Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Ivanti: June 2026 Patch Tuesday: Security Priorities & CVE Records

Ivanti
07/04/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


I'm also an engineer at Avanti, just like Maxime. So, we will be able to start this patch Tuesday of June. So, here is the usual agenda that will be carried out. We will go through a overview of the patch Tuesday of June, talk about the recent news, and then we will present the bulletins and patches of this month. We will finish with the famous section between patch Tuesday. So, let's say it right away, we are in the era of the patch apocalypse. Today, currently, in more and more vulnerabilities, the records are falling one after the other in this month of June. So, on June 3, for example, Google published a Chrome update correcting 429 vulnerabilities in a single update. Same thing from Microsoft's point of view, on Tuesday. For this patch Tuesday, Microsoft corrected 198 vulnerabilities. This is the historical record, knowing that the previous record was dated October 2025 with 175 CVEs. So, we are clearly in a tendency to increase the number of vulnerabilities and all publishers are concerned, and the rate of publication is accelerating. And why this explosion? It is the new generation of LLM tools, specialized in security, which will help discover and exploit vulnerabilities in applications faster than ever. And so, the game is accelerating on both sides, both defenders and attackers. This month of June includes Adobe updates, three critical updates, Google, a critical, five critical, one important. In addition, we also have more than 80 security updates for third-party applications, enriching hundreds of additional CVEs. For the overview of this patch Tuesday of June, I'll hand it over to André. Thank you, Maxime. I'll go to the next one. There are several exploits, Bleeping Computer, Downgrading, etc., Google Chrome, and I'll share my screen if I find the button. Where is the button? Ah, there. Ah. That was the other button. Entire screen. Share. This is the link on the support, on the PowerPoint. Microsoft warns about a failure in the defender. So, zero-deployed attacks. And if we want, we can translate it very quickly in French. That's the advantage of Google. So, there is an update this month, which dates from May already, but which is starting to be exploited on the defender. And it's quite important too, because if the attackers can use the defender in this CVE, the attackers can use the defender for a denial-of-service attack and then have privileges on the system. So, what happened here, to obtain system privileges, etc. So, it's quite important anyway, especially for the defender, it's quite important because they scan. You have to make sure if the defender can always update, because the first thing the attackers do, they stop the update of the defender, precisely to not recover the patch for the defender itself. So, be careful, if your defender can no longer update, maybe you are already introduced with an attacker. The second, the 0D, so Spark Backlash, in fact, a researcher had published the 0D of Microsoft and Microsoft wanted to attack it in court, but the community of researchers on DeFi hit Microsoft a little and said, no, you can't do it, you must above all not attack the researchers, but above all make sure you remove patches or repair the code that has no vulnerability. So, that's quite interesting to read, it's quite long, but it's interesting because it still shows that Microsoft says, yes, we know that there is a vulnerability, but we wanted to have it silent to be able to make a patch. Now we need to speed up this process, but for me, it's normal that if we find a bug, we first inform the editor and if the editor doesn't move, we publish the bug and then the editor has to react. On Chrome, there are also a lot of exploits and patches, so this time, with a fairly high CVSS score, we also saw on Chrome and Firefox and other browsers that the patches come out almost all the time, so they no longer wait for the 2D patch, it's almost a continuous patch and we will have to enter the system more and more that we also have to patch all our systems continuously, because with artificial intelligence, the hacker will use AI to be able to find bugs and there are some bugs that he finds that are very old, almost 20 years old, and he will also use natural intelligence to create exploits to hack systems. Don't worry, editors also use artificial intelligence like Ivanti and other editors, precisely to test the logic in the same way and we try to be a little more reactive and proactive so that we detect a bug before the hacker detects it and we can fix it before. Knowing that patches and vulnerabilities come out faster, they are detected faster too, we have to patch faster too. Now the average between a published vulnerability and an exploit is about 5 days. So if there is a published vulnerability, 5 days later, some hackers already have an exploit to optimize their attack. So 5 days is very short. I know companies that have a patching cycle of 2 weeks, 3 weeks, 1 month, on certain things and that's enough. So for that, you need to know your package, you need to know what are the installed logic and you also need to prioritize the patches. So at Ivanti, we use the CVSS score, so the CVE score, but also a dynamic score called VRR which will be calculated on average, so let me show