July Patch Tuesday 2019

July 10, 2019

Chris Goettl | Director, Product Management, Security | Ivanti

Todd Schell | Product Manager for Patch | Ivanti

Brian Secrist | Ivanti

Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.

Transcript:

Chris: Hello everyone, and welcome to the July Patch Tuesday Webinar. I am Chris Goettl, and joining me today is Todd Shell. Todd, how you doing?

Todd: I'm doing great, Chris, thanks a lot for asking.

Chris: Awesome. With us as well is Erica and Brian. You know, again, you know, we have a rather large crew here that help us put all this together. So always happy to have, you know, all these other people helping us. And welcome to all of you. We've got a lot of people who join these on a regular basis and we would love to see you coming back for more. That means we're bringing good information out to you on a regular basis, so thank you for continuing to join us. Yeah, it's gonna be interesting. Next month, Todd, I'm gonna be in South Africa doing the Patch Tuesday Webinar.

Todd: Oh, cool.

Chris: It's gonna be exciting. All right, so getting into the Patch Tuesday content for today, July 2019, we're gonna do a quick overview. I'll talk a little bit about some of the recent news, security issues going on, some zero-days. We've got a number of zero-days we're gonna talk about here, things being actively exploited, a number of disclosures. And then there's a couple of housekeeping items, things that...you know, awareness things, other feeds [inaudible 00:01:23] that people often tap into.

If you're new to the webinar series, we'll talk about a few of those and what are coming out of those, you know, and then we'll get into the meat of the presentation. Todd's gonna walk us through all of the updates that did release, we're gonna talk about severities, we're gonna talk about vulnerabilities, we're gonna talk about known issues.

At the very end, there's a couple of interesting opportunities that we've got here right now. So hang out towards the end here, we're gonna talk a little bit about the Ivanti Cloud platform and a new experience that we're building out there that happens to be Patch related and we're tying into Patch Tuesday and how we're doing things here.

And the other part is, for those of you who are a longtime Patch for Windows or are now Ivanti Security Controls customer, we do have an upcoming release here. I'm gonna tell you a little bit about what's coming there, and we've got a call to action there if there's anybody who wants to join our early access group, which will be starting up here very shortly. So we'll talk about those towards the end. And we'll also be handling Q&A all throughout, so please, if you do have any questions, post them in the Q&A section. We've got Brian and Erica who are gonna be responding throughout the presentation, and at the end, we'll recap and talk about a lot of those answers that happened throughout and answer any other lightning [inaudible 00:02:41] questions that were still out there.

So without further ado, we had Microsoft with a very large month, 17 total updates, a lot of patches, 12 critical, 5 important. They did have two zero-days that we'll talk about. This happens to affect all of the Windows operating systems this month, so that will definitely be a little bit of urgency there. There's a number of public disclosures from the Microsoft side as well. We do have a couple of Mozilla zero-days that actually happened, not with yesterday's release, but in prior releases in June, we're going to talk about those. You do want to make sure that you get this update or if you've already plugged those, just make sure that you've got at least those zero-days plugged. There's a number of critical updates within the release that came yesterday as well. So it's a good idea to make sure that one gets patched quickly, but we'll talk a little bit more about that.

First off on the news, I did wanna start out by giving a little bit of a BlueKeep update. I know it's out there yet we've talked about it a lot. Trust me, it's still not beaten to death. There's still a lot more to go. Sorry, spoiler alert there, I was on the wrong tab. One thing that just came out on July 1, this was the first public viewing of a company being able to exploit the BlueKeep vulnerability to the point where they escalated themselves to full system access.

So again, there's a lot of systems out there. The other two news articles go into detail. There's quotes from the Cisco Talos director saying, "If your CISO doesn't have an action plan already in place for when this hits, they should be doing so, you know, making sure that things are plugged and ready to go." Other references to, you know, there's been plenty of activity on the dark web, people scanning for and trying to identify systems that are vulnerable to these vulnerabilities.

So in general, this is still a very real threat. A lot of systems are exposed. It's a looming threat. It hasn't been exploited actively in the wild yet to anybody's knowledge, but WannaCry also hit, you know, a few months after as well. So best to make sure that you're prepared for this and have this vulnerability plugged if you don't already know you're set.

Now, the vulnerability itself here, Sophos did a very good job of kind of showing you a proof of concept here. They go through, they show you that right now that they can't remote into this system. You know, so they try to RDP in there, it's rejecting the credential that they're trying to use, and they're unable to do so. They point out how they're going to take advantage of this under that access there, you see that it was normal behavior. Now they go and execute the malicious payload. Again, this is being remotely exploited without the need for authentication. Once that completes, they come back over to our target system, RDP in.

Right now we're not logged in, but they just go down to accessibility here, and boom, they are into a shell. And by the way, that shell has NT Authority System access. So, FYI, that was a real proof of concept. Sophos was one of multiple security labs that have created this level of exploit already in proofs of concept and within safe environments. So, just make sure you've got that plug.

Again, the next two articles here that are being posted there are talking about the vulnerabilities, they're talking about, again, that quote, you know, from Craig Williams. He's from Telos over at Cisco, he's the Director of Outreach there, warning that, you know, you should have an action plan in place for this. You should make sure that you're patched. You should know what happens if this goes down, how are you going to respond if something does impact your environments and so on. So make sure that you've got those taken care of.

All right, moving on, Windows 10 life cycle. This is just a matter of, we always wanna give people advanced notice when the next life cycle updates are coming around. Microsoft is making a few shifts, again, to the branch upgrades. You know, the biggest shift right now is they are alluding to but not quite outright saying that the fall release every year is going to be the "feature release."

And it sounds like the spring release every year will be kind of the stable branch. No major feature changes, just, you know, getting people up to a branch that's now stable and kind of vetted. So, you know, there's been some details going around about that. It's, you know, your choice which branch you want to get into.

For those of you getting into those fall branches if you're on the Enterprise or EDU editions, that does give you a 30-month life cycle for that branch. So you get a longer life cycle, but that is the branch that will be releasing major feature changes first, so that's the one you wanna get your early adopters in in that first three to six months period and make sure that they're testing that out for your environment. Because when that spring update comes around, that's when you wanna get your, you know, majority moving over for sure so that you get, you know, everybody moved over in a timely manner. That's the one that will be more of like the not significant feature changes will happen, it's more of the stable branch kind of mentality.

So there are some shifts there. As far as our next end of lifes, October 8 for 1703, for those of you on EDU or Enterprise editions, November 12 for those of you on Pro is when 1803 is coming up on its end of life. So, few months out yet for both of those, just make sure that you've got a good migration plan in place to keep those moving forward.

Zero-days . Let's talk about these guys because there's a few of them. The first one, this is an elevation of privilege vulnerability. It exists in how splwow64.exe is handling certain calls. If an attacker is able to exploit this, they would have to use this in combination with another vulnerability to actually do code execution. But this brings them from a low integrity to a medium integrity privilege level, where they can now start to do more and take advantage of additional vulnerabilities on the system.

