Ivanti Patch Tuesday for February 2020

Patch Tuesday Webinar
Wednesday, February 12, 2020
Hosted by: Chris Goettl & Todd Schell
Dial in: 1-877-668-4490 (US)
Event ID: 803 280 750

Copyright©2019Ivanti.Allrightsreserved
Agenda
February 2020 Patch Tuesday Overview
In the News
Bulletins
Q & A
1
2
3
4

 Overview

 In the News

In The News . . .
 IE Zero Day Vulnerability
 https://threatpost.com/microsoft-zero-day-actively-exploited-patch/152018/
 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001
 ESU Updates Require Pre-requisites to Apply
 https://support.microsoft.com/en-us/help/4522133/procedure-to-continue-
receiving-security-updates
 https://support.microsoft.com/en-us/help/4538483/extended-security-updates-esu-
licensing-preparation-package
 https://support.microsoft.com/en-us/help/4538484/extended-security-updates-esu-
licensing-preparation-package
 https://forums.ivanti.com/s/article/Custom-Patch-Support-for-Microsoft-s-Windows-
7-and-Server-2008-2008-R2-Extended-Support

Patch Tuesday Webinar Series
This is our largest ever audience for Patch Tuesday!
Thanks to all of our loyal viewers!
If you have not already you can sign up for all of the 2020 webinar series here:
https://www.ivanti.com/lp/patch/webinars/patch-tuesday
For Non-Ivanti Customers you can get a free demo of our patch solutions here:
https://www.ivanti.com/solutions/needs/manage-my-os-and-third-party-
application-patches

Publicly Disclosed and Known Exploited Vulnerability
 CVE-2020-0674 Scripting Engine Memory Corruption Vulnerability
 A remote code execution vulnerability exists in the way that the scripting engine handles
objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way
that an attacker could execute arbitrary code in the context of the current user. An attacker
who successfully exploited the vulnerability could gain the same user rights as the current
user. If the current user is logged on with administrative user rights, an attacker who
successfully exploited the vulnerability could take control of an affected system. An attacker
could then install programs; view, change, or delete data; or create new accounts with full
user rights.
 In a web-based attack scenario, an attacker could host a specially crafted website that is
designed to exploit the vulnerability through Internet Explorer and then convince a user to
view the website. An attacker could also embed an ActiveX control marked "safe for
initialization" in an application or Microsoft Office document that hosts the IE rendering
engine. The attacker could also take advantage of compromised websites and websites that
accept or host user-provided content or advertisements. These websites could contain
specially crafted content that could exploit the vulnerability.
 The security update addresses the vulnerability by modifying how the scripting engine
handles objects in memory.
Source: Microsoft

Publicly Disclosed Vulnerability
 CVE-2020-0683 Windows Installer Elevation of Privilege Vulnerability
 An elevation of privilege vulnerability exists in the Windows Installer when MSI packages
process symbolic links. An attacker who successfully exploited this vulnerability could bypass
access restrictions to add or remove files.
 To exploit this vulnerability, an attacker would first have to log on to the system. An attacker
could then run a specially crafted application that could exploit the vulnerability and add or
remove files.
 The security update addresses the vulnerability by modifying how reparse points are handled
by the Windows Installer.
Source: Microsoft

Publicly Disclosed Vulnerability (cont)
 CVE-2020-0686 Windows Installer Elevation of Privilege Vulnerability
 An elevation of privilege vulnerability exists in the Windows Installer when MSI packages
process symbolic links. An attacker who successfully exploited this vulnerability could bypass
access restrictions to add or remove files.
 To exploit this vulnerability, an attacker would first have to log on to the system. An attacker
could then run a specially crafted application that could exploit the vulnerability and add or
remove files.
 The security update addresses the vulnerability by modifying how reparse points are handled
by the Windows Installer.
Source: Microsoft

 CVE-2020-0689 Microsoft Secure Boot Security Feature Bypass
Vulnerability
 A security feature bypass vulnerability exists in secure boot. An attacker who successfully
exploited the vulnerability can bypass secure boot and load untrusted software.
 To exploit the vulnerability, an attacker could run a specially crafted application.
 The security update addresses the vulnerability by blocking vulnerable third-party
bootloaders.
Source: Microsoft

