We help you save time, money and improve your IT security

Integrate Third-Party Patch Management in Microsoft ConfigMgr and Intune

Patch Tuesday Support Group September Webinar

Webinar Summary

Celebrate the first anniversary of the Patch Tuesday Support Group. Jordan reviews the latest security and vulnerability news and then compares stats from the year. Bryan Dam then reviews hot topic articles over the last month, including Windows 10 1507 (LTSB) critical CRE, the second SolarWinds critical bug in Web Help Desk, bypassing airport security via SQL injection, what’s new at Microsoft, and much more. Wrapping up and joining Jordan and Bryan for the Support Group September webinar is Alon Leviev to share his findings for the Windows Update downgrade attacks.

Watch the Webinar Recording

Webinar Hosts

Bryan Dam

Bryan Dam

Patch My PC
Software Engineer

Jordan Benzing Patch My PC Team Photo

Jordan Benzing

Patch My PC
Security Engineer Lead

Alon Leviev Guest Speaker Feature Photo

Alon Leviev

Alon Leviev
Security Researcher

Patch Tuesday Support Group Webinar Recap

Patch Tuesday September News

Patching Concerns

Microsoft disables BitLocker security fix, advises manual mitigation – October Deadline — msrc.microsoft.com, support.microsoft.com

September’s patches Fix Four Known Issues with August Patches— support.microsoft.com

Windows 10 1507 (LTSB) Has a Critical RCE (Remote Code Execution) — msrc.microsoft.com

End of Life for Win 11 22H3 (Home/Pro) and Win 11 21H2 (Edu/Ent) Next Month — learn.microsoft.com, learn.microsoft.com

Security Updates

TAKE ACTION: Enable multifactor authentication for your tenant before October 15, 2024 — admin.microsoft.com, techcommunity.microsoft.com

The Slow-Burn Nightmare of the National Public Data Breach — krebsonsecurity.com, nationalpublicdata.com, krebsonsecurity.com

Justice Department Disrupts North Korean Remote IT Worker Fraud Schemes Through Charges and Arrest of Nashville Facilitator — justice.gov

Second SolarWinds Critical Bug in Web Help Desk — darkreading.com

United States Joins Suit Against the Georgia Institute of Technology and Georgia Tech Research Corporation Alleging Cybersecurity Violations — justice.gov

Lidl’s Cloud Gambit: Europe’s Shift to Sovereign Computing — horovits.medium.com

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation — thehackernews.com

Seattle-Tacoma Airport IT systems down due to a cyberattack — bleepingcomputer.com

Bypassing airport security via SQL injection — ian.sh/tsa

Payment gateway data breach affects 1.7 million credit card owners — bleepingcomputer.com

End of the Road: An AnandTech Farewell — anandtech.com

Windows Downdate: Downgrade Attacks Using Windows Update — safebreach.com

What’s New at Microsoft

Unified Teams app for work, personal and education accounts now available on Windows— blogs.windows.com

Microsoft to host Windows Endpoint Security Ecosystem Summit in September — blogs.windows.com

Windows 11’s 24H2 update is almost here — let’s talk about some of the features we’re expecting to see — techradar.com

Copilot+ PCs expand availability with new AMD and Intel silicon — blogs.windows.com

Defender for Endpoint has been removed from the base image for Windows 11, version 24H2 — support.microsoft.com

Autopatch will now report on configuration conflicts — techradar.com

Autopatch released a ‘remediation script’ that fixes common configuration issuess — techradar.com

What’s new in Intune?— learn.microsoft.com

Device hardware inventory is coming soon to Microsoft Intune — techcommunity.microsoft.com

ConfigMgr Hotfix for Management Point Vulnerability — learn.microsoft.com

Microsoft Patches of Note

View the full list of Patch Tuesday release notes at Patch Tuesday Blog Home Page – Patch Tuesday Blog

Total Patches Release: 87
Patch Severity Number of
Critical 87
Important 31
Moderate 10
N/A 0

Third Party Updates from Patch My PC

Total updates: 2888
Update Severity Number of
Critical 91
Important 416
Moderate 2320
Low 9
N/A 52
Browser Specific updates
Browser Number of
Google Chrome 15
Firefox 180 – (10)
Edge 18
Opera 12

Insight into CVEs

This month we had a total of 79 vulnerabilities that were addressed through 262 unique patches.