This one does affect, if my memory serves, Windows 8.1 and later. Let's double-check that real quick. Yep, Windows 10, Windows 8.1, Server 2012, 2012 R2, 2016 and later for the server-side. And again, actively being exploited most likely on the Windows 8.1, 2012, and 20212 R2 platform. But if they were able to make exploit code for that version, the step to get up to Windows 10 and the server-side 2016 and later would not be a significant leap because it's all the same, it's roughly the same code. So, that's what's affected there.

The second zero-day on the Windows side, this one is a vulnerability, also elevation of privilege in win32k. It's a matter of how its handling objects in memory. An attacker who exploits this could get to a privilege level where they can run arbitrary code in kernel mode. So at this point, they own the system. And it is a privilege, elevation of privilege so, you know, privilege management won't mitigate this one. Again, both of these actively being exploited in the wild.

This one affects the Windows 7, Server 2008, and Server 2008 R2 platforms as you can see here. So again, we have zero-days being exploited in the wild across all currently supported Windows operating systems. So as we get into the priorities later, Todd's gonna touch on the updates that, you know, those two vulnerabilities apply to. And that is one of the reasons why we are putting that as one of the more urgent things to roll out this month, get your OS updates in place.

All right. Next, from the Mozilla side, there were two zero-days that came out within a few days of each other. They hit, I think it was around the 18th through the 20th of June. Right after Patch Tuesday came out, they released one update to resolve the first vulnerability. They released the second update to resolve the second vulnerability all within a few days of each other. Yesterday they did release another update which includes both of these zero-days but that also included a number of additional security updates that need to be applied as well. So two zero-days, a number of criticals, and several other important or lower vulnerabilities being resolved.

If you did not push the 67.0.4 Firefox branch out already, make sure to get the latest one pushed out as quickly as possible. If you're at least at 67.0.4, you've got the zero-days plugged, get the new update pushed out in a reasonable timeframe, because again, there are critical vulnerabilities exposed in there. It is a browser, it's more highly targeted. So our guidance is get the browser updated as quickly as possible, but if you don't have the zero-days resolved, urgent update, get it plugged as soon as possible.

All right, we got a few public disclosures that we wanted to talk a little bit about. This first one is a denial of service vulnerability in sim crypt. This is a component on...let me get over to the right tab. No, don't do that. There we go. Sim crypt is a component on the Windows 10 later platforms, so Windows 10, Server 2019, and later. This one is...basically, it's a vulnerability on how digital signatures are being handled. So somebody could craft a connection or a message with a digital signature, you know, modified to a certain degree and with that they could cause a denial of service for that system.

Again, this one's only been disclosed, not actively being exploited. For those of you who may not be on here regularly, we talk about disclosures because that is a vulnerability that's been released out into the wild with enough information that threat actors have an advanced...they've got a head start on us. They've had this in hand for potentially days to weeks, maybe even longer in some cases, and they could already be developing code around that. So that's why we talk about public disclosures.

The next public disclosure is in Remote Desktop Services. This one's a remote code execution vulnerability. This one does affect pretty much everything. All the Windows OSs are vulnerable to this one. With this disclosure, there's enough information out there that somebody could get a jumpstart on developing an attack around this. An attacker who successfully exploits this vulnerability could execute arbitrary code on the victim's system that would pretty much give them full access to the system to, you know, create users with full user rights. They can view, add, or change, you know, things on the system, installing programs and doing other things as well.

This one is a little bit more difficult. So what we saw in the SophosLabs BlueKeep vulnerability, that one, there was no pre-work that had to be done. An attacker could just go straight in and exploit this. In this particular vulnerability, an attacker has to compromise the target system first and then they're basically sitting there waiting for a victim to connect via Remote Desktop Services to that affected system for them to take further advantage of this. So when that user connects, they're able to take advantage of that connection coming in and this vulnerability in clipboard redirection, and then they get full access to be able to run arbitrary code on that system. So a little bit more pre-work needed for this one compared to BlueKeep, which we've talked about before.

All right, next is SQL Server. So SQL Server, as we talk about the update for this month for SQL Server, it only was rated as an important. Because of this disclosure, there is a higher risk around that. Actually, to be fair, our first two zero-days that we talked about, both of those, let me go back to these real quick, the vulnerabilities involved were only rated as a severity of important. So this is kind of showing the...and I'll even go to the CVSS score here. This has got a CVSS base score of a seven.

So depending on how you're prioritizing updates, if you're going based on vendor severity, if you're going based on CVSS scoring, sometimes those are ways for things to slip around you that could be very exploitable. So we use exploited and public disclosure as additional risk indicators, because statistically, the public disclosures are more at risk than some critical vulnerabilities with higher CVSS scores. In this case, both of our exploited in the wild vulnerabilities this month were only rated as important severity. And both of them were in the 7X range for base scores for CVSS. So, just keep that in mind as you're thinking about how you prioritize updates.

So back to the SQL update, only rated as important, but because it's been disclosed, there's more information available that a threat actor can take advantage of this and have less work to do to be able to try to exploit this. It's a remote code execution vulnerability in SQL Server. An attacker would have to...they have to be an authenticated attacker. So in this case, it would be a threat actor who's already in your environment. They've an advanced persistent threat, or, you know, breach type scenario would be exactly the scenario that this would come up in. This threat actor gets to a point where now they know where your SQL Server is, what, you know, database they're tryna get to.

If they've got a level of authentication at that point, they can craft a query to that affected SQL Server and with that they can now execute code in the context of the SQL Server database engine service account. So that gives them the ability to query whatever they want to out of there. That's how they'd be able to exfiltrate that data and get away with it. So again, only rated as important, but because it's been disclosed, there's more information available, threat actors have a jumpstart on creating something, it puts this at higher risk.

Next vulnerability that has been disclosed, this one's a Windows elevation of privilege vulnerability again, this is in the Windows AppX Deployment Service. So affecting again the operating system this month for Windows 10, Server 2019 and later. This one, it would require...an attacker would have to log on to the system first. So it's not just gonna be a drive-by or a phishing attempt. This would be something where you've got a threat actor in your environment. But in this case, if they are able to get access to that system, they can now specially craft an application that could exploit this vulnerability and take control of that affected system. They don't get full access to the system but they can install programs, change or delete data. At that point, they can get means to do other things.

The next one here, we're gonna step into, you know, out of regular updates for a second. For those of you who have been on here several times, you've heard us talk a little bit about development components. If your company is embracing DevOps, if you're starting to use Azure, there are a couple of vulnerabilities this month that are, you know, good examples of how we have to think about vulnerability management differently in this new world that we're stepping into.

In this case, this is an elevation of privilege vulnerability once again. In the Azure Automation Run As Account, the attacker create a Runbook that would allow them to gain additional access within your environment. So in this case, they could get access to your Key Vault and all of the secrets that you have in that Key Vault. So it's something that they are looking at, as they roll this out, the Azure Automation service. Microsoft is addressing the vulnerability by providing the following scripts for existing Run As Automation Accounts that modify the existing roles by excluding access to Key Vault within Azure Automation Account. So this is not a patch.