you, so the score is calculated not only by the CVSS, the CVE, but also if the vulnerability was exploited directly. Do we see a lot of exploits, a lot of things on the darknet, etc. Does OWASP show in the OWASP list, etc. Both together, all these criteria together, will give a score that is dynamic. So CVSS can be classified as low, but with all the rest, they can be classified as very high. And we will go a little further, we will look, ok, maybe it's a very high score, but maybe this logic is used on one or two machines. And if it's used for a lot more machines, in this case we have a maximum VRR of 10. So this is a prioritization of patching that you need to think about, because every patch, patch invisible, which is not very vulnerable, we patch it, but it's not the urgency. The urgency is the vulnerability that is actively exploited by the hackers, because it's there that you have the greatest risk. So when we look at it, there is a security update guide from Microsoft, so if you want, you can look in detail at the CVE. There is another site that is very interesting, it's at the level of the patch Appaloosa. So this is only for the Microsoft patch, so it's a Microsoft site, it's Microsoft that manages it, and there we can see on the CVE of Microsoft what came out. So there are 700 CVEs already published this year, not just this time, but this year. And if we look at the year 2025, most of them were 1,000-1,100. So we really see an explosion of CVEs since the beginning of this year, and it's not going to end at the end, so we think it's going to be much higher here, because artificial intelligence does that, and that's only for the Microsoft patch. There are other sites on French, in France, that you can also see what is the trend of this graphic on all patches, so not just Microsoft, but all patches for secret editors. And we see the same style of graphics. In our presentation, there is also a slide that Chris Cuttle, our colleague at the US, did himself, because he used artificial intelligence to create this slide to see on some editors, not all, but some, what are the CVEs patched since this year, and he still shows the same style of graphics on the slide. OK, I'll stop now, I'll go back to the slide. How do I start it? We were here, so it's this slide by Chris Cuttle, so he created a patch release tracker using artificial intelligence, and here we see the same style of graphics. Here he used only a few editors, so Firefox, Chrome, Acrobat, Windows, Edge, but not all, but we see everywhere an explosion of CVEs. OK. Your turn, Maxime. It's my turn. Thank you, André. So, let's continue after this little news with the three vulnerabilities that Microsoft publicly revealed during this June 2nd patch, three vulnerabilities publicly revealed. Microsoft corrected them in the OS update on Tuesday, and of course, this update of the Microsoft OS is our number one priority this month. Once again. 30 vulnerabilities as well this month, which is clearly a rise in the number of corrected CVEs on Microsoft products as I said in the introduction. So, for the first vulnerability that we see here, publicly disclosed, it's a vulnerability on the Windows Collaborative Translation Framework. So, the operating code of this vulnerability has not been made public. That's good news. But be careful, because even without a published code, the disclosure of a vulnerability can contain enough information for hackers to understand and look for us. This is especially the case of people who have become vulnerable, for example, in this month of June versus the month before May. By comparing the two, they will identify the areas that have been modified by Microsoft and focus on those areas to try to find the vulnerability. So, whether or not the operating code of the vulnerability is published or not, it only saves a few hours or a few days The risk is therefore high if this vulnerability is exploited. An attacker can obtain system-level privileges, in other words, total control over the machine. We note a CVSS score of 7.8. This is also important. The second publicly disclosed vulnerability is the CVE-2026-49-160. It's a service denial flaw in HTTP.1.6. It's the component of the Windows core that manages the HTTP protocol. It is used by 2IS and many Windows applications. What is worrying with this vulnerability is that it is exploitable remotely via the network without any required privileges and without user interaction. An unauthenticated attacker can send HTTP traffic without any availability of the service denial. We have a CVSS score of 7.5 here. This vulnerability was discovered by an AI tool. This is another example. It's a strong signal. As we said from the beginning, the AI is now used by researchers and cyber-attackers to find flaws. This is an example No code of exploitation has been published yet. But a significant amount of technical information has been disclosed. The risk is high, especially for any organization using web services. The third publicly disclosed vulnerability is patched by Microsoft this month. It concerns a bitlocker bypass. The disk encryption integrated in Windows. This one, unlike the other two vulnerabilities I mentioned has a proof-of-concept code that is public. This requires significant risk. We have access to proof of how to use this vulnerability. This vulnerability allows an attacker with physical access to bypass BitLocker and access the encrypted data on the disk. No