SlideShare a Scribd company logo

2022 September Patch Tuesday

Download as PPTX, PDF
Ivanti
Ivanti

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

Technology
1 of 44
Patch Tuesday Webinar Wednesday, September 14, 2022 Hosted by Chris Goettl and Todd Schell
Agenda September 2022 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
Overview
Copyright © 2022 Ivanti. All rights reserved. September Patch Tuesday 2022 The September update from Microsoft resolves 63 security vulnerabilities including one Zero Day vulnerability (CVE- 2022-37969) and one publicly disclosed vulnerability (CVE-2022-23960). This month’s updates affect the Windows Operating System, Office, Sharepoint, .Net Framework, Windows Defender, and several windows components. There is a particularly nasty, possibly 'wormable' vulnerability (CVE-2022-34718) in Windows TCPIP that could allow an unauthenticated attacker to target IPv6 IPSec enabled machines. There is also a Print Spooler vulnerability (CVE-2022- 38005) so prep your pilot groups to verify print functionality as you deploy the OS update this month with some urgency.
In the News
Copyright © 2022 Ivanti. All rights reserved. In the News  Apple fixes eight zero day so far in 2022  Affects iOS and macOS  https://www.bleepingcomputer.com/news/security/apple-fixes-eighth-zero-day-used-to-hack-iphones- and-macs-this-year/  Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability  Users are recommended to upgrade to version 105.0.5195.102 for Windows, macOS, and Linux  https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html  WordPress: Multiple plug-ins being targeted in widespread attacks  Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability  https://thehackernews.com/2022/09/hackers-exploit-zero-day-in-wordpress.html  Firmware bugs in many HP computer models left unfixed for over a year  https://www.bleepingcomputer.com/news/security/firmware-bugs-in-many-hp-computer-models-left- unfixed-for-over-a-year/
Copyright © 2022 Ivanti. All rights reserved. Known Exploited and Publicly Disclosed Vulnerability  CVE-2022-37969 Windows Common Log File System Driver Elevation of Privilege Vulnerability  CVSS 3.1 Scores: 7.8 / 6.8  Severity: Important  Impacts all Windows workstation and server operating systems  An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Copyright © 2022 Ivanti. All rights reserved. Publicly Disclosed Vulnerability  CVE-2022-23960 Cache Speculation Restriction Vulnerability  CVSS 3.1 Scores: Not yet calculated  Severity: Important  Impacts Windows 11 running on ARM  This vulnerability is referred to as Spectre-BHB.
Copyright © 2022 Ivanti. All rights reserved. Other CVEs of note:  CVE-2022-34718 Windows TCP/IP Remote Code Execution Vulnerability  CVSS 3.1 Scores: 9.8  Severity: Critical  Impacts all Windows OS versions running IPSec with IPv6 enabled.  This vulnerability able to be targeted by an unauthenticated attacker meaning this is potentially “wormable”.  CVE-2022-38005 Windows Print Spooler Elevation of Privilege Vulnerability  CVSS 3.1 Scores: 7.8  Severity: Important  Impacts all Windows OS versions  Break out your printer test list
Copyright © 2022 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001  Windows 7/Server 2008 R2  Windows 8.1/Server 2012 R2  Windows 10 Ver 1607/Server 2016  Azure and Development Tool Updates  .NET Core 3.1  .NET 6.0  Azure ARC  Azure Guest Connection  Visual Studio 2019 (multiple)  Visual Studio 2022 (multiple)  Visual Studio Code Source: Microsoft
Copyright © 2022 Ivanti. All rights reserved. Basic Authentication Deprecation in Exchange Online  Service will be disabled October 1  https://techcommunity.microsoft.com/t5/exchange-team- blog/basic-authentication-deprecation-in-exchange-online- september/ba-p/3609437  First announcement 3 years ago  Basic authentication subject to man-in-the-middle attacks  3-month waiver for single service available from Microsoft  Fully disabled in January 2023
Copyright © 2022 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2 Source: Microsoft
Copyright © 2022 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H2 11/16/2021 6/11/2024 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 Windows 10 Home and Pro Version Release Date End of Support Date 21H2 11/16/2021 6/13/2023 21H1 5/18/2021 12/13/2022 Windows Datacenter and Standard Server Version Release Date End of Support Date 2019 11/13/2019 1/9/2024 2022 8/18/2021 10/13/2026 Windows 11 Home and Pro Version Release Date End of Support Date 21H2 10/4/2021 10/10/2023  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows
Copyright © 2022 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
Bulletins and Releases
Copyright © 2022 Ivanti. All rights reserved. MS22-09-W11: Windows 11 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 11 Version 21H2 and Edge Chromium  Description: This security update includes improvements that were a part of update KB 5016691 (released August 25, 2022). This bulletin references KB 5017328.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 41 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. CVE-2022-23960 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide
Copyright © 2022 Ivanti. All rights reserved. September Known Issues for Windows 11  KB 5017328 – Windows 11  [XPS Viewer] After installing this update, XPS Viewer might be unable to open XML Paper Specification (XPS) documents in some non-English languages, including some Japanese and Chinese character encodings. This issue affects both XML Paper Specification (XPS) and Open XML Paper Specification (OXPS) files. See KB for more details. Workaround: None. Microsoft is working on a resolution.  [Chile Time] The operating system will advance to DST between Sept 4 to Sept 10 per the old algorithm. Chile will move forward on Sept 10 per new rules from their government. Workaround: Manually reset time using the clock in the control panel. Microsoft is working on a resolution but did not have time to complete testing for September release.