 CVE-2020-0706 Microsoft Browser Information Disclosure Vulnerability
 An information disclosure vulnerability exists in the way that affected Microsoft browsers
handle cross-origin requests. An attacker who successfully exploited this vulnerability could
determine the origin of all of the web pages in the affected browser.
 In a web-based attack scenario, an attacker could host a website that is used to attempt to
exploit the vulnerability. Additionally, compromised websites and websites that accept or host
user-provided content could contain specially crafted content that could be used to exploit the
vulnerability. However, in all cases an attacker would have no way to force users to view
attacker-controlled content. Instead, an attacker would have to convince users to take action.
For example, an attacker could trick users into clicking a link that takes them to the attacker's
site.
 The security update addresses the vulnerability by correcting how affected browsers handle
cross-origin resources.
Source: Microsoft

Windows 7/Server 2008 R2 ESU Pre Reqs
Windows 7/Server 2008 R2
1. MS19-09-W7-4474419_V3 (September 10, 2019 SHA-2 code signing support
update)
2. MS19-03-SSU-4490628 (March 12, 2019 Servicing Stack Update) <- Required
before 2nd SSU
3. MS20-01-SSU-4536952 (January 14, 2020 Servicing Stack Update)
4. KB4538483 (ESU Licensing Preparation Package)
5. ESU Key Installation and Activation
Source: https://support.microsoft.com/en-us/help/4522133/procedure-to-
continue-receiving-security-updates
(Order is important. You can do 1 and 2 together and 3 and 4 together, but
you need to do 1 and 2 before you can do 3 and 4 and then proceed to 5.)

Server 2008 ESU Pre Reqs
Server 2008
1. MS19-09-2K8-4474419_V4 (September 23, 2019 code signing support update)
2. MS19-04-SSU-4493730 (April 9, 2019 Servicing Stack update) <- Required before
2nd SSU
3. MS20-01-SSU-4536953 (January 14, 2020 Servicing Stack update)
4. KB4538484 (ESU Licensing Preparation Package)
5. ESU Key Installation and Activation
Source: https://support.microsoft.com/en-us/help/4522133/procedure-to-
continue-receiving-security-updates
(Order is important. You can do 1 and 2 together and 3 and 4 together, but you need to
do 1 and 2 before you can do 3 and 4 and then proceed to 5.)

Activation of your ESU License
If you see this screen you likely did not activate your ESU correctly…

Win 7Server 2008 R2 ESU Activation
Windows 7/Server 2008R2
1. Open an elevated command prompt and enter the following commands:
2. slmgr /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX (verify success on install)
3. slmgr /dlv
4. Retrieve the Activation ID from the following window (unique to each machine)
5. slmgr /ato <activation id>
6. slmgr /dlv
7. Verify ESU status is set to Licensed

Server 2008 ESU Activation
Server 2008
1. Navigate to Control Panel > System
2. Select “Change Product Key”
3. Enter the ESU Key
4. Wait for workflow to return “Successful Activation”
5. Run the ESU Verification Patch (cause it is just easier)
 MS19-11-ESU-4528081 (Server 2008) ONLY x64, no x86 patch is
provided

Windows 7 and Server 2008/2008 R2 End-of-Life
 Mitigation Options for Win 7/Server 2008/2008 R2 without ESU support:
 Virtualize those workloads
 Lock down the VDI system to only run the specific app in question
 Application Control to lock down and only allow the specific use
case needed
 Remove direct internet connectivity from these systems.
 Segment these systems from other parts of the network
 Layer on additional security controls:
 Reduce privileges
 Application Control
 NextGen AV and EDR

Microsoft Patch Tuesday Updates of Interest
 Advisory 990001 Latest Servicing Stack Updates (SSU)
 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001
 4 new SSUs this month (same as Jan)
 Development Tool and Other Updates
 ChakraCore
Source: Microsoft