This is something where you have to then take these scripts if you're using Azure Automation Services and you have to run those to make sure that the privileges are modified in a way where, you know, you mitigate or eliminate this potential vulnerability. So, again, if you guys know that you're on Azure, if you're using automation services, you might wanna check on this one and reach out to your internal organization, the teams involved, and make sure that they are also aware of this, they may not be.

The second one, this is a vulnerability in Docker, also another elevation of privilege vulnerability. So if you are running either the Azure Kubernetes service or the Azure IoT Edge services, this is something that does affect you. It's a vulnerability in Docker. So Microsoft, it's a project in there under Mobi that if you're using either of these services, Microsoft is using the Docker runtime which uses this component. They're fixing the vulnerability there. Once that gets fixed, there's a pull request that's going to be...that's actually in review right now to fix the vulnerability.

At that point, for those of you running the Azure Kubernetes Service, Microsoft is going to be fixing that one for you. When they release that, a new Mobi build for use with AKS will be available, you just need to pull in that new build. For Azure IoT Edge customers, if you're using the IoT Edge services, you need to...once they approve that change, they're gonna provide installation instructions, where now you need to integrate that updated Mobi package into your IoT platform that you're building. So, a couple of things there.

To take advantage of this, you know, there's a couple of things that have to be true for this to be exploitable. A container on the host must be compromised. So the attacker would have to compromise any one container running on that platform. From there though, the elevation of privileges, they can escape from the container and they can get to the base OS that all of the containers are running on.

From there, if they get access to that OS, they may be able to get into the other containers on that same platform as well. The attacker must have access to the host machine, as a Docker API is not exposed by default from outside of the host. So there's a couple of steps to do that, but if they're in your environment, again, once they achieve that, they're able to elevate their privilege level within that environment. Again, there's no patch for these. There's installation instructions. There's other steps that have to be taken. This is something that your DevOps teams need to be involved in in resolving.

All right, jumping back into our presentation. I've talked about the public disclosures. I'm just going to slip by some of these slides because I'm just using the links there, I did all those already. I talked about Docker. Those were when the fixes are coming. Okay, here we are, Exchange Server. There is a exchange update this month. There's also an advisory.

This advisory is around Outlook on the web cross-site scripting vulnerability that's out there. It's affecting Exchange Server 2010 SP3, 2013, 2016, and 2019. In this case, an email recipient victim must drag and drop or paste a specially crafted SVG image into a browser tab for the exploit to work. Mitigation, Microsoft is recommending that administrators for Outlook on the web block SVG images. If you do that, then this would basically mitigate that exploit from being possible. So this can be accomplished via the set OWA mailbox policy command. And there are steps on how to do that within the link here. So that is the advisory for this month for Exchange. There's also an Exchange update we'll talk about as well.

So this one is now in effect. Microsoft has finally made the switch over to SHA-2 certificates. Anything that was dual signed or still had SHA-1 signing from before, you needed to apply certain updates to be able to support SHA-2 on older platforms. There were some recent updates to the Server 2008 platform that fixed a known issue around SHA-2 signing for MSIs. So if you haven't done that one, I believe that was the last month or the month before, that would fix a known issue there for MSIs installing when they're signed by SHA-2.

But as long as you've got the SHA-2 code signing support requirements met, those updates that were made available there, you should be good to go and updates will continue to flow. If you don't have those on there, updates are going to be SHA-2 signed, no longer dual signed, and going forward, you will not be able to apply updates unless you apply these patches first.

We do have a whole host of servicing stack updates that also came out this month. So again, servicing stack updates, this is Microsoft's update infrastructure within the OS. Changes to this are required for changes that Microsoft is kind of pushing down the pipe. They usually give us a few months advance on these. They are updates that need to be applied outside of the normal monthly updates. So you do need to apply these in addition to your regular monthly patching.

None of these are going to be a blocker for you this month but, you know, down the road, a month, two months, three months down the road, any one of these could go into effect where it's a requirement now before you'd be able to update additional updates. So start evaluating these, get them rolled out in a reasonable timeframe so that you don't get caught down the road with one of those not being applied.

We talked a little bit about this with the Azure updates that we talked about, those public disclosures, but in general, there's been a shift towards DevOps, towards development binaries, and this is something that a lot of companies are not fully prepared for yet. Java is another good example of this. Oracle is releasing their CPU next week. Expect all your Java updates for this quarter to start coming out next week Tuesday. With that, there's going to be a Java 11 update.

Well, you guys have probably heard this before from previous months, but if you haven't already, Java 11 changed how delivery of Java updates is applied to systems. There's no longer a JRE and a JDK. The JDK is the development environment. That's where the developer creates the application, builds it, and gets ready to ship. The JRE was a prerequisite to run that application on the endpoint for Java, you know, 10 and earlier. So if you had applications developed in those environments, you had to have the Java Runtime installed on a system where you wanted to run the application from.

In Java 11, as the developer builds the application, those JRE components are built straight into the app. It makes it so that the application is lighter weight. You know, Java, the JRE was kind of a large install, and maybe only a couple of components were ever really necessary. So this does mitigate risk. It does eliminate a lot of the size, but it also changes the responsibility for plugging vulnerabilities. Most of you are on the operation side, you're the ones pushing the patches, you can't update a Java application. The JDK can be updated. With that, a developer now has to run a new build. That updates the JRE components, and then you redistribute that application that's now been updated.

So, if that conversation hasn't happened internally about how those are being managed and how frequently you're pushing those updates out, good idea to do that. These are all examples of cases like that. We just talked about the Azure Kubernetes, the IoT edge, and the Azure Automation changes. All of those things are changes that your DevOps teams, your operations teams in those areas have to do. It's not just a patch you push out anymore.

All right, a couple of things. If you're looking for more type of data like this, we've got a few different sources that we point people to. Outside of Patch Tuesday, we do have a continuing weekly blog digest. This basically goes through everything that came out for that particular week, talks about Microsoft and third-party updates, security, non-security, breaks down any vulnerabilities and stuff. Brian, who supports us on these calls, is managing those weekly articles. And a lot of good stuff comes out of those. In fact, he talked about those Mozilla zero-days when they came out in that week. So it's a good way to keep up on major risks as they come out, and gives you a lot of the same type of detail that we do in the Patch Tuesday Webinar.

Patch content, for those of you who are using any one of our patching technologies, if you want to stay up to date on the notifications on when we release content, we release content typically twice a week, if not more. You can sign up for those on our community at these particular sections here, depending on which product you're on.

All right. Todd.

Todd: Hey Chris.

Chris: I am going to hand you presenter rights if I can...I'm clicking deficient here. Oh, there we go. I'll pass keyboard and mouse. You are up Sir, you have control.

Todd: All right, let's see if we can advance here. Okay, hello everyone. Let's walk through the bulletins for this month, and we have a lot of stuff to talk about. So as Chris mentioned, you know, with the vulnerabilities that are showing up in Firefox and the different releases that occurred, there were two releases yesterday, both rated critical by Mozilla. There's an update directly for Firefox. This is the latest version Firefox 68. Addresses a number of vulnerabilities, 21 total unique vulnerabilities in this one. So if you wanna take a look at those, you can go off to the link shown here, in that advisory from Mozilla.