Copyright © 2022 Ivanti. All rights reserved. MS22-09-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1809, 2004, 20H2, 21H1, 21H2, Server 2016, Server 2019, Server 2022, Server version 2004, Server version 20H2, Server 21H1 and Edge Chromium  Description: This bulletin references 6 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 44 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
Copyright © 2022 Ivanti. All rights reserved. September Known Issues for Windows 10  KB 5017327 – Windows 10  [Chile Time]  KB 5017305 – Windows 10, version 1607, Windows Server 2016  [Chile Time]  KB 5017315 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.
Copyright © 2022 Ivanti. All rights reserved. September Known Issues for Windows 10 (cont)  KB 5017315 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019 (cont)  [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.  [Chile Time]
Copyright © 2022 Ivanti. All rights reserved. September Known Issues for Windows 10 (cont)  KB 5017308 –Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1 all editions, Windows 10, version 21H2 all editions  [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. See KB for details.  [XPS Viewer]  [Chile Time]
Copyright © 2022 Ivanti. All rights reserved. September Known Issues for Windows 10 (cont)  KB 5017316 – Windows Server 2022  [Chile Time]
Copyright © 2022 Ivanti. All rights reserved. MS22-09-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This cumulative security update contains improvements that are part of update KB 5016669 (released August 9, 2022). Bulletin is based on KB 5017358.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 33 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time]
Copyright © 2022 Ivanti. All rights reserved. MS22-09-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 5017371.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 33 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time]
Copyright © 2022 Ivanti. All rights reserved. MS22-09-MR7-ESU: Monthly Rollup for Win 7 MS22-09-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11  Description: This cumulative security update contains improvements that are part of update KB 5016676 (released August 9, 2022). Bulletin is based on KB 5017361.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 36 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time]
Copyright © 2022 Ivanti. All rights reserved. MS22-09-SO7-ESU: Security-only Update for Win 7 MS22-09-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 5017373.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 36 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time]
Copyright © 2022 Ivanti. All rights reserved. MS22-09-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: This cumulative security update contains improvements that are part of update KB 5016672 (released August 9, 2022). Bulletin is based on KB 5017370.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 35 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time]
Copyright © 2022 Ivanti. All rights reserved. MS22-09-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 5017377.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 35 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time]
Copyright © 2022 Ivanti. All rights reserved. MS22-09-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This cumulative security update includes improvements that are part of update KB 5016681 (released August 9, 2022) Bulletin is based on KB 5017367.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 38 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time] NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.
Copyright © 2022 Ivanti. All rights reserved. MS22-09-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 5017365.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 38 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time] NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.
Copyright © 2022 Ivanti. All rights reserved. MS22-09-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Office 2013 and 2016, Office 2019 for Mac, and Office 2022 LTSC for Mac  Description: This security update resolves a Microsoft PowerPoint remote code execution vulnerability. Consult the Security Update Guide for specific details on each. This bulletin references 2 KB articles and release notes.  Impact: Remote Code Execution  Fixes 1 Vulnerability: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-37962 is fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-09-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution  Fixes 3 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-37962, CVE-2022-37963 and CVE-2022-38010 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-09-SPT: Security Updates for SharePoint Server  Maximum Severity: Important  Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Foundation Server 2013, SharePoint Enterprise Server 2013, SharePoint Enterprise Server 2016, and SharePoint Server 2019  Description: Fixes an issue in which you may not be able to update resources by using the client-side object model (CSOM) if a remote event handler is attached to a resource event, such as Resource Changing. Review the KB articles for details. This bulletin is based on 8 KB articles.  Impact: Remote Code Execution  Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-35823, CVE-2022-37961, CVE-2022-38008, and CVE-2022- 38009 are fixed in this release.  Restart Required: Requires restart  Known Issues: See next slide