Internet Explorer 10 End-of-Life
 IE 11 stands alone starting February 1, 2020
 https://support.microsoft.com/en-us/help/4488955/support-ending-for-internet-
explorer-10
 https://support.microsoft.com/en-us/help/17454/lifecycle-faq-internet-explorer
Source: Microsoft

Windows 10 Lifecycle Awareness
 Windows 10 Branch Support
Source: Microsoft

Windows 10 Lifecycle Awareness (cont)
 Enterprise LTSB/LTSC Support
 Complete Lifecycle Fact Sheet
 https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
Source: Microsoft

Weekly Patch BLOG
 Latest Patch Releases
 Microsoft and Third-party
 Security and non-Security
 CVE Analysis
 Security Events of Interest
 Host: Brian Secrist
 https://www.ivanti.com/blog/
topics/patch-tuesday

Patch Content Announcement System
Announcements Now Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

 Bulletins

APSB20-06: Security Update for Adobe Flash Player
 Maximum Severity: Critical
 Affected Products: Adobe Flash Player for Desktop Runtime, Google Chrome,
Internet Explorer 11 and Edge
 Description: Adobe has released security updates for Adobe Flash Player for
Windows, macOS, Linux and Chrome OS. These updates address
a critical vulnerability in Adobe Flash Player. Successful exploitation could lead
to arbitrary code execution in the context of the current user.
 Impact: Remote Code Execution
 Fixes 1 Vulnerability: CVE-2020-3757
 Restart Required: Requires application restart
 NOTE: Updates available only for Windows 8.1, Server 2012 and newer

MS20-02-AFP: Security Update for Adobe Flash Player
 Affected Products: Adobe Flash Player
 Description: This security update resolves vulnerabilities in Adobe Flash Player that is
installed on Windows 10, version 1909, Windows 10, version 1903, Windows Server
2019, all versions, Windows 10, version 1809, Windows Server version 1809, Windows
10, version 1803, Windows Server version 1803, Windows 10, version 1709, Windows
Server version 1709, Windows 10, version 1703, Windows Server 2016, Windows 10,
version 1607, Windows Server 2012 R2, Windows RT 8.1, Windows 8.1, and Windows
Server 2012. This bulletin is based on KB 4537759 and ADV200003.

MS20-02-W10: Windows 10 Update
 Affected Products: Microsoft Windows 10 Versions 1607, 1703, 1709, 1803, 1809,
1903, 1909, Server 2016, Server 2019, Server 1709, Server 1803, IE 11 and Microsoft
Edge
 Description: This bulletin references 12 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege and
Information Disclosure
 Fixes 88 Vulnerabilities: CVE-2020-0674 is known exploited; CVE-2020-0674, CVE-
2020-0683, CVE-2020-0686, CVE-2020-0689, and CVE-2020-0706 are publicly
disclosed. See Details column of Security Update Guide for the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next slides

February Known Issues for Windows 10
 KB 4537776 – Windows 10
 [File Rename] Certain operations, such as rename, that you perform on files or folders that are
on a Cluster Shared Volume (CSV) may fail with the error,
“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the
operation on a CSV owner node from a process that doesn’t have administrator privilege.
Workaround: Perform the operation from a process that has administrator privilege or perform
the operation from a node that doesn’t have CSV ownership. Microsoft is working on a
resolution.
 KB 4537764 – Windows 10, Version 1607 and Server 2016
 [Min Password] After installing KB4467684, the cluster service may fail to start with the error
“2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is
configured with greater than 14 characters. Workaround: Set the domain default "Minimum
Password Length" policy to less than or equal to 14 characters. Microsoft is working on a
resolution.
 [File Rename]

February Known Issues for Windows 10 (cont)
 KB 4537789 – Windows 10, Version 1709
 [File Rename]
 KB 4537762 – Windows 10, Version 1803
 [File Rename]
 KB 4532691 – Windows 10, Version 1809, Server 2019 All Versions
 [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed
may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“
Workaround: Uninstall and reinstall any recently added language packs or select Check for
Updates and install the April 2019 Cumulative Update. See KB for more recovery details.
Microsoft is working on a resolution.
 [File Rename]