Also, you know, a number of different impacts here. While a lot of times you'll see maybe just elevation of privilege or information disclosure when it comes to the browser, but in this case, we're getting security feature bypass spoofing and a number of things. So just be aware of this one. And like Chris said, you know, these are roll-up vulnerability updates. So make sure that you do apply these to address those zero-days that Chris was talking about from earlier releases as well.

There were some questions in the Q&A session from people who are listening while Chris was talking earlier. There was an update for Firefox ESR yesterday as well. Latest version is 16.8, so be aware of that as well. There is some overlap here. There were 11 vulnerabilities as well that were addressed here, that overlap with the 21 that were covered in the Firefox ESR. So kind of be aware of that as well.

Let's see what else we got here. So going on to Windows 10. A number of updates this month, obviously, for Windows 10, and there are a lot of issues here that we're gonna go through as well. So let's talk about that. There were updates, obviously, for all the versions of Windows 10 and the associated servers from 2016 through 2019. Ten different KB articles cover this. So a number of KBs to look through there. Chris did talk about the different, you know, publicly disclosed as well as the exploited vulnerabilities. So we've got that listed here. I highlight them in red so you can keep those and be aware of which ones they are. Again, a number of impacts as well, all the way from remote code execution all the way through information disclosure, so kind of be aware of that.

A number of issues for July. Some of these carry over from a lot of releases previous, and so what you'll see here, for example, the first one here is 1607 and Server 2016. This issue has been around for a long time. Microsoft continuing to say that they're working on a resolution, but we'll see for some of these here.

So the first one here has to do with Virtual Machine Manager. They can walk through some best practices shown in the links here as far as a workaround goes for this particular one. This one does not show that they're working on a resolution so it looks like this one's gonna stay around. The next one has to do with this minimum password length. This one's been around for many months as well. This has to do with passwords not being passed in a group policy. And what you actually have to do is code in and setting up minimum password length equal to or less than 14 characters. So be aware of that, Microsoft's still working on a resolution here.

The next one, I've actually, if you're wondering what the blue name out there is to the left, you'll see that I use this throughout the remainder of the presentation. It's gonna be my shortcut. So I provided a kind of an overall description here for you, and on future slides, you'll see that I'm just going to call it the file rename issue. So in this case, this particular issue has to do with cluster shared volume and an error that's occurring when you go to change the name of it, so that's why I call it the file rename issue. Microsoft does have a little workaround here as far as using administrator privileges to go through and change that. But it does say also that they're working on a resolution for this one. And this one shows up quite often through a lot of different operating systems beyond just Windows 10, as you'll see.

Also with the 1607 release, a new one here showed up this month, has to do with Active Directory Federated Services. They may exhibit a behavior where the iframe is not working properly. They do have a workaround here where they're going through and telling you how to reset the page information. So there are detailed directions in the KB. Microsoft does say that they're working on a resolution for this one as well.

And finally, this one down here that I've called the Window-Eye. This is the Window-Eye screen reader that's available in many of the operating systems. And you'll see that this particular issue shows up in not only all the Windows 10 operating systems but some of the other ones as well. So this one carries on to beyond just Windows 10. So you'll see Windows-Eyes here quite a bit. They're working on this one.

They actually might have called out earlier because they say here that, "Anybody who's already migrated from Window-Eyes to Freedom Scientific Screen Reader Jaws are not affected by this issue." I'm not sure why they call this one out specifically, but it might have been a recommendation from Microsoft earlier, I don't know. So just be aware of that. But this is an issue with the Window-Eyes screen reader and they are working on a resolution.

So here you go, you can start seeing where some of these repeats show up. So in 1703 and the 1709 release, that file rename issue that I talked about in just a minute ago, and the Window-Eyes issue both show up with those, so be aware of that. In 1803, in addition to the file rename and Windows-Eye issue, there's a problem with log on. When you first apply the update and then go back to a restart, they're saying that a small number of devices may start up with a black screen during the first log on. Apparently, the update has installed properly, so they're telling you to just press Control Alt Delete and do a power cycle and restart and it will come up properly after that. So again, it's an initial problem with log ons after the update is applied. I'm gonna call that one black log on because it does appear here in the 1903...I mean, the 1809 release as well.

So, in addition to those three particular issues, file rename, the Windows-Eyes, and this black log on issue, there's also an issue with these Asian language packs. It only shows up in 1809. This has been a repeat issue. It's been on the books for several updates now. So they do give a recommendation as to how to workaround here. It's not the best, basically, uninstall and reinstall your language packs, so not the best workaround, but they do provide that. And they do say that they are trying, they are working on a resolution for this one as well, so we'll see. Again, that particular issue only affects 1809.

1903, that same issue with the screen reader, Window-Eyes, just talked about a minute ago. There's also two additional issues that are unique to the 1903 and the Windows Server 2019 release. The first of these has to do with the Windows Sandbox. This one showed up last month as well in a different form. So it looks like they are having some repeat problems around this. They may have partially fixed it. But basically the Windows Sandbox may fail to start with this error you see here, error file not found. There is no workaround for this right now, so Microsoft is working on that.

There's a second issue, has to do with active VPN, and so it's around the Remote Access Connection Manager, or RasMan Service, may stop working so you can get this error message as well. The KB does provide a couple of different recommendations. I didn't go into details here because they're pretty extensive. But you can go in, take a look at that, read through those in the KB link that I have up above here for 4507453. And so go ahead and read that. It has to do with changing the default telemetry settings that are associated with this RasMan Service. And again, it's unique to 1903 and server 2019, and Microsoft is working on a resolution for this. So a number of issues this month with Windows 10. You may or may not run into some of these, so just be aware of them.

Let's move on to the next update. Again, another critical update. It's rated at a high priority one for us, security updates for Internet Explorer. As you know, there are a number of different types of updates for Internet Explorer each month, from a security-only to a overall cumulative update. There are updates still for version 9, 10, and 11 each month. The particular updats this month address six different vulnerabilities, all around remote code execution. When you do update, obviously it does require a browser restart.

There is a known issue around this. The screen reader, the Window-Eyes screen reader I talked about earlier is associated with this as well. But there's also an issue with Internet Explorer 10 being offered on Internet Explorer 11. It's kind of interesting. This issue has been around actually for a month or two now as well.

They do tell you that it's not really a problem. They said that, you know, "If you run this update, even though it is detected as a required update and you run it on top of this, it's not going to affect anything." But they do recommend that you apply this latest update 4507434 to make sure that you get all the security fixtures in IE 11. So Microsoft is working on this. It looks like it's a detection issue on their side, but again, it's kind of one of those no harm, no foul as long as you make sure the update is applied.

Moving on to the legacy operating systems. There is a monthly rollup for Server 2008 this month. They do include the IE nine updates in this. So you can see here there are 20 direct fixes associated here that I've listed associated with the Server 2008 operating system and there are four of the six IE vulnerabilities associated with IE nine. You can go into the KB and actually take a look at those four separately if you'd like. I haven't listed them here.