Copyright © 2022 Ivanti. All rights reserved. September Known Issues for SharePoint Server  SharePoint Server – Check specific KBs for details  [Web Service] Some Web Part Pages Web Service methods may be affected after you apply the September 2022 security update. For more information, see Web Part Pages Web Service methods may be blocked after applying the September 2022 security update for SharePoint Server. See KB 5017733 for more details.  [Nintex] This security update introduces a change in SharePoint Server that will affect customers who use the Document Generation capability in Nintex Workflow. Nintex Workflow customers must take additional action after this security update is installed to make sure that workflows can be published and run. For more information, see Nintex support page. For support for Nintex Workflow, contact Nintex.
Copyright © 2022 Ivanti. All rights reserved. MS22-09-MRNET: Monthly Rollup for Microsoft .NET  Maximum Severity: Important  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1  Description: This security update addresses an issue where an attacker could convince a local user to open a specially crafted file which could execute malicious code on an affected system. This bulletin references 15 KB articles.  Impact: Remote Code Execution  Fixes 1 Vulnerability: CVE-2022-26929 is not publicly disclosed or known exploited.  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-09-SONET: Security-only Update for Microsoft .NET  Maximum Severity: Important  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1  Description: This security update addresses an issue where an attacker could convince a local user to open a specially crafted file which could execute malicious code on an affected system. This bulletin references 15 KB articles.  Impact: Remote Code Execution  Fixes 1 Vulnerability: CVE-2022-26929 is not publicly disclosed or known exploited.  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported
Between Patch Tuesdays
Copyright © 2022 Ivanti. All rights reserved. Release Summary  Security Updates (with CVEs): Google Chrome (3), Firefox (1), Firefox ESR (2), Foxit PhantomPDF (1), Foxit PDF Editor (1), Opera (1), Thunderbird (2), VMware Tools (1)  Security (w/o CVEs): Adobe Acrobat DC and Acrobat Reader (1), Box Edit (1), CCleaner (1), ClickShare App Machine-Wide Installer (1), Falcon Sensor for Windows (2), Citrix Workspace App LTSR (1), Citrix Workspace App (1), Docker for Windows (1), Dropbox (3), Eclipse Adoptium 11 (1), Eclipse Adoptium 17 (1), Evernote (2), Firefox (2), GIT for windows (2), Apple iTunes (1), Jabra Direct (1), Java Development Kit 11 (1), Java Development Kit 17 (1), LibreOffice (2), Malwarebytes (2), Node.JS (Current) (1), Node.JS (LTS Upper) (1), Notepad++ (1), Opera (5), VirtualBox (1), Paint.net (1), Plex Media Server (3), PeaZip (1), RedHat OpenJDK (1), Skype (2), Slack Machine-Wide Installer (1), Splunk Universal Forwarder (2), Tableau Desktop (6), Tableau Prep Builder (1), Tableau Reader (1), Thunderbird (1), Apache Tomcat (1), TeamViewer (1), WinSCP (1), Wireshark (2), Zoom Client (3), Zoom VDI (1)  Non-Security Updates: 8x8 Work Desktop (1), AIMP (1), Amazon WorkSpaces (1), Box Drive (1), Camtasia (2), Google Drive File Stream (3), GeoGebra Classic (2), BlueJeans (1), KeePass Pro (2), NextCloud Desktop Client (1), PDF-Xchange PRO (1), Python (1), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (2), ScreenPresso (2), TortoiseHG (1), TreeSize Free (2), Cisco WebEx Teams (3), WinZip (1), XnView (1)
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information  Google Chrome 104.0.5112.102  CHROME-220816, QGC10405112102  Fixes 10 Vulnerabilities: CVE-2022-2852, CVE-2022-2853, CVE-2022-2854, CVE- 2022-2855, CVE-2022-2856, CVE-2022-2857, CVE-2022-2858, CVE-2022-2859, CVE-2022-2860, CVE-2022-2861  Google Chrome 105.0.5195.54  CHROME-220830, QGC1050519554  Fixes 21 Vulnerabilities: CVE-2022-3038, CVE-2022-3039, CVE-2022-3040, CVE- 2022-3041, CVE-2022-3042, CVE-2022-3043, CVE-2022-3044, CVE-2022-3045, CVE-2022-3046, CVE-2022-3047, CVE-2022-3048, CVE-2022-3049, CVE-2022- 3050, CVE-2022-3051, CVE-2022-3052, CVE-2022-3053, CVE-2022-3054, CVE- 2022-3055, CVE-2022-3056, CVE-2022-3057, CVE-2022-3058  Google Chrome 105.0.5195.102  CHROME-220902, QGC10505195102  Fixes 1 Vulnerability: CVE-2022-3075
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox 104.0  FF-220823, QFF1040  Fixes 6 Vulnerabilities: CVE-2022-38472, CVE-2022-38473, CVE-2022-38474, CVE-2022- 38475, CVE-2022-38477, CVE-2022-38478  Firefox ESR 102.2.0  FFE-220822, QFFE10220  Fixes 4 Vulnerabilities: CVE-2022-38472, CVE-2022-38473, CVE-2022-38477, CVE-2022- 38478  Firefox ESR 91.13.0  FFE-220823, QFFE91130  Fixes 3 Vulnerabilities: CVE-2022-38472, CVE-2022-38473, CVE-2022-38478
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Foxit PDF Editor 11.2.3.53593  FPDFE-220826, QFPDFE11U1123MSP  Fixes 5 Vulnerabilities: CVE-2022-26979, CVE-2022-27944, CVE-2022-34873, CVE- 2022-34874, CVE-2022-34875  Foxit PhantomPDF 10.1.9.37808  FIP-220830, QFIP101937808  Fixes 5 Vulnerabilities: CVE-2022-26979, CVE-2022-27944, CVE-2022-34873, CVE- 2022-34874, CVE-2022-34875  Opera 90.0.4480.84  OPERA-220906, QOP900448084  Fixes 1 Vulnerability: CVE-2022-3075  VMware Tools 12.1.0  VMWT12-220824, QVMWT1210  Fixes 1 Vulnerability: CVE-2022-31676
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Thunderbird 102.2.0  TB-220823, QTB10220  Fixes 5 Vulnerabilities: CVE-2022-38472, CVE-2022-38473, CVE-2022-38476, CVE-2022- 38477, CVE-2022-38478  Thunderbird 102.2.1  TB-220901, QTB10221  Fixes 4 Vulnerabilities: CVE-2022-3032, CVE-2022-3033, CVE-2022-3034, CVE-2022- 36059
Q & A
Copyright © 2022 Ivanti. All rights reserved. Thank You!