need for credentials or user interaction to do it. It's a CVSS score of 6.8 This is exactly the scenario you can imagine. No need for credentials or user interaction. It's a nightmare scenario for any company. If you have a laptop that is lost, stolen, or simply left unguarded, the attacker takes the device, isolates it from the network, and starts it. Thanks to this vulnerability, it can bypass BitLocker and access the protection mechanism of the TPM that releases the encryption key. For the three disclosed vulnerabilities that have been corrected in the OS update of Windows this month, the priority is to update the browsers, Chrome and Edge, and your OS, the priority of this month. I'll leave it to André. Regarding Linux, I don't know if you followed, but there is a bug in the Linux kernel that has existed for a long time and affects almost the entire industry. It is highly recommended to update the kernel. There are already patches available for almost the entire industry, but you have to update the kernel or disable a certain kernel plugin. There are articles on the Internet that talk about this. Knowing that it also exists on Linux, so Linux is not all clean either. There is also CVE on Linux. Here, for example, there is a problem on the Samba SIP system. If someone uses a script, he can use code in the script to access the system or block the printer or block the system, etc. This is information that we have from our partner called TuxCare. We have a partnership with TuxCare. They provide us all the information on Linux, etc. Yes, I have to click on next. Another vulnerability on Nginx Rift, an open source. If you use this on your system, if you have the library installed, version 1.30, the CVS score is 8.2, still quite high, and you have to patch it because the access is through the ASLR, which allows remote code execution, and if you execute remote code on a system, you have to do everything. Quite interesting. There is also mitigation, so how do you fix it? Quite simply, update it. 1.30 to 1.31. Normally, on Linux, if you do an update and update and upgrade, automatically, they have to recover it if you have the right repository configured. And the other on Linux is the CIFS switch, which is used a lot in most Linux districts, because CIFS is the file system, and it is also a kernel module, so if you don't need the CIFS utility, it is disable or block the kernel module. Here, it is the same, you have to block the kernel module, and you have a link on the support that gives you exactly what to do, etc. on this file. But Linux, there are some, but there are still some. We will see that later in the bulletin too. There are bulletins for Windows, but also for Linux. Thank you, André. We continue, we now move on to security updates for Ivanti. As you know, Ivanti now follows a monthly rhythm, like the Tuesday patch, to publish patches and correct some vulnerabilities. This month, for those of you who use Ivanti Endpoint Mobile Manager, or also Ivanti Sentry, the gateway associated with our Modern Device Management products, updates have been published for these two products. Each update corrects two vulnerabilities. Nothing is actively exploited at this stage, but these are important security updates anyway, so take into account if you use these solutions, Ivanti Endpoint Manager Mobile and Ivanti Sentry, which is the gateway associated with our Modern Device Management solutions. Let's move on to the end of support for Windows 11. No new notifications this month. We can see here editions that are approaching their end-of-support date, in terms of the closest end-of-support date. October 13, 2026, with the 24H2. November 10, November 10, 2026 for Windows 11 Enterprise and Education with the 23H2. But nothing very close for now. On another subject, we also discussed a few months ago the extended support for Windows Server 2016, the extended support for this version of Windows. Good news, everything is ready for those of you who are preparing and have the ESU for Windows Server 2016. You can now contact us to plan and maybe budget the activation of ESU content in your Ivanti environment. In short, if you are a client of Ivanti Neurons Patch or EPM Patch or Security Controls, and you plan to continue running Server 2016 beyond its end-of-support date, while subscribing to the Microsoft ESU coverage, you will also be able to benefit from the ESU update via the Ivanti products. You need to contact Ivanti to activate the budget. We can see here the last line, Windows Server 2016, which has a mainstream support end in 2022, and the ESU which will be released in 2027. You don't have to worry about it. Let's continue. There is also a tool update here. On the service-in-stack side, a single update was published in June 2026. It only concerns Windows 10. It's the only service-in-stack update of the month. And we end this part of the news with a reminder. On the Ivanti Hub site, there are many announcements. Please refer to the different categories that correspond to the products you have at Ivanti, for example, or to the OS you are interested in to stay up to date and have content notifications added to the Ivanti community site. Let's move on to the bulletins. Just a remark about the Windows 10 patch, because Windows 10 is officially no longer supported, but despite that, Microsoft still released a patch for Windows 10. It's quite interesting. It means there is still a need to patch