I have highlighted the one that's publicly disclosed and the one that's exploited this month. So you can see those here in red, in case you're wondering what they are. So the monthly rollup does include, like I said, all of the updates from the previous months for Server 2008 for quite a while now. I think they introduced this about a year ago, Server 2008 rollup, so it's been a little while. It hasn't been as long as all the other patches where they're doing monthly rollups, or other operating systems where they're doing monthly rollups, but it has been around for quite a few months now.

There's no known issue directly with this particular update. However, I did list in here that there was an SSU update that was issued back in April, that does have an issue. So when you do apply the 4493730 update, it can hang on restart. Essentially what it'll show you is like a page two of two or update page three of three. It'll hang. Kind of similar to that black log on screen that I talked about for Windows 10 earlier Microsoft says, "Just do a Control Alt Delete and restart and, you know, no harm, no foul there." It has actually properly applied and you'll get past that problem. There's also a security-only update for Server 2008 this month as well. Again, it addresses those same 20 vulnerabilities, does not include the IE updates and obviously, that's, you know, that Server stack update applies to this one as well, so be aware of that.

Kind of common impacts here, remote code execution, elevation of privilege and information disclosure. You're going to see that for most of the operating systems and the associations with these vulnerabilities that covers these three particular impacts. Still rated as critical this month. Again, as Chris said, we do have that publicly disclosed and the exploited vulnerability that we know about.

There was an update this month for Windows 7 and Server 2008 R2. Again, another monthly rollup going back all the way to October of 2016 when the monthly rollup started. Again addressing a number of issues in different components throughout the operating system. Listed them here, Windows Server, the graphics components, storage and file system, Shell, Windows input and composition in the Windows kernel itself. This particular one has to do with that win32k update as well, for that exploit that Chris was talking about earlier.

There are some known issues with this particular monthly rollup update. This has been carrying forward now for four months, three months actually. There's an issue with McAfee and Microsoft Interactive when you apply this particular monthly rollup. There are some workarounds depending upon what McAfee Security System you're running, whether you're running Threat Prevention, their Host Intrusion Prevention, or their Virus Scan Enterprise, so be aware of those. We've included the links here so you can take a look at those. They're also included, obviously, in the KB article talking about this. So Microsoft is working on the resolution. Like I said, it's been three months now that this has been called out by them, so be aware of that.

There's a security-only update for Windows seven as well this month, same 21 vulnerabilities that are addressed, does not include the IE updates. For those of you who are new to the call and may not understand the difference here, basically, you know, under Windows 10, the concept of an accumulative update, or a monthly rollup, exists for all of those operating systems. So basically, every update for those operating systems gets all the legacy updates from previous months.

What Microsoft did with their legacy operating systems, from server 2008 all the way through 8 dots, Windows 8.1 and Server 2012 R2, they've broken their updates out into two types: there's a monthly rollup, that includes all of the updates for security as well as performance enhancements and any improvements they've made in the basic operating system going back to October 2016. So they're rolling those all into kind of one massive update. You can apply those and get all those updates in one swoop.

Or Microsoft still continues to release what they call a security-only update. So this particular update under this KB number 4507456 only includes updates for these 21 vulnerabilities. It's only security-only, does not include any of the performance enhancements or any other updates that they may have included in the monthly rollup. So if you're looking for security-only or you have applications running on these older operating systems that are very sensitive to updates, you can apply just the security updates each month, but you have to be obviously...you know, to have a very strong cadence to make sure that you get the updates in the security-only form. Interestingly enough, there are no known reported issues with this, whereas the monthly rollup does have the issues with McAfee I just mentioned.

Moving on, let's talk about Server 2012. A fewer vulnerabilities addressed with this than the previous one. There are only 18. They do include the six IE vulnerabilities. Again, we have the exploited and publicly disclosed that I've highlighted here. This particular monthly rollup does have a known issue with that file rename that I talked about. If you're looking for the details, you can go back and look under that Windows 10 description that I provided there. A security-only update for Server 2012 as well, the same 18 vulnerabilities, the same file rename issue with this one this month as well.

Finally, our last, I'll say, legacy operating system update. This particular one addresses Windows 8.1 and Server 2012 R2. Again, they're lumped together under a common listing because of the same operating system kernel. So the updates that apply to 8.1 also apply to that same server operating system kernel.

This particular month, there are a number of changes. There are a number of things that were kind of different from the previous ones that I talked about. They did fix 22 vulnerabilities with this particular update, as well as the six IE vulnerabilities. But you'll notice here that there were some additional vulnerabilities in the area of security feature bypass and denial of service that were not included in the previous slides that I had. So, a number of different vulnerabilities were updated here from the previous ones. Because of space here I didn't include them all, but you can go in. The link is provided for the KB article and you can see that those same two publicly disclosed and exploited vulnerabilities are provided.

There's a known issue with this one. You can see that the file rename issue that we talked about earlier, the McAfee's issue, and the Windows-Eyes issue apply to the monthly rollup, whereas only the file rename issue applies to the security-only update. And I have the security-only update here on the next slide. Again, the same 22 vulerabilities, but again, focus just on those vulnerabilities this month, and not all the updates from the previous months. So that completes our operating system updates.

As Chris mentioned earlier, we had a large number of patches released from Microsoft this month. So in addition to just the operating systems, this month we have a Microsoft .NET release as well. They have gone all the way back to .NET framework 2.0 this month, as well as the latest release, which is 4.8. A huge number of, you know, updates and KB-wise, there are 19 KB articles. That's because of all of the releases from 2.0 all the way through 4.8, includes the 3.5s and others. And there's a unique release basically for each group of operating systems that use the different versions.

There were three vulnerabilities addressed this month. They did rate is as a critical because of the types of fixes that they're making. There is remote code execution, a denial of service, and an elevation of privilege vulnerability fixed as well. And I've included a kind of a description from each one of the KB articles on these, so be aware of that.

So there's a little difference in the way the .NET updates are applied. They don't necessarily always require a system restart. So if the files that are being updated are not being used or locked, they can be actively updated without a restart. So be aware of that as well. Just like the operating system updates, you'll notice there is a monthly rollup for .NET, as well as a security-only update for .NET as well. Again, the same vulnerabilities addressed here. The security-only update only include these three CVEs, whereas the monthly rollup includes quite a few more.

Interestingly enough, you know, in previous months, most of the .NET updates have been rated as important because of the type of vulnerabilities they fix. But I think it's very important this month, that if you haven't updated your .NET for quite a few months or used any of the previous updates, that you do because these are rated as critical.

Moving on beyond .NET, we're going to move into the important updates now. There's five that are rated as important in the remaining slides. Obviously, every month we get an update for Office. This particular month, we got updates for Excel, Lync 2013, all of the Office versions. They don't always go back to 2010, but this month Microsoft went back to 2010 on quite a few of these. There's also an update for Office 2016 and 2019 for Mac. Outlook had an update as well for 2010 through 2016, and Skype for Business 2016. So if you're using either any of these standalone applications with the Office suites, a number of updates provided. These are all spread across 16 different KB articles.