MS20-02-IE: Security Updates for Internet Explorer
 Affected Products: Microsoft Internet Explorer 9,10,11
 Description: The fixes that are included in the cumulative Security Update for Internet
Explorer are also included in the February 2020 Security Monthly Quality Rollup.
Installing either the Security Update for Internet Explorer or the Security Monthly
Quality Rollup installs the fixes that are in the cumulative update. This bulletin
references 11 KB articles.
 Impact: Remote Code Execution and Information Disclosure
 Fixes 3 Vulnerabilities: CVE-2020-0673, CVE-2020-0674 is known exploited; CVE-
2020-0674 and CVE-2020-0706 are publicly disclosed.
 Restart Required: Requires browser restart
 Known Issues: None reported

MS20-02-MR2K8-ESU: Monthly Rollup for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008 and IE 9
 Description: This security update includes improvements and fixes that were a part of
update KB 4534303 (released January 14, 2020). Bulletin is based on KB 4537810.
Security updates to Microsoft Graphics Component, Windows Input and Composition,
Windows Shell, Windows Fundamentals, Windows Cryptography, Windows Hyper-V,
Windows Core Networking, Windows Peripherals, Windows Network Security and
Containers, Windows Storage and Filesystems, and Windows Server.
 Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
 Fixes 44 + 2 (IE 9) Vulnerabilities: CVE-2020-0683 and CVE-2020-0686 are
publicly disclosed. See Details column of Security Update Guide for the complete list
of CVEs.
 Known Issues: [ESU Fail] See next slide

February Known Issues for Server 2008
 KB 4537810 – Server 2008 (Monthly Rollup)
 KB 4537822 – Server 2008 (Security-only Update)
 [ESU Fail] After installing this update and restarting your device, you might receive the error,
“Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and
the update might show as Failed in Update History.
Workaround: his is expected in the following circumstances:
• If you are installing this update on a device that is running an edition that is not supported
for ESU. For a complete list of which editions are supported, see KB4497181.
• If you do not have an ESU MAK add-on key installed and activated.
If you have purchased an ESU key and have encountered this issue, please verify you have
applied all prerequisites and that your key is activated. For information on activation, please
see this blog post. For information on the prerequisites, see the "How to get this update"
section of this article.

MS20-02-SO2K8-ESU: Security-only Update for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: This bulletin is based on KB 4537822. Security updates to Microsoft
Graphics Component, Windows Input and Composition, Windows Shell, Windows
Fundamentals, Windows Cryptography, Windows Hyper-V, Windows Core Networking,
Windows Peripherals, Windows Network Security and Containers, Windows Storage
and Filesystems, and Windows Server.
 Fixes 44 Vulnerabilities: CVE-2020-0683 and CVE-2020-0686 are publicly
 Known Issues: [ESU Fail]

MS20-02-MR7-ESU: Monthly Rollup for Win 7
MS20-02-MR2K8R2-ESU Monthly Rollup for Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
Security updates to Internet Explorer, Microsoft Graphics Component, Windows Input
and Composition, Windows Media, Windows Shell, Windows Fundamentals, Windows
Cryptography, Windows Hyper-V, Windows Core Networking, Windows Peripherals,
Windows Network Security and Containers, Windows Storage and Filesystems, the
Microsoft Scripting Engine, and Windows Server.
 Fixes 47 + 3 IE Vulnerabilities: CVE-2020-0683 and CVE-2020-0686 are publicly

MS20-02-SO7-ESU: Security-only Update for Win 7
MS20-02-SO2K8R2-ESU: Security-only Update for Server 2008 R2
 Affected Products: Microsoft Windows 7 SP1, Server 2008 R2 SP1
 Description: Bulletin is based on KB 4537813. Security updates to Internet Explorer,
Microsoft Graphics Component, Windows Input and Composition, Windows Media,
Containers, Windows Storage and Filesystems, the Microsoft Scripting Engine, and
Windows Server.
 Fixes 47 Vulnerabilities: CVE-2020-0683 and CVE-2020-0686 are publicly