your Windows 10 if you still have it. For the bulletins, there is one on Google Chrome marked High. Why is it marked High? Because the CVE 2611645 is exploited. It means it's a file that is actively used by the hacker. But this bulletin contains 74 vulnerabilities. If you click on the link, you have a list of all the 74 vulnerabilities that Google patches in this case. Also, it needs a restart, a reboot, especially the application. If you apply the patch, the hacker will close the application or you have a patch after the patch application that will kill the touch probe to restart it. Adobe also released a few patches. InDesign is critical. If you have InDesign in your portfolio, we advise you to update it. It is critical, but it is not yet known to be exploited in the wild. It is still exploited critically because the file was published. You just need to find a way to exploit this file and it will compress your system. The same for Adobe InCopy. It is also critical. All the products affected are InCopy 21.3 and 20.5.3. There is also a link on the information on this file. The impact is Code Execution. They can execute anything. If you apply the patch, you need to restart the application. Excuse me. Acrobat Reader is probably one of the most used applications by Adobe. Acrobat Reader is free and used by a lot of people. Not only in business, but also in private. Make sure you update Adobe Reader. Maxim Shevet is critical. It is not yet actively used. But the update has 20 vulnerabilities. Out of 20, 15 are classified as critical and 5 are important. It is an important update for Acrobat Reader. It also requires a restart. Windows 11 There is also a Windows 11 update. 2023, H2, 2024, 2025, 2026, H1. And even server 2025 for H Chromium. Since there are a lot of patches in Chrome, it is logical in H Chromium that you have direct patches with 116 vulnerabilities that repair. And there are 3 that are actively used. It is important that you patch anyway. ADR publicly disclosed means that they are known. For now, they are not actively used but since they are known, it is just a matter of time for them to be used. So, there is a problem that we have seen that dates from what we have already seen before, but Windows Update Services does not go back to synchronization details. It is a reporting error. It is not a functional error. If you apply the patch, you may have a reporting error on WSUS, but know that the patch is still applied on your system. I continue with the LTSB branch of Windows 10. LTSB are the editions that continue to receive updates of the OSU program of Windows 10. Of course, if you also have a version covered by the OSU of Windows 10, you will also receive these updates. This patch covers Windows 10 LTSB, Server 2016, Server 2019 and Server 2022. We have a maximum severity that is critical. In total, we have 104 vulnerabilities corrected in these updates and we still have the same three vulnerabilities publicly disclosed, which I talked about at the beginning of the session. Impact, large spectrum, code execution at a distance, service identity, privilege elevation, etc. Of course, this requires a restart once the update is installed. However, there is a persistent known problem linked to BitLocker that seems to be in the head before deploying. It's on Windows Server 2022. According to Microsoft, some devices with a configuration of non-recommended BitLocker policy group can be invited to grab their BitLocker recovery key at the first restart after the installation of the update. We see the same problem on Windows 10 2022 H2, LTSC 2021 and LTSC 2021 too. The same BitLocker problem can occur. If you have BitLocker posts with BitLocker enabled, check the GPO configurations before deploying. Otherwise, you risk having your users blocked on the BitLocker recovery screen at the start. Take this into account. Outside of Windows operating systems, there is no title of the slide. I will tell you in parallel. There is a display problem here. This is the security update for Microsoft Office. Microsoft has clearly highlighted 26 vulnerabilities corrected in the standard Office suite. This is an unusually high volume. The interesting point is that Office 2016 continues to be updated even though it is officially end-of-life since October. Microsoft continues to publish updates. This is what is noted here. Why? Simply because a lot of users continue to use Office 2016 as a standalone version. So, for 26 vulnerabilities for this Office update, I will also tell you the title of this one. Always in Office, it is Security Updates for Microsoft 365 Apps, online and subscription versions. We are talking here about Microsoft 365 Apps, LTSC 2021 and 2024 versions, and also Office 2019. Office 2019 which is also end-of-life but also receives updates. This update corrects 32 vulnerabilities. It is also critically ranked, so a lot of CVEs are quite critical themselves, individually. The good news is that no vulnerability is exploited or disclosed publicly on Office. No known problem reported, a simple restart of the application is enough. You still have to install it well, but there is no known failure and no vulnerabilities are disclosed. Let's continue. Still no title. It is Security Updates for SharePoint Server. The treatments linked to the SharePoint Server Office. This month, it is 30 vulnerabilities corrected. Always critically ranked. The three versions supported by SharePoint are