They address four vulnerabilities this month, across these different applications, including impacts of remote code execution. There was some spoofing vulnerability fixed, as well as an information disclosure vulnerability. No known issues reported for these. In addition to the Standard Office Suite, you know, the online software as a service applications, whether it's Office 365 Pro Plus or Office 2019, also had updates this month. There was one additional vulnerability fix that applies to these particular applications. This is, CVE-2019-112 was added above and beyond the basic Office Suite, was fixed in the online versions. So be aware of that. Again, rated important. No known issues around this.

We had an update for SharePoint Server as well, addressed two different vulnerabilities. Again, only rated as important this month. The vulnerability though did allow for some code execution, as well as spoofing and elevation of privilege. So be aware of that. There were updates for SharePoint Server.

There was also a security update for SQL Server. Unfortunately I missed this here but Chris talked about this particular vulnerability. I should have highlighted this red. This is a publicly disclosed vulnerability. And as Chris mentioned with this update, the update for SQL Server goes from 2014 through 2017. So if you're running any of those versions in there, this particular issue has been fixed. And again, Chris said, he kind of went through the vulnerability associated with this, but this particular exploit does allow you to run code, basically with the service account associated with the database engine. So critical, very important that you get this one updated. Microsoft has rated as important.

Finally, we have security updates for Exchange Server. A Chris mentioned, there was an advisory associated with this, which had to do with, you know, protecting against the particular graphic form, handling graphics and email and how Microsoft recommends that you turn those off for the SVG graphics, but there was also an update this month. Now, these are separate, so the advisory is associated with Exchange Server, but this particular update does not address that particular problem. That's a configuration issue that's covered under that advisory. So be aware of that. Three vulnerabilities addressed around spoofing, elevation of privilege, and information disclosure. Kind of gave a description up here of what those three are. So be aware of those. There were three KB articles associated with this particular update for the different versions.

And with that, that's a big list of bulletins this month. Again, a large number rated as critical, so make sure that you go through and apply those updates, and of course, the important ones as well, including that SQL one, very important this month. Chris, with that, I will turn it back over to you for Between the Patch Tuesdays.

Chris: This is a marathon Patch Tuesday, isn't it?

Todd: It really is.

Chris: All right, so I'll just go through these really quick, we talk about this. Just to make sure people are aware, we're constantly releasing new content. There's always updates coming out. We talked about a couple of Firefox zero-days. There were a number of other security updates, actually fairly light in between this month compared to most months, but Firefox, we had those zero-days in the 67.0.3, 67.0.4. Same vulnerabilities in the ESR edition, so 60.7.1 and 60.7.2. So if you haven't gotten up to the, you know, the ladder of each of those two, make sure to get yesterday's Chrome, I'm sorry, Firefox, looking at the next line there, the yesterday's Firefox release out to plug those zero-days and the additional critical updates.

Chrome did have an update between the Patch Tuesdays, one vulnerability resolved there. Thunderbird had some updates as well, four vulnerabilities, two vulnerabilities there. So again, always keep a lookout for those updates that come in between the Patch Tuesdays. A lot of those are the third party applications that threat actors are gonna target for, you know, phishing attempts, drive-by downloads, things like that. A lot of multimedia apps, browsers, things along those lines.

Next, I wanted to go into and talk about a couple of things. We are looking for people and you all fit the profile perfectly because the topic is Patch Management. So we do have a couple of major releases coming up here, and we're looking for people interested in taking a look at this. The first one that I wanna talk about is part of our Ivanti Cloud platform. It is called Patch Intelligence.

So think about the things that you come to this webinar for. You come here to understand prioritization, reconciling risk versus reliability, understanding known issues, crowdsourcing and testing of information. Those are challenges that, you know, typically are not solved by patching technologies by themselves. Well, we're taking that next step. We're going to bring the right information together in an experience where you can get this type of information more readily available to you, and I wanted to show you that.

And more importantly, I wanted to ask and see if there's anybody who's interested in this. So after I show that, I'll come back here, if you are interested, please do reach out to Helen Brown. She's one of the product managers on my team, she does an awesome job with this cloud-based feature set, and she is looking for interested parties who want to take Patch Intelligence for a test drive and give us feedback.

So let me show you guys Ivanti Cloud. I'm gonna go in here. So this is our Ivanti Cloud platform. It does a lot of other things, a lot of very cool things, and I'm just gonna show you one of those. So this is what's currently live in production for Patch Intelligence, and in a moment here, I'm gonna show you what's coming down the road for this as well, what additional things we're building out. So you can already see all of the content we released on Patch Tuesday is already live, and I'm gonna go searching for a specific bulletin.

So you'll see here we've got known issues added in. You know, we're changing the label on this here in an upcoming release. It's gonna go from comments to known issues because that's what this is really about. All of the known issues that we talked about on each of those slides during the presentation, we're gonna map those to the updates within Patch Intelligence. You'll be able to come in here, and we don't have them all in there for this month, we're gonna work on getting them pre-populated along with our content more frequently. But we actually took the five known issues for Branch 1607 today and we entered them in here.

So when Todd went through those, we talked about the known issues after installing the update, opening it or using the Windows-Eye feature. You guys heard about all that, we're putting those known issues directly into Patch Intelligence. So that's one of the key features. So you're gonna be able to get that type of information coming together. Now you're gonna have a database of all the Patch catalog that we've got. It's starting with the Windows catalog, but you can see this Windows update, or this Windows 10 update for, you know, Windows 10, 1607, and Server 2016 1607 branches have eight comments or known issues on them. There's 40 CVEs tied to it. It's a Microsoft update, it's rated as critical. You can click into that update and you can get more details about the patches themselves.

Here's the three different packages that you might get depending on which system you're on. Here's the 2016 package, the x64, and the x86 Windows 10 packages. Here's the CVEs for them with hyperlinks to that. And we're gonna be populating the CVSS data for this as well. So that's the current state of what this in. And what we'd really like your help on is not only do we want you guys to go in here, play around with this, and give us feedback on what's live, but we wanna take some of you through an experience where we're gonna show you what we're building next.

And, you know, so with that, let's see, I gotta go and relaunch this here quick so I can walk through this step by step. This is a mockup of where we're taking Patch Intelligence to. Ignore how the data is lining up. It's just a random assortment of the data lining up there. So obviously, this is a Microsoft bulletin in KB, but it's a title of Firefox. So mocked up data just to give you a concept, don't worry about that part, but you see here, known issues, we got no issues for these different updates, we've got a reliability score, and we've got a threat score.

We're going to be bringing this data together in Patch Intelligence, and we're going to be linking up to our existing patching technologies, which I'll talk about in the next conversation here on our ISeC release coming up as well. But with that, we're going to not only give you the ability to see those known issues, but you're going to be able to go in, drill into an update, you're going to be able to see those known issues, you're going to be able to see, you know, the reliability score for an update, you're gonna be able to see the threat score for an update.