MS20-02-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Server 2012 and IE
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, and Information Disclosure
 Fixes 51 + 3 IE Vulnerabilities: CVE-2020-0683, CVE-2020-0686, and CVE-2020-
0689 are publicly disclosed. See Details column of Security Update Guide for the
complete list of CVEs
 Known Issues: [File Rename]

MS20-02-SO8: Security-only Update for Server 2012
 Affected Products: Microsoft Server 2012
Windows Server.
 Fixes 51 Vulnerabilities: CVE-2020-0683, CVE-2020-0686, and CVE-2020-0689 are
of CVEs

MS20-02-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Fixes 50 + 3 IE Vulnerabilities: CVE-2020-0683, CVE-2020-0686, and CVE-2020-
0689 are publicly disclosed. See Details column of Security Update Guide for the
complete list of CVEs

MS20-02-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
Windows Server.
 Fixes 50 Vulnerabilities: CVE-2020-0683, CVE-2020-0686, and CVE-2020-0689 are
of CVEs.

MS20-02-OFF: Security Updates for Microsoft Office
 Maximum Severity: Important
 Affected Products: Excel 2010-2016, Outlook 2010-2016, Office 2016 and 2019 for
Mac, Office Online Server
 Description: This security update resolves vulnerabilities in several Microsoft Office
applications. This bulletin references 6 KB articles plus release notes for MacOS.
 Impact: Remote Code Execution and Security Feature Bypass
 Fixes 2 Vulnerabilities: CVE-2020-0696 and CVE-2020-0759

MS20-02-O365: Security Updates for Office 365 ProPlus and
Office 2019
 Affected Products: Office 365 ProPlus, Office 2019
 Description: This month’s update resolved various bugs and performance issues in
Microsoft Office 365 and Office 2019 applications. Information on Office 365 ProPlus
updates is available at https://docs.microsoft.com/en-us/officeupdates/release-notes-
office365-proplus
 Impact: Remote Code Execution, Security Feature Bypass and Tampering
 Fixes 3 Vulnerabilities: CVE-2020-0696, CVE-2020-0697 and CVE-2020-0759

MS20-02-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft Enterprise SharePoint Server 2013-2019
 Description: This security update resolves a cross-site-scripting (XSS) vulnerability
that exists if Microsoft SharePoint Server does not correctly sanitize a specially crafted
web request to an affected SharePoint server. This bulletin is based on KB 4484255,
KB 44842599 and KB 4484264.
 Impact: Spoofing
 Restart Required: Requires Restart

MS20-02-EX: Security Updates for Exchange Server
 Affected Products: Microsoft Exchange Server 2010 - 2019
 Description: This security update fixes a memory corruption and an elevation of
privilege vulnerability. This bulletin is based on KB 4536987, KB 4536988 and KB
4536989.
 Impact: Spoofing and Denial of Service
 Known Issues: Must install update with administrator privileges

MS20-02-SQL: Security Updates for SQL Server
 Affected Products: Microsoft SQL Server 2012-2016
 Description: This security update fixes execution vulnerability which exists in
Microsoft SQL Server Reporting Services where it incorrectly handles page requests.
This bulletin is based on 5 KB articles.

FF-200211: Security Update for Firefox
 Affected Products: Mozilla Firefox
 Description: This update provides fixes for 6 vulnerabilities in Firefox 73.
 Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure
 Fixes 6 Vulnerabilities: See https://www.mozilla.org/en-
US/security/advisories/mfsa2020-05/ for a list and description of CVEs remediated.

FFE-200211: Security Update for Firefox ESR
 Affected Products: Mozilla Firefox ESR
 Description: This update provides fixes for 5 vulnerabilities in Firefox 68.5.
 Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure

TB-200211: Security Update for Thunderbird
 Affected Products: Mozilla Thunderbird
 Description: This update provides fixes for 7 vulnerabilities in Firefox 68.5.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service and
Information Disclosure
 NOTE: Per Mozilla, several of these vulnerabilities cannot be exploited through email in
the Thunderbird product because scripting is disabled when reading mail, but are
potentially risks in browser or browser-like contexts.

