We help you save time, money and improve your IT security

Integrate Third-Party Patch Management in Microsoft ConfigMgr and Intune

Patch Tuesday Support Group January Webinar

Webinar Summary

In our first healing session of the year, Jordan Benzing goes over the latest update releases and which ones are keeping him awake at night. Then Bryan Dam spends far too long discussing the news of the month. This month we’re joined by the man, the myth, the legend, Brian Mason who tells us all about the Midwest Management Summit (MMS).

Watch the Webinar Recording

Webinar Hosts

Bryan Dam

Bryan Dam

Patch My PC
Software Engineer

Bryan Dam

Jordan Benzing

Patch My PC
Security Engineer Lead

Brian Mason Profile Picture

Brian Mason

Guest Speaker
MMS Founder

Patch Tuesday Support Group Webinar Recap

Patch Tuesday January News

Exchange Server 2013 OWA — The ticking time bomb of Microsoft Exchange Server 2013 | by Kevin Beaumont | Dec, 2023 | DoublePulsar

Bitwarden Heist – How to break into password vaults without using passwords — RedTeam Pentesting – Blog – Bitwarden Heist – How to Break Into Password Vaults Without Using Passwords (redteam-pentesting.de)

U.S. Water Utitlies Hacked with default password of 1111 — Officials: U.S. water utilities hacked after leaving passwords set to (fastcompany.com)

Ivanti Endpoint Privilege Manager (EPM) SQL Injection Vulnerability — Ivanti warns of critical vulnerability in its popular line of endpoint protection software | Ars Technica

WinRE Updates will Fail on Small Partitions — CVE-2024-20666 – Security Update Guide – Microsoft – BitLocker Security Feature Bypass Vulnerability

What’s new in Intune — What’s new in Microsoft Intune | Microsoft Learn

RSOP for Intune — RSOP for Intune. Final solution! (doitpsway.com)

EU Users will get prompted for SSO on latest Win10/11 Builds — Upcoming changes to Windows Single Sign-On | Windows IT Pro (microsoft.com)

HPE to Acquire Juniper Networks — HPE to Acquire Juniper Networks to Accelerate AI-Driven Innovation | Business Wire

VMware ends Perptual license and Maintenance Plans — VMware by Broadcom Dramatically Simplifies Offer Lineup and Licensing Model – VMware News and Stories

Microsoft Deprecates Windows Mixed Reality — Deprecated features in the Windows client – What’s new in Windows | Microsoft Learn

MS Adds new Copilot Key to MS Keyboards — Introducing a new Copilot key to kick off the year of AI-powered Windows PCs | Windows Experience Blog

Microsoft Patches of Note

View the full list of Patch Tuesday release notes at Patch Tuesday Blog Home Page – Patch Tuesday Blog

Updates Released: 102
Critical Severity: 46
Important Severity: 51
Moderate Severity: 5

Third Party Updates from Patch My PC

Total Number of Updates: 1920
Total Number of CVES:
Critical: 37
Moderate: 1570
Low: 8

Browser Patch Specifics
Chrome: 15 Patches
FireFox: 180 Patches
Microsoft Edge: 15 Patches
Opera: 10 Patches

Insight into CVEs

Critical CVEs: 50
Important CVEs:

CVE breakdown
143 Denial of Service
199 Elevation of Priviledge
361 Information Disclosure
178 Remote Code Executions
273 Security Feature Bypass
59 Sproofing

BitLocker Security Feature Bypass Vulnerability — CVE-2024-20666  Score 6.6 Must be done in person/physically, exploitation less likely. A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access that also knows the TPM PIN (if the user is protected by the BitLocker TPM+PIN) could exploit this vulnerability to gain access to encrypted data. Depending on the version of Windows you are running, you may need to take additional steps to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. To check whether your update will apply automatically or if you need to do additional steps, please refer to Window’s instruction here: CVE-2024-20666 – Security Update Guide – Microsoft – BitLocker Security Feature Bypass Vulnerability

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability — CVE-2024-0057 Score 9.1 Network based attack, exploitation less likely. An attacker could exploit this by creating a specially crafted X.509 certificate that intentionally induces a chain building failure. The framework will correctly report that X.509 chain building failed, but it will return an incorrect reason code for the failure. Applications which utilize this reason code to make their own chain building trust decisions may inadvertently treat this scenario as a successful chain build, which would allow an adversary to subvert the app’s typical authentication logic. NOTE: this is scored high based on the worst-case scenario of a .NET framework exploit. Although it may not be critical in your environment, we recommend patching as soon as possible.