These are going to be based on algorithms that we'll continue to refine as our dataset gets larger. As we get more complete CVSS data in here, as we bring in other risk elements, we're talking with a few different vendors right now to see if we can get some additional threat feeds from other vendors as well, where we can refine that threat score. We want to be able to bring in additional data about which system's in your environment. So this mockup doesn't show it, we've got some other ones that do, but there'd be a column in here showing your environment and how many of those are affected, and you'd also see you know, pure data.

So let me see if...think it's in this one. Yes, perfect. This concept here shows all of those elements coming together. So it would show you unpatched devices within your own environment. And if you go into that, there'd be other things like, you know, pure data from other environments as well. So one of the questions that always comes up is, "Oh, yeah, how many test systems can you actually test this and how does that give you a real feel for what's gonna happen when you roll out this patch to your environment?" Well, the answer to that is pretty much always, law of small numbers. You never have enough test systems.

"Well, what if out of the 10s of millions of systems being managed by Avanti's patching technologies, what if we can show you not only your systems that have deployed that patch out, but what if we can show you other systems that have deployed that same patch out?" in the first 24 hours, you might not see, you know, 10 test systems anymore because we're adding more data sets together. You could be seeing 500, 1,000, 10,000 50,000 systems that have pushed the same updates that you're trying to test against. So what if in the first 24 to 48 hours, you're not dealing with a handful of test systems anymore, but you're getting feedback on tens of thousands of test systems globally that have pushed the same update, and whether or not those have failed or had errors?

We're implementing some new technology that we've developed, we've got a patent on this pending right now, and what it's looking at is patch impact. We're gonna be trying to bring this into more and more of our products as well, where as the Patch is installing and after the patch installs, that patch impact engine is gonna look for patterns, it's gonna look for...when we install an update, we can see all the DLLs that are affected, we can also map to all the other applications that might be impacted by that.

If we start to see errors in other places like that, we can start to bring that data in, and with that data pool, now we can start to give you a more and more well-refined reliability score. We're also going to give you the ability to give feedback. So if you enter in that, "Oh, yeah, I push this update out, you know, and with that," let me go back to my other view here real quick, "with that update that I pushed out, I ran into an issue. So I want to be able to submit that known issue." You know, so I click on my new comment here, oh, that one's not wired up, but it would come up with a field that would basically allow you to type in after deploying this update, "My Citrix or my VPN software broke," and maybe I found a KB article for that. So I can put that KB in there as well as the known issue. Once, you know, that VPN application is updated, I can put that fix in place and resolve the issue.

You can also put in there if you had to roll it back. There's data in there to basically say, "Oh, yeah, I had 1,000 to 10,000 systems that were affected and I did roll the patch back." Other people can come in here and you can see known issues and you can click on and one-up that issue saying, "Oh, yeah, I'm seeing this too." Now we're able to aggregate known issues, and more importantly, we can allow you guys to come in here and socialize how broad of an impact this is. And with each data element here, this reliability score also gets reflected.

So if I've got an update with a high-risk score, and that same update has a moderate reliability score, I may have to go in and take a look at those known issues and say, "Okay, is there anything in my environment that can be affected by this? Oh, yeah, two of the known issues could be a problem there." So that's what Patch Intelligence is about. It's solving those next problems.

The biggest piece of Patch Intelligence, the fundamental experience that we're driving towards is we've got customers out there today that are managing tens of thousands of systems and they're able to achieve a 14-day SLA on security vulnerabilities being resolved in their environment. Multiple customers, we even had one of them come and speak at our keynote in Madrid at our Interchange Show this year, talking about how they're managing 66,000 endpoints globally, and they patch weekly. Anything of a security nature will get pushed out in their weekly patch cadence. It can be done but the average company still struggles to do that.

What we want to achieve with Patch Intelligence and with our patching technology, is we want to enable you, everybody, our common customer, anybody who's using our technology, we want to enable you to achieve that 14-day SLA on resolving security vulnerabilities. So that's Patch Intelligence. Again, if you're interested, we're looking for more people to take a look at this. We wanna get you engaged, get some feedback from you.

Helen is going to regret agreeing to let me do this. But Helen Brown is the product manager for this. She wants an email from you saying if you wanna be involved in this. You'll get a tenet for Ivanti Cloud, you'll be engaged with our designers and our tech leads and Helen to get your understanding of the experience and help engage with us to make sure that that experience is working well. You saw a lot of different mockups, a lot of different ways this can go, you're helping making that experience right is what we need next. So email Helen if you're interested in that one.

Now, for those of you specifically on our Patch for Windows, or what's now called Avant's Security Controls Product, this is about to enter into our early access period for 2019.2. A couple of things that we're adding in here, we added Red Hat Support in our 2019.1 release in March. This is where we're adding CentOS support. We've added some additional multi-platform reports. We've updated our report views with those Linux tables as well. Our machine view has been updated to show a combined view of Windows and Linux together. So for those of you looking at Red Hat and CentOS, this is a great opportunity for you to kick the tires here, take a look at, and give us some feedback on that.

Also, while we're working on the next release where we're going to be bringing in Mac and some other features as well, help us to identify if there's any other refinements we can make to that Linux experience as we branch out to additional flavors. We've also updated that CVE import, we've expanded our API in here as well.

I talked about Patch Intelligence and how we're going to be hooking up our existing technologies to roll data up to the cloud so that you can see it mapping into that Patch Intelligence experience. This is the release of Security Controls that's gonna open up our API. We're gonna create a connector for that. When that connector's ready, you'll be able to roll your data up from Security Controls into Patch Intelligence, see it all coming together there, and you're gonna be some of the first to help us start to populate that data.

So, for that one, Sarah Otremba is the product manager on that product line. Shoot her an email if you're interested in the early access release for 2019.2. We're planning to launch that late next week, and we're looking at a GA date of mid-August. So there's going to be a couple of weeks span there towards the end of July and into early August, where you'll have an opportunity to play with this in a test environment.

All right, now, let's get to some questions because we did have a few of them out there. The first one I'll get to is, Ken had a comment of, "What, no Adobe Flash update?" Absolutely. I know, we were surprised too. There was no Flash update this month. In fact, we were so expecting this that if you looked at our blog posts and infographics early enough, you might have caught Flash Player still on there because we expected it, we just thought it was late. Well no, it didn't release at all. So we actually had to go and pull a couple of things off of there because it didn't actually release. So yay, no Flash this month. Brian?

Brian: Hi.

Chris: What have we got for hot issues that everybody wants to know the answer for?

Brian: All right, I'm gonna get through a couple patch things, and then, Chris, I'm going to drill you with a few product questions after you showed off Patch Intelligence. So the first one was, "Hey, just checking, is BlueKeep included in future monthly roll-ups?" Yes, as long as you install some on the later monthly rollups after, what was that, May. I can't remember the month.

Todd: Yeah, it showed up in May.

Brian: Okay, good, good. Then you should good, it will be included in the monthly rollups. Of course, just monthly rollups. If you do security-only, customers asking why would you do security-only? It's kind if you want to avoid some of those known issues. If you're trying to keep that lower patching footprint, you definitely have to install the main security-only here, if you want to do that.

