Patch Tuesday Support Group April Webinar
Webinar Summary
Jordan Benzing goes over the latest update releases and which ones are keeping him awake at night. Then Bryan Dam spends far too long discussing the news of the month for April. Wrapping up and giving us a wildly entertaining Patch Tuesday Support Group webinar for April is Rob Mensching, CEO & Co-founder at FireGiant and Benevolent Dictator of the open-source WiX Toolset. Blog | Twitter | LinkedIn | YouTube
Watch the Webinar Recording
Webinar Hosts
Bryan Dam
Patch My PC
Software Engineer
Jordan Benzing
Patch My PC
Security Engineer Lead
Rob Mensching
FireGiant
CEO & Co-founder
Patch Tuesday Support Group Webinar Recap
Patch Tuesday April News
Sonicwall and Fortinet Blocking ODBC Driver 17 update (KB5037570) from downloading — Patch Tuesday Reddit Megathread (2024-04-09)
March Patches Introduced a Memory Leak for LSSAS impacting DCs — Issues with Kerberos requests on domain Controllers may cause LSASS memory leaks
Latest CUs include additional mitigations for BlackLotus (KB5025885) — How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932
Windows Update ‘Other Microsoft Products’ Documented — Update other Microsoft products – Windows Update for Business | Microsoft Learn
LG patches four vulnerabilities that allow malicious hackers to commandeer TVs — Thousands of LG TVs are vulnerable to takeover — here’s how to ensure yours isn’t one
US Cyber Safety Review Board Releases Exchange Online Report — Cyber Safety Review Board Releases Report on Microsoft Online Exchange Incident from Summer 2023
Microsoft employees exposed internal passwords in security lapse — Microsoft has resolved a security lapse that exposed internal company files and credentials to the open internet
No More Free M365 dev tenants — Stay ahead of the game with the latest updates to the Microsoft 365 Developer Program
What’s New in Intune — Copilot for Intune is in Public Preview, Add BIOS configuration policies, Endpoint Priviledge Management: added support approve for near-real time approvals, Update Expedite non-security updates (preview releases,) and Updated Security Baseline for Windows 23H2. What’s new in Microsoft Intune April | Microsoft Learn
Redis Adopts Dual Source-Available Licensing — Moving from Open Source to Source Available and forcing ‘competitors’ (AWS, Microsoft) to license
Hashicorp Threatens their Open Source Fork of Terraform — OpenTofu Twitter Post
What we know about the XZ Utils backdoor that almost infected the world — Would allow attackers with the private key to access nearly any Linux distribution over SSH. The hacker group spent years to gain leadership of a project with a set of compression utilities, and added code to the build process that created a backdoor. Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream
Microsoft Patches of Note
View the full list of Patch Tuesday release notes at Patch Tuesday Blog Home Page – Patch Tuesday Blog
Patches Released: 99
Critical Severity: 32
Important Severity: 0
N/A Severity: 0
Third Party Updates from Patch My PC
Total Number of Updates: 2340
Critical: 111
Important: 365
Moderate: 1856
Low: 8
N/A: 0
Browser Patch Specifics
Chrome: 12 Patches
FireFox: 252 Patches
Microsoft Edge: 15 Patches
Opera: 10 Patches
Insight into CVEs
Unique CVEs this Month: 152
Critical: 3
Important: 145
Moderate: 3
N/A: 1
CVE breakdown
7 Denial of Service
31 Elevation of Privilege
13 Information Disclosure
67 Remote Code Executions
29 Security Feature Bypass
5 Spoofing