SharePoint Substitution Edition, SharePoint Enterprise 2016 and SharePoint Server 2019. And finally, we have a rather rare update. It is an update for Action Server this month. The latest security update for Action Server dates back to August. It's been several months since we had a correction for Action Server. This time, it is 7 vulnerabilities corrected. The only version actively supported today is the Exchange Server Subscription Edition. But several old versions are still covered by the OSU program and have also received updates. If you run older versions of Action Server, it will monitor and update by the OSU program. That's it for the release list of this Patch Tuesday. We will continue with our last section, which is Between Patch Tuesday. What happened between the May and June Patch Tuesday? Because all publishers do not follow the pace of Microsoft to publish vulnerabilities and associated corrections once a month. There is a lot of activity this month, as André said. We are in an era where there will be more and more vulnerabilities discovered, and we hope to patch these vulnerabilities. For this Between Patch Tuesday part, we make three groups of updates. We mainly list security updates with CVEs. Then you have a list of security updates but without associated CVEs. Then there are updates that are not security, such as bugfix or other updates functionality. If we go into detail, we have Google Chrome which published two updates, one of 16 vulnerabilities and the other 75. We also have Docker for Windows. We also have a lot of vulnerabilities. Version 151 had 31 vulnerabilities. ESR 20 vulnerabilities. We have found FauxdeSite, FDF, Golang, NTD, JD. They have a vulnerability. We do not re-note++ which had a bit of a problem in terms of updates. Recently they changed their update system so there were two versions of their release correcting all three vulnerabilities. We find at Mozilla the Thunderbird with 29 vulnerabilities to have 151 to correct. Then we also go to Apple. I'll let André finish on the Apple part. On Apple, we find more or less the same patch style as on Windows. There are some products more Mac-oriented than Windows, like PyCharm Professional, etc. But in terms of updates, it's more or less the same style as Benetton with the same update style. Firefox is the same. Firefox and Mozilla have released a lot of updates and they are starting to follow the same technology, the same strategy as Google. That means they are almost releasing continuous patches. As soon as there is a vulnerability detected that is ready to be patched, it is published and you can retrieve it. That's why between the two patches, Tuesday, you also find patches of these applications continuously. So, Firefox, ESR, Edge, Teams, PyCharm, these are all vulnerabilities and patches between the two Tuesday patches. If you don't always follow the Tuesday patch, you have to roll out patches every month, knowing that for a month you can be vulnerable to products like this one. So, the Tuesday patch is good for Microsoft because Microsoft only releases monthly, but in the future it may change as well. For Thunderbird, there was also an update of Notepad++. Notepad++ changed the way they updated their update technique and there was also a problem that some updates were not hosted on the right site. So, there were some updates that were hosted on the wrong site, that were not correct, so they fixed that and because of that, I don't know if you saw, but our patching product couldn't really patch Notepad++ because we couldn't download the updates. So, that's normally fixed now. If that happens to you, you can always do a sideload, download the patch yourself and include it in our patch solution to distribute it. Are there any questions? I didn't check if there are any questions. No, there are no questions. There are no questions. So, if you have any questions, don't hesitate, otherwise you can always ask us if you have any questions about patching. Knowing that, little by little, our product, especially on our cloud platform, we are going to change the patching strategy to have what we call compliance, so we are going to say that this product and this post are critical, they must be patched with compliance and as soon as a patch comes out, we are going to patch it. Of course, it won't work without a risk, because some patches can have a problem in terms of production, but this risk is less important than a hacker putting a ransomware on your device, for example. So, security is always a balance between risk and vulnerability and operability. There is no zero risk, but we are going to try to close the gap between the problem and the solution as soon as possible. As I said at the beginning of this patch Tuesday, on average, it's five days now. So, think about your strategy. Patching once a month is not really enough. If there are no other questions, Maxime, do you have anything else to add? No, very good. The last word was perfect, André. Thank you all. The last slide is not modified. Patch Tuesday, you can also find it on YouTube in English, the original. We copied it a little to another source because they talk a lot, to not necessarily say a lot of things. We try to be a little more effective on that. But Chris and Todd, they all do Patch Tuesday in the US. If you want, you can also look at the English version. And with that, I wish you a good end of the day. Good day to you all. Goodbye. Thank you.