There was a question about how far the .NET rollup goes back. October 2016, kind of when they started the rollup system. That's a fair bet, Microsoft's not very clear on that because for every month the rollup that comes out, kind of new patches come in. For example, a 2012 monthly rollup just brought in a really old patch that it now supersedes. So it's kind of a grab bag of what it does cover. It's a great place to start and then go back if you're running on an unpatched machine.

What else? What else? Oh, there was a great question around the sim crypt [unintelligible 01:11:50], the one that's being actively exploited. [inaudible 01:11:55] on security mentioned that it affects Windows 8. It could affect Windows 8. I'm not sure if it was a typo. I haven't found any further details about that, but just kind of a heads up there, there is no patch for it, so it is only Windows 7, but I do kind of have to say I'm confused around that. I'm unsure around that one. Anything else? Not particularly. Chris, I got some questions for you now.

Chris: I see there's a lot. All right, [inaudible 01:12:30]

Brian: Is Ivanti Cloud Patch Intelligence going to be a chargeable feature or is it a free feature?

Chris: Okay, so very good question. For those of you running an Ivanti Apache solution, that would be Endpoint Managers patch module, Security Controls, or Patch for Windows as patch module, or our SCCM plugin. For all of you, we are going to be offering basically a free edition of Ivanti Cloud, that's going to come with certain feature sets. It's also going to get you access to Patch Intelligence. As a security customer, that's an opportunity for you guys to get in there and take advantage of some cool things.

More details are going to be coming on that throughout...I believe August is when we're going to start to really start to market this out. I'll get you guys more details on that on the Patch Tuesday Webinar probably, either...if we can make August, great. Otherwise it might be September before we make the announcement on here, but we will be making people more and more aware of when you'll be able to get into Patch Intelligence and the Ivanti Cloud platform.

You can go and check out Ivanti Cloud today. And, you know, if you're interested, we can even get you into our early access groups. Actually, I know a few of you on here are already in there. One of the other questions was, "I'm already a tenant on Ivanti Cloud, how do I get into the Patch Intelligence feedback loop?" So Jason, send that email to Helen and she will absolutely bring you guys into the loop on that as well.

So yeah, again, Patch Intelligence, we're creating connectors so that that data flow up into the cloud, the connectors for ISeC, is coming in 2019.2. With that release we'll release connectors shortly after. EPM has a connector already. We're working right now on expanding that connector to bring in Patch data as well. So that one, again, we're looking hopefully within July-August timeframe for that one. And then we'll hopefully be able to start bringing our EPM patch customers up to the cloud as well. SCCM, our patch for SCCM customers, we're going to be getting an update to that SCCM connector sometime after the EPM one. It's next in line after that, I believe, to bring in the Patch data there.

Yeah, okay. There was one other question about the data on that, and that was, "Do I have a choice on whether I roll data up or not?" The answer is yes, you do. No data rolls into Patch Intelligence unless you hook up that connector to be able to start rolling things up into there. If you do use that connector and roll data up into there, we basically have two different levels of data. There's the data that maps directly to your data, that's within your tenant and completely secure and not exposed to anybody else. Then there's what goes into the data lake. That is all anonymized. That data is completely GDPR compliant. There is no personal information. We don't even know which one of you that pool of data came from, you know.

We know that if there's people, you know, adding connectors in, yes, your data is technically in there but it's anonymized to the point where a Windows 10 machine, it can be from any one of hundreds or thousands of customers, we won't know. That data lake is very sacred as far as privacy is concerned, and we will guard that very, very closely. But, as you're investigating this, we can explain more about that, those details to you as well. All right, I think I got several of the questions there. What else do we got, guys?

Brian: I'm just answering a couple more. Let me see. There was one question kind of just around servicing SEC updates. I kind of wanted to elaborate on that. Basically, the question was, "Hey, what new [inaudible 01:16:30] SEC update, that's always a prerequisite?" Most of the time its not and it's kind of a little vague as to when that net new surfing SEC is a prerequisite for this new patch. In this case, the only prerequisite is for 1607 or Server 2016. You can install one of the last three surfacing SECs for the prerequisite to be sufficient. We do keep it in our patch notes. And if you do check, Patch Intelligence, shameless [inaudible 01:17:00] there, you should be able to see it ahead of time as well.

Let me see what else we have. Do you know...I don't think I have too much else outside of this. Patch Intelligence for Ivanti EPM, that will be coming out as well. Correct, Chris?

Chris: Yes, yep. So the EPM connector, there's a connector already. We'll be adding the Patch data upload in the next release of that connector, or it should be in the next release. So that'll be coming probably within...we're probably within weeks of that being available. They're working on it right now though, mapping that data into Patch Intelligence. Yes, SCCM will get...again, once we do the EPM connector, we're gonna do the same type. We've got a connector for SCCM for Ivanti Cloud already. We're going to be adding Patch data into that connector in a second phase for that connector as well. So after the EPM but next on deck will probably be that that SCCM connector getting Patch data rolled up as well.

Todd: Hey Chris, we have a number of non-Ivanti customers who have asked, can they get access to Patch Intelligence and participate?

Chris: Yes. So we are going to have...Ivanti Cloud will be available to non-Ivanti customers. There will be a subscription to buy into Ivanti Cloud. So that is something that we do have options for. Again, packaging and details about that are gonna be coming in the very near future. We're supposed to be...you know, my boss, and you know, the team that I work with, we're all working on refining those details right now. And there's an expected probably August, September launch for that type of offering being available as well.

A number of our ELA customers and our Customer Advocate Program customers are already in there. We've got over 800 active participants on Ivanti Cloud today that have been engaged with us for several months to even upwards of a year already. So there's a pretty decent chunk of customers already up there, and the latter half of this year, we'll be opening up the gates to bring a lot more on, including opening up some ability to subscribe to just Ivanti Cloud outside of any of our existing products.

So, Brian, we had the question before and it looks like you already answered this one, Sharon asked, and this one goes way back, "Is the WannaCry vulnerability included in the Windows 7 and Server 2008 monthly rollups?" To our understanding is yes, they should absolutely be included in there. So if you're up to date on your rollups across all your systems, then you should have plugged the original WannaCry RDP vulnerability, as well as the new RDP vulnerability, BlueKeep.

Brian: Yes, absolutely.

Chris: Awesome. Any other hot ones? I mean, we're...guys, I apologize. We're way over time today and I appreciate many of you staying online with us during all of this. It was a big month. I think we've got most questions directly answered. The rest seem to be more product-specific. So at this point, I am going to kind of cut things off and say that's a wrap for this month. We will have additional information coming your way.

But again, if you're interested in either of these early access or, you know, customer interaction experiences, again, Sara Otremba on Security Controls, and Helen Brown on Patch Intelligence would love to have a bunch of you guys bombard them. I'd love to have both of them come back to me later today saying, "Oh my god, why did I ask you to do this?" Yeah, we'd love your feedback, so please reach out to them. And thank you for joining us and sticking on for an extra 20 minutes this month. We'll talk to you guys all next month.

Todd: Thanks everybody.

Brian: Perfect, thank you.