Recommended

2022 August Patch Tuesday
2022 August Patch Tuesday2022 August Patch Tuesday
2022 August Patch TuesdayIvanti
 
2022 December Patch Tuesday
2022 December Patch Tuesday2022 December Patch Tuesday
2022 December Patch TuesdayIvanti
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch TuesdayIvanti
 
2022 November Patch Tuesday
2022 November Patch Tuesday2022 November Patch Tuesday
2022 November Patch TuesdayIvanti
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch TuesdayIvanti
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch TuesdayIvanti
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch TuesdayIvanti
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch TuesdayIvanti
 

Recommended

2022 August Patch Tuesday
2022 August Patch Tuesday2022 August Patch Tuesday
2022 August Patch TuesdayIvanti
 
2022 December Patch Tuesday
2022 December Patch Tuesday2022 December Patch Tuesday
2022 December Patch TuesdayIvanti
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch TuesdayIvanti
 
2022 November Patch Tuesday
2022 November Patch Tuesday2022 November Patch Tuesday
2022 November Patch TuesdayIvanti
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch TuesdayIvanti
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch TuesdayIvanti
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch TuesdayIvanti
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch TuesdayIvanti
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch TuesdayIvanti
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch TuesdayIvanti
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch TuesdayIvanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch TuesdayIvanti
 
2023 November Patch Tuesday
2023 November Patch Tuesday2023 November Patch Tuesday
2023 November Patch TuesdayIvanti
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch TuesdayIvanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch TuesdayIvanti
 
2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch TuesdayIvanti
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch TuesdayIvanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Agile security
Agile securityAgile security
Agile securityArthur Donkers
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch TuesdayIvanti
 
Microsoft Hyper-V explained
Microsoft Hyper-V explainedMicrosoft Hyper-V explained
Microsoft Hyper-V explainedTTEC
 
Arcsight ESM Support Matrix
Arcsight ESM Support MatrixArcsight ESM Support Matrix
Arcsight ESM Support MatrixProtect724
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextDavid Sweigert
 
ISO 27001
ISO 27001ISO 27001
ISO 27001MELLAH MOULOUD Sorbonne Université - Sciences et Ingénierie
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptxIvanti
 
2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch TuesdayIvanti
 

More Related Content

What's hot

2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch TuesdayIvanti
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch TuesdayIvanti
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch TuesdayIvanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch TuesdayIvanti
 
2023 November Patch Tuesday
2023 November Patch Tuesday2023 November Patch Tuesday
2023 November Patch TuesdayIvanti
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch TuesdayIvanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch TuesdayIvanti
 
2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch TuesdayIvanti
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch TuesdayIvanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch TuesdayIvanti
 
Microsoft Hyper-V explained
Microsoft Hyper-V explainedMicrosoft Hyper-V explained
Microsoft Hyper-V explainedTTEC
 
Arcsight ESM Support Matrix
Arcsight ESM Support MatrixArcsight ESM Support Matrix
Arcsight ESM Support MatrixProtect724
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextDavid Sweigert
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 

What's hot (20)

2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch Tuesday
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch Tuesday
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
 
2023 November Patch Tuesday
2023 November Patch Tuesday2023 November Patch Tuesday
2023 November Patch Tuesday
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch Tuesday
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdf
 
Agile security
Agile securityAgile security
Agile security
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch Tuesday
 
Microsoft Hyper-V explained
Microsoft Hyper-V explainedMicrosoft Hyper-V explained
Microsoft Hyper-V explained
 
Arcsight ESM Support Matrix
Arcsight ESM Support MatrixArcsight ESM Support Matrix
Arcsight ESM Support Matrix
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdf
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations Center
 

Similar to 2022 September Patch Tuesday

2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptxIvanti
 
2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch TuesdayIvanti
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesIvanti
 
