE-2022-26925 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]

32. Copyright © 2022 Ivanti. All rights reserved. MS22-05-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Addresses a Key Distribution Center (KDC) code error and incorrect log warning and error events related to domain trust. Bulletin is based on KB 5014001.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 44 Vulnerabilities: CVE-2022-26925 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]

33. Copyright © 2022 Ivanti. All rights reserved. MS22-05-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Excel 2013 and 2016, Office Online Server, Web Access Server, Publisher 2013 & 2016 and Word 2013 & 2016  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references 8 KB articles.  Impact: Remote Code Execution and Security Feature Bypass  Fixes 3 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-29107, CVE-2022-29109, and CVE-2022-29110 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported

34. Copyright © 2022 Ivanti. All rights reserved. MS22-05-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021  Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution and Security Feature Bypass  Fixes 2 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-29107 and CVE-2022-29109 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported

35. Copyright © 2022 Ivanti. All rights reserved. MS22-05-EXCH: Security Updates for Exchange Server  Maximum Severity: Important  Affected Products: Microsoft Exchange Server 2013 CU23, Exchange Server 2016 CU22 & CU23, and Exchange Server 2019 CU11 & CU12.  Description: This security update fixes vulnerabilities in Microsoft Exchange. This bulletin is based on KB 5014261 and KB 5014260.  Impact: Elevation of Privilege  Fixes 1 Vulnerability: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-21978 is fixed in this release.  Restart Required: Requires restart  Known Issues: None reported NOTE: Additional action for /PrepareAllDomains is required. See KBs for details. See also New Exchange Server Security Update and Hotfix Packaging (KB 5011363).

36. Copyright © 2022 Ivanti. All rights reserved. MS22-05-SPT: Security Updates for SharePoint Server  Maximum Severity: Important  Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Foundation Server 2013, SharePoint Enterprise Server 2016, and SharePoint Server 2019  Description: This update contains an extensive list of security, performance, and bug fixes. Review the KB articles for details. This bulletin is based on 4 KB articles.  Impact: Remote Code Execution  Fixes 1 Vulnerability: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-29108 is fixed in this release.  Restart Required: Requires restart  Known Issues: None reported

37. Copyright © 2022 Ivanti. All rights reserved. MS22-05-MRNET: Monthly Rollup for Microsoft .NET  Maximum Severity: Low  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8  Description: This update addresses an issue where an unauthenticated attacker could cause a denial of service on an affected system. Additional quality and reliability updates are included as well. This bulletin references 14 KB articles.  Impact: Denial of Service  Fixes 1 Vulnerability: CVE-2022-30130 is not publicly disclosed or known exploited.  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported

38. Copyright © 2022 Ivanti. All rights reserved. MS22-05-SONET: Security-only Update for Microsoft .NET  Maximum Severity: Low  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8  Description: This update addresses an issue where an unauthenticated attacker could cause a denial of service on an affected system. Additional quality and reliability updates are included as well. This bulletin references 14 KB articles.  Impact: Denial of Service  Fixes 1 Vulnerability: CVE-2022-30130 is not publicly disclosed or known exploited.  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported

39. Between Patch Tuesdays

40. Copyright © 2022 Ivanti. All rights reserved. Release Summary  Security Updates (with CVEs): Google Chrome (2), Corretto (3), Firefox (1), Firefox ESR (1), Foxit PDF Editor (1), Foxit PDF Reader Consumer (1), Foxit PDF Reader Enterprise (1), GIT for windows (1), Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1), VirtualBox (1), Pulse Secure VPN Desktop Client (1)  Security (w/o CVEs): Box Edit (1), Camtasia (2), Google Chrome (1), Docker for Windows Stable (3), Dropbox (1), Eclipse Adoptium (4), Evernote (1), GoodSync (2), GIT for windows (3), GoToMeeting (1), Cisco Jabber (2), Jabra Direct (1), Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1), LibreOffice (1), Malwarebytes (1), Node.JS (Current) (2), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1), Notepad++ (1), Opera (3), Apache OpenOffice (1), Pidgin (1), Plex Media Server (1), Royal TS (3), Skype (1), SeaMonkey (1), Slack Machine-Wide Installer (2), Tableau Desktop (5), Tableau Reader (1), Thunderbird (2), TeamViewer (1), VLC Media Player (1), Wireshark (2), Zoom Client (3), Zoom Outlook Plugin (1), Zoom VDI (2), Azul Zulu (3)  Non-Security Updates: Bandicut (1), Box Drive (1), Google Drive File Stream (1), GeoGebra Classic (2), BlueJeans (1), KeePass Pro (2), KeePass Classic (1), KeePassXC (1), NextCloud Desktop Client (1), PDF-Xchange PRO (1), R for Windows (1), Rocket.Chat Desktop Client (3), TortoiseHG (2), Cisco WebEx (3), WinMerge (1)

41. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information  Corretto 8.332.08.1  CRTO8-220419, QCRTOJDK8332  Fixes 10 Vulnerabilities: CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022- 21476, CVE-2022-21496, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE- 2022-21476, CVE-2022-21496  Corretto 11.0.15.9.1  CRTO11-220419, QCRTOJDK11015  Fixes 5 Vulnerabilities: CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022- 21476, CVE-2022-21496  Corretto 17.0.3.6.1  CRTO17-220419, QCRTOJDK1703  Fixes 4 Vulnerabilities: CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022- 21496

42. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information  Java 8 Update 331  JAVA8-220419, QJDK8U331  Fixes 12 Vulnerabilities: CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022- 21449, CVE-2022-21476, CVE-2022-21496, CVE-2022-21426, CVE-2022-21434, CVE- 2022-21443, CVE-2022-21449, CVE-2022-21476, CVE-2022-21496  Java Development Kit 11 Update 11.0.15  JDK11-220419, QJDK11015  Fixes 6 Vulnerabilities: CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022- 21449, CVE-2022-21476, CVE-2022-21496  Java Development Kit 17 Update 17.0.3.0  JDK17-220419, QJDK1703  Fixes 6 Vulnerabilities: CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022- 21449, CVE-2022-21476, CVE-2022-21496

43. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Google Chrome 100.0.4896.127  CHROME-220414, QGC10004896127  Fixes 1 Vulnerability: CVE-2022-1364  Google Chrome 101.0.4951.41  CHROME-220426, QGC1010495141  Fixes 25 Vulnerabilities: CVE-2022-1477, CVE-2022-1478, CVE-2022-1479, CVE- 2022-1480, CVE-2022-1481, CVE-2022-1482, CVE-2022-1483, CVE-2022-1484, CVE-2022-1485, CVE-2022-1486, CVE-2022-1487, CVE-2022-1488, CVE-2022- 1489, CVE-2022-1490, CVE-2022-1491, CVE-2022-1492, CVE-2022-1493, CVE- 2022-1494, CVE-2022-1495, CVE-2022-1496, CVE-2022-1497, CVE-2022-1498, CVE-2022-1499, CVE-2022-1500, CVE-2022-1501

44. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox 100.0  FF-220503, QFF100  Fixes 9 Vulnerabilities: CVE-2022-29909, CVE-2022-29910, CVE-2022-29911, CVE-2022- 29912, CVE-2022-29914, CVE-2022-29915, CVE-2022-29916, CVE-2022-29917, CVE- 2022-29918  Firefox ESR 91.9.0  FFE-220503, QFFE9190  Fixes 6 Vulnerabilities: CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022- 29914, CVE-2022-29916, CVE-2022-29917  Foxit PDF Editor 11.2.2.53575  FPDFE-220509, QFPDFE112253575  Fixes 1 Vulnerability: CVE-2022-25641  Also fixed in Foxit PDF Reader (Consumer and Enterprise)

45. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  GIT for Windows 2.35.2.1  GIT-220413, QGIT23521  Fixes 2 Vulnerabilities: CVE-2022-24765, CVE-2022-24767  VirtualBox 6.1.34  OVB61-220420, QOVB6134  Fixes 6 Vulnerabilities: CVE-2021-40438, CVE-2022-21465, CVE-2022-21471, CVE-2022-21487, CVE-2022-21488, CVE-2022-21491  Pulse Secure VPN Desktop Client 9.1.15.15819  PSVPN-220422, QPSFVPN9115  Fixes 1 Vulnerability: CVE-2022-0778

46. Q & A

2022 May Patch Tuesday

Esté a ler uma amostra.

Confira estes a seguir

2022 May Patch Tuesday

Mais Conteúdo rRelacionado

Semelhante a 2022 May Patch Tuesday (20)

Mais de Ivanti (13)

Mais recentes (20)

2022 May Patch Tuesday