Vulnerability Breakdown
Classification Number of
Critical 7
Important 71
Moderate 1
N/A 0
CVE Breakdown
CVE Type Number of
Denial of service 8
Elevation of Privilege 30
Information Disclosure 11
Remote Code Execution 23
Security Feature Bypass 4
Spoofing 3

Patches and Vulnerabilities of Note

Microsoft Windows Update Remote Code Execution Vulnerability — CVE-2024-43491  Score 9.8 Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 loT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024-KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability

Windows Installer Elevation. of Privilege Vulnerability — CVE-2024-38014  Score 7.8 This is marked as a high risk Windows Installer Privilege Vulnerability, which an attacker could use to acquire system. However, this ONLY applies to Windows 11 24H2, which is only on preview devices OR on Co-Pilot+ Devices.

Windows KB5041160 – Domain Controllers of 2022 — This comes with a fix regarding the security log event 4768 on server 2022 Domain Controllers. However, it’s not enabled by default. There is a known issue rollback to enable the update for properly populating the event logs.

Our Customers Love Us

G2 Summer Leader
G2 Best Results
G2 Best Relationship
G2 Best Usability
G2 Best Support
G2 High Performer

Trusted by Over 7,300 Enterprises on Over 22.9 Million Endpoints

American Express - Patch My PC Customer
Adidas - Patch My PC Customer
NHL - Patch My PC Customer
Toyota - Patch My PC Customer
Mastercard - Patch My PC Customer
General Mills - Patch My PC Customer
Dominos Pizza - Patch My PC Customer
Gartner - Patch My PC Customer
Nasdaq - Patch My PC Customer
NOAA - Patch My PC Customer
Airbus - Patch My PC Customer
FireEye - Patch My PC Customer
Samsung Securities - Patch My PC Customer
Campbell Soup Company - Patch My PC Customer
iHeartMedia - Patch My PC Customer
Phillips 66 - Patch My PC Customer
Pacific Life - Patch My PC Customer
Hyatt Hotels - Patch My PC Customer
National Weather Service - Patch My PC Customer
Sunbelt Rentals - Patch My PC Customer
Subway - Patch My PC Customer
Lufthansa - Patch My PC Customer
Penn State - Patch My PC Customer
{

Since the day we implemented 3rd party app patching through Patch My PC, we have achieved a more controlled but mainly fast way to update our clients. Our previous packaging process always took at least 1-2 weeks before an updated version of an app was available for deployment.

Gerasimos Bartsas - Adidas
Gerasimos Bartsas
Manager Endpoint Security and Compliance
{

This is one of the most excellent support/product teams I worked with so far! I would say, you guys know very well your product when it comes to troubleshooting.

Patch My PC is an excellent tool to manage third party updates through SCCM. I’m completely satisfied.

Dinesh Tashildar - American Express
Dinesh Tashildar
Lead Technical Architect
{

I was trialing Patch Connect Plus and having issues. PCP’s support was poor, outsourced, and they did not help me solve my issue. I switched to a Patch My PC trial and was experiencing the same issue. Justin reached out to Microsoft in less than an hour on my behalf and had a resolution.

Alexander Guarino - Harvard Business Publishing
Alexander Guarino
Systems Engineer
{

This was the easiest product to implement that I have ever used. And working with your company is always a pleasure.

Kurt Levitan - Harvard University
Kurt Levitan
Technical Architect
{

It’s been awesome and has met our needs perfectly. For ideas, etc. support has been super responsive and made the product worth its weight in gold over other competitors!

Sean Huggins - Patch My PC Review
Sean Huggans
Systems Engineer
{

I have been using the catalog for a while now, and I must say that I’m impressed by the high quality of the updates and the richness of the catalog.

Kent Agerlund - CTGlobal
Kent Agerlund
Founder
{

The “Base Installations” feature alone was well worth the switch from Ivanti to PMPC. It saves us countless hours every month!

Martin Jäger - Kremsmüller Industrieanlagenbau KG
Martin Jäger
System Administrator
{

Our experience has been great! We used to use SCCM for Adobe and Java updates only, but now we are able to use it for all of our 3rd party software while still using SCCM. It has made our endpoints much more secure in an automatic way.

{

Wish all vendors were like you guys.

Hudson Advisors Review
Joe Cormane