2022 June FR Patch Tuesday
2022 June FR Patch Tuesday2022 June FR Patch Tuesday
2022 June FR Patch TuesdayIvanti
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch TuesdayIvanti
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch TuesdayIvanti
 
2022 FR April Patch Tuesday
2022 FR April Patch Tuesday2022 FR April Patch Tuesday
2022 FR April Patch TuesdayIvanti
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch TuesdayIvanti
 
Analyse Patch Tuesday - juin
Analyse Patch Tuesday - juinAnalyse Patch Tuesday - juin
Analyse Patch Tuesday - juinIvanti
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesdayIvanti
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch TuesdayIvanti
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch TuesdayIvanti
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxIvanti
 
2022 July Patch Tuesday
2022 July Patch Tuesday2022 July Patch Tuesday
2022 July Patch TuesdayIvanti
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - maiIvanti
 
2023 avril Patch Tuesday
2023 avril Patch Tuesday2023 avril Patch Tuesday
2023 avril Patch TuesdayIvanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch TuesdayIvanti
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch TuesdayIvanti
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch TuesdayIvanti
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021Ivanti
 

Similar to 2022 September Patch Tuesday (20)

2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx
 
2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slides
 
2022 June FR Patch Tuesday
2022 June FR Patch Tuesday2022 June FR Patch Tuesday
2022 June FR Patch Tuesday
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch Tuesday
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch Tuesday
 
2022 FR April Patch Tuesday
2022 FR April Patch Tuesday2022 FR April Patch Tuesday
2022 FR April Patch Tuesday
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch Tuesday
 
Analyse Patch Tuesday - juin
Analyse Patch Tuesday - juinAnalyse Patch Tuesday - juin
Analyse Patch Tuesday - juin
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch Tuesday
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch Tuesday
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
 
2022 July Patch Tuesday
2022 July Patch Tuesday2022 July Patch Tuesday
2022 July Patch Tuesday
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
 
2023 avril Patch Tuesday
2023 avril Patch Tuesday2023 avril Patch Tuesday
2023 avril Patch Tuesday
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch Tuesday
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch Tuesday
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021
 

More from Ivanti

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de AbrilIvanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - AvrilIvanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia AprileIvanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - MarsIvanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de MarzoIvanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia MarzoIvanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de FebreroIvanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - FévrierIvanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioIvanti
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch TuesdayIvanti
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch TuesdayIvanti
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch TuesdayIvanti
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de EneroIvanti
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – JanvierIvanti
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de DiciembreIvanti
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – DécembreIvanti
 
2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia DicembreIvanti
 
Patch Tuesday Italia Novembre
Patch Tuesday Italia NovembrePatch Tuesday Italia Novembre
Patch Tuesday Italia NovembreIvanti
 
Français Patch Tuesday – Novembre
Français Patch Tuesday – NovembreFrançais Patch Tuesday – Novembre
Français Patch Tuesday – NovembreIvanti
 

More from Ivanti (20)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – Décembre
 
2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre
 
Patch Tuesday Italia Novembre
Patch Tuesday Italia NovembrePatch Tuesday Italia Novembre
Patch Tuesday Italia Novembre
 
Français Patch Tuesday – Novembre
Français Patch Tuesday – NovembreFrançais Patch Tuesday – Novembre
Français Patch Tuesday – Novembre
 

Recently uploaded

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Recently uploaded (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