Between Patch Tuesday’s
New Product Support: Box Drive, New Microsoft Edge
Security Updates: Adobe (1), Apple iCloud (1), Apple iTunes (1), Camtasia (1),
Crowdstrike Falcon Sensor (2), Dropbox (1), Evernote (1), Firefox (1), Firefox ESR (1),
Foxit Reader (2), Foxit PhantomPDF (1), GoodSync (3), Google Chrome (2), GoToMeeting
(2), LibreOffice (1), Microsoft Edge (2), Node.JS (4), Notepad++ (2), Opera (4), Plex
Server (1), PeaZip (1), Skype (1), Slack (1), Snagit (1), Tableau Desktop (6), Tableau Prep
(2), Tableau Reader (2), Thunderbird (1), TeamViewer (8), VLC Player (1), VMware Tools
(1), Wireshark (3)
Non-Security Updates: Box Drive (1), Google Drive (1), GOM Player (1), Google
Backup and Sync (1), KeePass Pro (1), Microsoft (35), Plex Media Player (2), RoyalTS (2),
RealVNC (3), WinZip (1), Zoom Client (1), Zoom Outlook Plugin (1)

Third Party CVE Information
 Microsoft Edge 80.0.361.48
 MEDGE-200207, QMEDGE80036148
 Fixes 37 Vulnerabilities: CVE-2019-18197, CVE-2019-19880, CVE-2019-19923, CVE-
2019-19925, CVE-2019-19926, CVE-2020-6381, CVE-2020-6382, CVE-2020-6385, CVE-
2020-6414, CVE-2020-6415, CVE-2020-6416, CVE-2020-6417
 Apple iCloud 7.17.0.13
 ICLOUD-200129, QICLOUD717013
2020-3862, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868

Third Party CVE Information (cont)
 Node.JS 12.15.0 (LTS Upper)
 NOJSLU-200206, QNODEJSLU12150
 Fixes 3 Vulnerabilities: CVE-2019-15604, CVE-2019-15605, CVE-2019-15606
 Node.JS 10.19.0 (LTS Lower)
 NOJSLL-200206, QNODEJSLL10190
 Node.JS 13.8.0 (Current)
 NOJSC-200206, QNODEJSC1380
 Apple iTunes 12.10.4.2
 AI-200129, QAI121042
2020-3861, CVE-2020-3862, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868

 Google Chrome 79.0.3945.88
 CHROME-269, QGC790394588
 Fixes 37 Vulnerabilities: CVE-2019-18197, CVE-2019-19880, CVE-2019-
19923, CVE-2019-19925, CVE-2019-19926, CVE-2020-6381, CVE-2020-
6382, CVE-2020-6385, CVE-2020-6387, CVE-2020-6388, CVE-2020-6389,
CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393, CVE-
2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-
6398, CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402,
CVE-2020-6403, CVE-2020-6404, CVE-2020-6405, CVE-2020-6406, CVE-
2020-6408, CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-
6412, CVE-2020-6413, CVE-2020-6414, CVE-2020-6415, CVE-2020-6416,
CVE-2020-6417
 SnagIt 2018.2.5
 SNAG18-200127, QSNAG1825

 Foxit Reader 9.7.1.29511
 FI-200116, QNFOXIT97129511
 Fixes 4 Vulnerabilities: CVE-2019-5126, CVE-2019-5130, CVE-2019-5131,
CVE-2019-5145
 Foxit PhantomPDF 9.7.1.29511
 FIP-200116, QFIP97129511
 Fixes 4 Vulnerabilities: CVE-2019-5126, CVE-2019-5130, CVE-2019-5131,
CVE-2019-5145
 Wireshark 3.2.1
 WIRES32-200116, QWIRES321

Ivanti Patch Tuesday for February 2020

Recommended

Recommended

More Related Content

What's hot

What's hot (8)

Similar to Ivanti Patch Tuesday for February 2020

Similar to Ivanti Patch Tuesday for February 2020 (20)

More from Ivanti

More from Ivanti (20)

Recently uploaded

Recently uploaded (17)

Ivanti Patch Tuesday for February 2020