TL;DR

  • Microsoft set a new Patch Tuesday record with 198 CVEs corrected in June 2026, surpassing the previous record of 175 set in October 2025, while Google patched 429 Chrome vulnerabilities in a single update.
  • AI-powered LLM tools are accelerating vulnerability discovery and exploitation on both sides of the security equation, compressing the average time from CVE publication to active exploit to just five days.
  • A Microsoft Defender vulnerability originally disclosed in May is now being actively exploited to escalate privileges to SYSTEM level — organizations should treat Defender update failures as a potential indicator of compromise.
  • Linux administrators must urgently patch the NGINX RIFT library (CVSS 8.2, remote code execution risk) and the CIFS kernel module, with guidance sourced from Ivanti's TuxCare partnership.
  • Ivanti now supports Windows Server 2016 Extended Security Updates through its Neurons Patch, EPM Patch, and Security Controls products, with customers needing to contact Ivanti to activate ESU coverage ahead of the 2027 deadline.
  • Monthly patching cadences are no longer adequate given the five-day exploit window; Ivanti's cloud platform is moving toward compliance-based continuous patching to reduce exposure time.

Record-Breaking Vulnerability Counts in June 2026

This French-language Ivanti Patch Tuesday session for June 2026 opens with a striking observation: the industry is entering what the presenters call the 'era of the patch apocalypse.' Google released a Chrome update correcting 429 vulnerabilities in a single release, while Microsoft set a new historical record by patching 198 CVEs in a single Patch Tuesday — surpassing the previous record of 175 CVEs set in October 2025. The presenters attribute this acceleration to the rise of LLM-based security tools that help both defenders and attackers discover and exploit vulnerabilities faster than ever before. Beyond Microsoft and Google, the June cycle includes three critical Adobe updates, multiple critical Google updates, and over 80 security updates for third-party applications, adding hundreds of additional CVEs to the monthly workload.

Key Vulnerabilities and Actively Exploited Threats

André and Maxime walk through the most pressing vulnerabilities of the month, emphasizing that actively exploited flaws must be prioritized above all others. A notable concern is a Microsoft Defender vulnerability — originally disclosed in May — that is now being actively exploited. Attackers can leverage this flaw to trigger a denial-of-service condition and escalate privileges to SYSTEM level. The presenters warn that one of the first actions attackers take after compromise is disabling Defender updates, so organizations should treat a Defender update failure as a potential indicator of compromise. On the Linux side, critical patches are highlighted for the NGINX RIFT library (CVSS 8.2, enabling remote code execution via ASLR bypass), the CIFS kernel module (used widely across Linux distributions for file sharing), and a Samba SIP vulnerability. Linux patch intelligence is sourced from Ivanti's partner TuxCare.

Ivanti Product Updates and Windows End-of-Support Planning

The session covers Ivanti's own monthly security cadence: updates were published for Ivanti Endpoint Manager Mobile and Ivanti Sentry, each correcting two vulnerabilities with no active exploitation reported at the time of release. On the Windows lifecycle front, no new end-of-support notifications were issued this month, though Windows 11 editions with upcoming deadlines in late 2026 are flagged. Importantly, Ivanti announces readiness to support Windows Server 2016 Extended Security Updates (ESU) through its Neurons Patch, EPM Patch, and Security Controls products — customers planning to run Server 2016 beyond its mainstream support end date should contact Ivanti to activate ESU coverage before the 2027 deadline.