2022 September Patch Tuesday

  • 1. Patch Tuesday Webinar Wednesday, September 14, 2022 Hosted by Chris Goettl and Todd Schell
  • 2. Agenda September 2022 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
  • 4. Copyright © 2022 Ivanti. All rights reserved. September Patch Tuesday 2022 The September update from Microsoft resolves 63 security vulnerabilities including one Zero Day vulnerability (CVE- 2022-37969) and one publicly disclosed vulnerability (CVE-2022-23960). This month’s updates affect the Windows Operating System, Office, Sharepoint, .Net Framework, Windows Defender, and several windows components. There is a particularly nasty, possibly 'wormable' vulnerability (CVE-2022-34718) in Windows TCPIP that could allow an unauthenticated attacker to target IPv6 IPSec enabled machines. There is also a Print Spooler vulnerability (CVE-2022- 38005) so prep your pilot groups to verify print functionality as you deploy the OS update this month with some urgency.
  • 6. Copyright © 2022 Ivanti. All rights reserved. In the News  Apple fixes eight zero day so far in 2022  Affects iOS and macOS  https://www.bleepingcomputer.com/news/security/apple-fixes-eighth-zero-day-used-to-hack-iphones- and-macs-this-year/  Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability  Users are recommended to upgrade to version 105.0.5195.102 for Windows, macOS, and Linux  https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html  WordPress: Multiple plug-ins being targeted in widespread attacks  Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability  https://thehackernews.com/2022/09/hackers-exploit-zero-day-in-wordpress.html  Firmware bugs in many HP computer models left unfixed for over a year  https://www.bleepingcomputer.com/news/security/firmware-bugs-in-many-hp-computer-models-left- unfixed-for-over-a-year/
  • 7. Copyright © 2022 Ivanti. All rights reserved. Known Exploited and Publicly Disclosed Vulnerability  CVE-2022-37969 Windows Common Log File System Driver Elevation of Privilege Vulnerability  CVSS 3.1 Scores: 7.8 / 6.8  Severity: Important  Impacts all Windows workstation and server operating systems  An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
  • 8. Copyright © 2022 Ivanti. All rights reserved. Publicly Disclosed Vulnerability  CVE-2022-23960 Cache Speculation Restriction Vulnerability  CVSS 3.1 Scores: Not yet calculated  Severity: Important  Impacts Windows 11 running on ARM  This vulnerability is referred to as Spectre-BHB.
  • 9. Copyright © 2022 Ivanti. All rights reserved. Other CVEs of note:  CVE-2022-34718 Windows TCP/IP Remote Code Execution Vulnerability  CVSS 3.1 Scores: 9.8  Severity: Critical  Impacts all Windows OS versions running IPSec with IPv6 enabled.  This vulnerability able to be targeted by an unauthenticated attacker meaning this is potentially “wormable”.  CVE-2022-38005 Windows Print Spooler Elevation of Privilege Vulnerability  CVSS 3.1 Scores: 7.8  Severity: Important  Impacts all Windows OS versions  Break out your printer test list
  • 10. Copyright © 2022 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001  Windows 7/Server 2008 R2  Windows 8.1/Server 2012 R2  Windows 10 Ver 1607/Server 2016  Azure and Development Tool Updates  .NET Core 3.1  .NET 6.0  Azure ARC  Azure Guest Connection  Visual Studio 2019 (multiple)  Visual Studio 2022 (multiple)  Visual Studio Code Source: Microsoft
  • 11. Copyright © 2022 Ivanti. All rights reserved. Basic Authentication Deprecation in Exchange Online  Service will be disabled October 1  https://techcommunity.microsoft.com/t5/exchange-team- blog/basic-authentication-deprecation-in-exchange-online- september/ba-p/3609437  First announcement 3 years ago  Basic authentication subject to man-in-the-middle attacks  3-month waiver for single service available from Microsoft  Fully disabled in January 2023
  • 12. Copyright © 2022 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2 Source: Microsoft
  • 13. Copyright © 2022 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H2 11/16/2021 6/11/2024 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 Windows 10 Home and Pro Version Release Date End of Support Date 21H2 11/16/2021 6/13/2023 21H1 5/18/2021 12/13/2022 Windows Datacenter and Standard Server Version Release Date End of Support Date 2019 11/13/2019 1/9/2024 2022 8/18/2021 10/13/2026 Windows 11 Home and Pro Version Release Date End of Support Date 21H2 10/4/2021 10/10/2023  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows
  • 14. Copyright © 2022 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
  • 16. Copyright © 2022 Ivanti. All rights reserved. MS22-09-W11: Windows 11 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 11 Version 21H2 and Edge Chromium  Description: This security update includes improvements that were a part of update KB 5016691 (released August 25, 2022). This bulletin references KB 5017328.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 41 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. CVE-2022-23960 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide
  • 17. Copyright © 2022 Ivanti. All rights reserved. September Known Issues for Windows 11  KB 5017328 – Windows 11  [XPS Viewer] After installing this update, XPS Viewer might be unable to open XML Paper Specification (XPS) documents in some non-English languages, including some Japanese and Chinese character encodings. This issue affects both XML Paper Specification (XPS) and Open XML Paper Specification (OXPS) files. See KB for more details. Workaround: None. Microsoft is working on a resolution.  [Chile Time] The operating system will advance to DST between Sept 4 to Sept 10 per the old algorithm. Chile will move forward on Sept 10 per new rules from their government. Workaround: Manually reset time using the clock in the control panel. Microsoft is working on a resolution but did not have time to complete testing for September release.