Our Customers Love Us

G2 Summer Leader
G2 Best Results
G2 Best Relationship
G2 Best Usability
G2 Most Recommended
G2 Users Love Us

Trusted by Over 6,850 Enterprises on Over 21.5 Million Endpoints

American Express - Patch My PC Customer
Adidas - Patch My PC Customer
NHL - Patch My PC Customer
Toyota - Patch My PC Customer
Mastercard - Patch My PC Customer
General Mills - Patch My PC Customer
Dominos Pizza - Patch My PC Customer
Gartner - Patch My PC Customer
Nasdaq - Patch My PC Customer
NOAA - Patch My PC Customer
Airbus - Patch My PC Customer
FireEye - Patch My PC Customer
Samsung Securities - Patch My PC Customer
Campbell Soup Company - Patch My PC Customer
iHeartMedia - Patch My PC Customer
Phillips 66 - Patch My PC Customer
Pacific Life - Patch My PC Customer
Hyatt Hotels - Patch My PC Customer
National Weather Service - Patch My PC Customer
Sunbelt Rentals - Patch My PC Customer
Subway - Patch My PC Customer
Lufthansa - Patch My PC Customer
Penn State - Patch My PC Customer

Since the day we implemented 3rd party app patching through Patch My PC, we have achieved a more controlled but mainly fast way to update our clients. Our previous packaging process always took at least 1-2 weeks before an updated version of an app was available for deployment.

Gerasimos Bartsas - Adidas
Gerasimos Bartsas
Manager Endpoint Security and Compliance

This is one of the most excellent support/product teams I worked with so far! I would say, you guys know very well your product when it comes to troubleshooting.

Patch My PC is an excellent tool to manage third party updates through SCCM. I’m completely satisfied.

Dinesh Tashildar - American Express
Dinesh Tashildar
Lead Technical Architect

I was trialing Patch Connect Plus and having issues. PCP’s support was poor, outsourced, and they did not help me solve my issue. I switched to a Patch My PC trial and was experiencing the same issue. Justin reached out to Microsoft in less than an hour on my behalf and had a resolution.

Alexander Guarino - Harvard Business Publishing
Alexander Guarino
Systems Engineer

This was the easiest product to implement that I have ever used. And working with your company is always a pleasure.

Kurt Levitan - Harvard University
Kurt Levitan
Technical Architect

It’s been awesome and has met our needs perfectly. For ideas, etc. support has been super responsive and made the product worth its weight in gold over other competitors!

Sean Huggins - Patch My PC Review
Sean Huggans
Systems Engineer

I have been using the catalog for a while now, and I must say that I’m impressed by the high quality of the updates and the richness of the catalog.

Kent Agerlund - CTGlobal
Kent Agerlund

The “Base Installations” feature alone was well worth the switch from Ivanti to PMPC. It saves us countless hours every month!

Martin Jäger - Kremsmüller Industrieanlagenbau KG
Martin Jäger
System Administrator

Our experience has been great! We used to use SCCM for Adobe and Java updates only, but now we are able to use it for all of our 3rd party software while still using SCCM. It has made our endpoints much more secure in an automatic way.


Wish all vendors were like you guys.

Hudson Advisors Review
Joe Cormane

Everyone I encounter @ PMPC is awesome! Great Team and Great Product!

Ben Whitmore - Borough Council
Ben Whitmore
Technical Architecture Manager