Third-Party Patches and the Case for Continuous Patching

The session closes with a review of third-party application patches, including Mozilla Thunderbird (29 vulnerabilities corrected to version 151), Notepad++ (which recently changed its update hosting infrastructure, temporarily breaking automated patching — now resolved), Firefox ESR, Microsoft Edge, Teams, and PyCharm Professional. The presenters note that browsers like Chrome and Firefox have effectively moved to continuous patching, releasing fixes as soon as vulnerabilities are confirmed rather than waiting for monthly cycles. This shift challenges organizations that rely solely on monthly Patch Tuesday cycles. The closing message is direct: with an average window of just five days between vulnerability publication and active exploitation, patching once a month is no longer sufficient. Ivanti's cloud platform is evolving toward compliance-based continuous patching to help close this gap, balancing patch risk against the far greater risk of ransomware or system compromise.

Chapters

0:00 - Introduction and Agenda
0:35 - Patch Apocalypse: Record CVE Volumes
1:45 - June Overview: Adobe, Google, Third-Party
2:09 - Recent News: Defender Exploit and Zero-Days
18:07 - Linux Vulnerabilities: Samba, NGINX, CIFS
21:01 - Ivanti Product Security Updates
21:53 - Windows End-of-Support and ESU Planning
36:21 - Third-Party Patches: Mozilla, Apple, Notepad++
39:57 - Continuous Patching Strategy and Closing

Key Quotes

0:37 "We are in the era of the patch apocalypse."
1:03 "Microsoft corrected 198 vulnerabilities. This is the historical record, knowing that the previous record was dated October 2025 with 175 CVEs."
1:27 "It is the new generation of LLM tools, specialized in security, which will help discover and exploit vulnerabilities in applications faster than ever."
4:17 "Be careful, if your defender can no longer update, maybe you are already introduced with an attacker."
41:01 "On average, it's five days now. So, think about your strategy. Patching once a month is not really enough."
40:27 "Of course, it won't work without a risk, because some patches can have a problem in terms of production, but this risk is less important than a hacker putting a ransomware on your device."

FAQ

Why is patching once a month no longer considered sufficient?

According to the presenters, the average time between a vulnerability being publicly disclosed and an active exploit appearing in the wild is now approximately five days. A monthly patching cycle leaves organizations exposed for up to 25 additional days after an exploit becomes available, making continuous or at minimum bi-weekly patching essential for high-risk systems and applications.

What should organizations do if Microsoft Defender stops updating?

The presenters warn that one of the first actions attackers take after gaining access to a system is to stop Defender from receiving updates — specifically to prevent the Defender patch itself from being applied. If Defender can no longer update, organizations should treat this as a potential indicator of compromise and investigate immediately rather than assuming it is a routine technical issue.

How can Ivanti customers benefit from Windows Server 2016 Extended Security Updates?

Ivanti has confirmed readiness to deliver Microsoft's Extended Security Updates (ESU) for Windows Server 2016 through its Neurons Patch, EPM Patch, and Security Controls products. Customers who plan to continue running Server 2016 beyond its mainstream support end date and who subscribe to Microsoft's ESU program should contact Ivanti to activate ESU content delivery within their Ivanti environment before the coverage window closes in 2027.


Categories:
  • » Webinar Library » Ivanti
  • » Data Protection » Backup & Recovery
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Vulnerability Management
  • Security Operations
  • Data Protection
  • Patch & Remediation
  • Best Practices
  • Webinar
  • Patch Tuesday
  • Microsoft Security Updates
  • Chrome and Browser Patching
  • Linux Security Patches
  • AI in Cybersecurity
  • Windows End of Support
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Ivanti: June 2026 Patch Tuesday: Security Priorities & CVE Records

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting an Elite Security Team to Achieve Championship-Level Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-an-elite-security-team-to-achieve-championship-level-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Innovations in Data Privacy and Digital Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-innovations-in-data-privacy-and-digital-protection/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting an Elite Security Team to Achieve Championship-Level Defense

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        21

                        HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

                        07/21/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version