  • 18. Copyright © 2022 Ivanti. All rights reserved. MS22-09-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1809, 2004, 20H2, 21H1, 21H2, Server 2016, Server 2019, Server 2022, Server version 2004, Server version 20H2, Server 21H1 and Edge Chromium  Description: This bulletin references 6 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 44 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
  • 19. Copyright © 2022 Ivanti. All rights reserved. September Known Issues for Windows 10  KB 5017327 – Windows 10  [Chile Time]  KB 5017305 – Windows 10, version 1607, Windows Server 2016  [Chile Time]  KB 5017315 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.
  • 20. Copyright © 2022 Ivanti. All rights reserved. September Known Issues for Windows 10 (cont)  KB 5017315 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019 (cont)  [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.  [Chile Time]
  • 21. Copyright © 2022 Ivanti. All rights reserved. September Known Issues for Windows 10 (cont)  KB 5017308 –Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1 all editions, Windows 10, version 21H2 all editions  [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. See KB for details.  [XPS Viewer]  [Chile Time]
  • 22. Copyright © 2022 Ivanti. All rights reserved. September Known Issues for Windows 10 (cont)  KB 5017316 – Windows Server 2022  [Chile Time]
  • 23. Copyright © 2022 Ivanti. All rights reserved. MS22-09-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This cumulative security update contains improvements that are part of update KB 5016669 (released August 9, 2022). Bulletin is based on KB 5017358.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 33 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time]
  • 24. Copyright © 2022 Ivanti. All rights reserved. MS22-09-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 5017371.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 33 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time]
  • 25. Copyright © 2022 Ivanti. All rights reserved. MS22-09-MR7-ESU: Monthly Rollup for Win 7 MS22-09-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11  Description: This cumulative security update contains improvements that are part of update KB 5016676 (released August 9, 2022). Bulletin is based on KB 5017361.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 36 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time]
  • 26. Copyright © 2022 Ivanti. All rights reserved. MS22-09-SO7-ESU: Security-only Update for Win 7 MS22-09-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 5017373.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 36 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time]
  • 27. Copyright © 2022 Ivanti. All rights reserved. MS22-09-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: This cumulative security update contains improvements that are part of update KB 5016672 (released August 9, 2022). Bulletin is based on KB 5017370.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 35 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time]
  • 28. Copyright © 2022 Ivanti. All rights reserved. MS22-09-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 5017377.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 35 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time]
  • 29. Copyright © 2022 Ivanti. All rights reserved. MS22-09-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This cumulative security update includes improvements that are part of update KB 5016681 (released August 9, 2022) Bulletin is based on KB 5017367.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 38 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time] NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.
  • 30. Copyright © 2022 Ivanti. All rights reserved. MS22-09-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 5017365.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 38 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [Chile Time] NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.
  • 31. Copyright © 2022 Ivanti. All rights reserved. MS22-09-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Office 2013 and 2016, Office 2019 for Mac, and Office 2022 LTSC for Mac  Description: This security update resolves a Microsoft PowerPoint remote code execution vulnerability. Consult the Security Update Guide for specific details on each. This bulletin references 2 KB articles and release notes.  Impact: Remote Code Execution  Fixes 1 Vulnerability: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-37962 is fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  • 32. Copyright © 2022 Ivanti. All rights reserved. MS22-09-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution  Fixes 3 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-37962, CVE-2022-37963 and CVE-2022-38010 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  • 33. Copyright © 2022 Ivanti. All rights reserved. MS22-09-SPT: Security Updates for SharePoint Server  Maximum Severity: Important  Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Foundation Server 2013, SharePoint Enterprise Server 2013, SharePoint Enterprise Server 2016, and SharePoint Server 2019  Description: Fixes an issue in which you may not be able to update resources by using the client-side object model (CSOM) if a remote event handler is attached to a resource event, such as Resource Changing. Review the KB articles for details. This bulletin is based on 8 KB articles.  Impact: Remote Code Execution  Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-35823, CVE-2022-37961, CVE-2022-38008, and CVE-2022- 38009 are fixed in this release.  Restart Required: Requires restart  Known Issues: See next slide
  • 34. Copyright © 2022 Ivanti. All rights reserved. September Known Issues for SharePoint Server  SharePoint Server – Check specific KBs for details  [Web Service] Some Web Part Pages Web Service methods may be affected after you apply the September 2022 security update. For more information, see Web Part Pages Web Service methods may be blocked after applying the September 2022 security update for SharePoint Server. See KB 5017733 for more details.  [Nintex] This security update introduces a change in SharePoint Server that will affect customers who use the Document Generation capability in Nintex Workflow. Nintex Workflow customers must take additional action after this security update is installed to make sure that workflows can be published and run. For more information, see Nintex support page. For support for Nintex Workflow, contact Nintex.
  • 35. Copyright © 2022 Ivanti. All rights reserved. MS22-09-MRNET: Monthly Rollup for Microsoft .NET  Maximum Severity: Important  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1  Description: This security update addresses an issue where an attacker could convince a local user to open a specially crafted file which could execute malicious code on an affected system. This bulletin references 15 KB articles.  Impact: Remote Code Execution  Fixes 1 Vulnerability: CVE-2022-26929 is not publicly disclosed or known exploited.  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported
  • 36. Copyright © 2022 Ivanti. All rights reserved. MS22-09-SONET: Security-only Update for Microsoft .NET  Maximum Severity: Important  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1  Description: This security update addresses an issue where an attacker could convince a local user to open a specially crafted file which could execute malicious code on an affected system. This bulletin references 15 KB articles.  Impact: Remote Code Execution  Fixes 1 Vulnerability: CVE-2022-26929 is not publicly disclosed or known exploited.  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported
  • 38. Copyright © 2022 Ivanti. All rights reserved. Release Summary  Security Updates (with CVEs): Google Chrome (3), Firefox (1), Firefox ESR (2), Foxit PhantomPDF (1), Foxit PDF Editor (1), Opera (1), Thunderbird (2), VMware Tools (1)  Security (w/o CVEs): Adobe Acrobat DC and Acrobat Reader (1), Box Edit (1), CCleaner (1), ClickShare App Machine-Wide Installer (1), Falcon Sensor for Windows (2), Citrix Workspace App LTSR (1), Citrix Workspace App (1), Docker for Windows (1), Dropbox (3), Eclipse Adoptium 11 (1), Eclipse Adoptium 17 (1), Evernote (2), Firefox (2), GIT for windows (2), Apple iTunes (1), Jabra Direct (1), Java Development Kit 11 (1), Java Development Kit 17 (1), LibreOffice (2), Malwarebytes (2), Node.JS (Current) (1), Node.JS (LTS Upper) (1), Notepad++ (1), Opera (5), VirtualBox (1), Paint.net (1), Plex Media Server (3), PeaZip (1), RedHat OpenJDK (1), Skype (2), Slack Machine-Wide Installer (1), Splunk Universal Forwarder (2), Tableau Desktop (6), Tableau Prep Builder (1), Tableau Reader (1), Thunderbird (1), Apache Tomcat (1), TeamViewer (1), WinSCP (1), Wireshark (2), Zoom Client (3), Zoom VDI (1)  Non-Security Updates: 8x8 Work Desktop (1), AIMP (1), Amazon WorkSpaces (1), Box Drive (1), Camtasia (2), Google Drive File Stream (3), GeoGebra Classic (2), BlueJeans (1), KeePass Pro (2), NextCloud Desktop Client (1), PDF-Xchange PRO (1), Python (1), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (2), ScreenPresso (2), TortoiseHG (1), TreeSize Free (2), Cisco WebEx Teams (3), WinZip (1), XnView (1)
  • 39. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information  Google Chrome 104.0.5112.102  CHROME-220816, QGC10405112102  Fixes 10 Vulnerabilities: CVE-2022-2852, CVE-2022-2853, CVE-2022-2854, CVE- 2022-2855, CVE-2022-2856, CVE-2022-2857, CVE-2022-2858, CVE-2022-2859, CVE-2022-2860, CVE-2022-2861  Google Chrome 105.0.5195.54  CHROME-220830, QGC1050519554  Fixes 21 Vulnerabilities: CVE-2022-3038, CVE-2022-3039, CVE-2022-3040, CVE- 2022-3041, CVE-2022-3042, CVE-2022-3043, CVE-2022-3044, CVE-2022-3045, CVE-2022-3046, CVE-2022-3047, CVE-2022-3048, CVE-2022-3049, CVE-2022- 3050, CVE-2022-3051, CVE-2022-3052, CVE-2022-3053, CVE-2022-3054, CVE- 2022-3055, CVE-2022-3056, CVE-2022-3057, CVE-2022-3058  Google Chrome 105.0.5195.102  CHROME-220902, QGC10505195102  Fixes 1 Vulnerability: CVE-2022-3075
  • 40. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox 104.0  FF-220823, QFF1040  Fixes 6 Vulnerabilities: CVE-2022-38472, CVE-2022-38473, CVE-2022-38474, CVE-2022- 38475, CVE-2022-38477, CVE-2022-38478  Firefox ESR 102.2.0  FFE-220822, QFFE10220  Fixes 4 Vulnerabilities: CVE-2022-38472, CVE-2022-38473, CVE-2022-38477, CVE-2022- 38478  Firefox ESR 91.13.0  FFE-220823, QFFE91130  Fixes 3 Vulnerabilities: CVE-2022-38472, CVE-2022-38473, CVE-2022-38478
  • 41. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Foxit PDF Editor 11.2.3.53593  FPDFE-220826, QFPDFE11U1123MSP  Fixes 5 Vulnerabilities: CVE-2022-26979, CVE-2022-27944, CVE-2022-34873, CVE- 2022-34874, CVE-2022-34875  Foxit PhantomPDF 10.1.9.37808  FIP-220830, QFIP101937808  Fixes 5 Vulnerabilities: CVE-2022-26979, CVE-2022-27944, CVE-2022-34873, CVE- 2022-34874, CVE-2022-34875  Opera 90.0.4480.84  OPERA-220906, QOP900448084  Fixes 1 Vulnerability: CVE-2022-3075  VMware Tools 12.1.0  VMWT12-220824, QVMWT1210  Fixes 1 Vulnerability: CVE-2022-31676
  • 42. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Thunderbird 102.2.0  TB-220823, QTB10220  Fixes 5 Vulnerabilities: CVE-2022-38472, CVE-2022-38473, CVE-2022-38476, CVE-2022- 38477, CVE-2022-38478  Thunderbird 102.2.1  TB-220901, QTB10221  Fixes 4 Vulnerabilities: CVE-2022-3032, CVE-2022-3033, CVE-2022-3034, CVE-2022- 36059
  • 43. Q & A
  • 44. Copyright © 2022 Ivanti. All rights reserved. Thank You!