Skip to main content
Monthly Archives

February 2016

Syxsense Wins 2015 Cloud Computing Product of the Year Award

By Awards, NewsNo Comments

Verismic, the creator of the industry-acclaimed Syxsense , is honored to be named a winner of the 2015 Cloud Computing Product of the Year Awards. Presented by Cloud Computing Magazine, the award honors vendors with the most innovative cloud products and services brought to market in the past year.

“We are proud of this latest recognition of our strategy,” says president and CEO Ashley Leonard. “Verismic is committed to helping IT teams of all sizes efficiently manage their environment.”

Syxsense is the first cloud-based IT systems management solution that requires no software agent on end-user devices, eliminating the need for IT managers to maintain on premise solutions. Deployed in 30 minutes, CMS is customized for any business model. Clients can discover and inventory their entire IT environment, distribute software across locations, and identify recently added applications. The software also features a self-upgrading capability, lowering IT costs and minimizing additional labor.

[vc_single_image image=”6399″ img_size=”medium” alignment=”center”]

“Recognizing leaders in the advancement of cloud computing, TMC is proud to announce Syxsense as a recipient of the Cloud Computing Product of the Year Award,” said Rich Tehrani, CEO, TMC. “Verismic Software is being honored for its achievement in bringing innovation and excellence to the market, while leveraging the latest technology trends.”

TMC — the publisher of Cloud Computing Magazine — has honored technology companies with awards in various categories for more than 20 years.

Verismic’s Syxsense Includes New User Interface

By NewsNo Comments

Verismic has launched a sleek, more focused user interface for its award-winning Syxsense and two new features: multisite vRep and patch grouping. Hailed byMSPmentor.net as “the first and only endpoint device management software that requires no software agent on end-user devices” and defined by Network Computing Magazine as “a refreshing new approach to endpoint management which does away with the excess baggage associated with traditional solutions,” the award-winning all-in-one cloud-based software simplifies endpoint management, reduces costs and boosts productivity.

“The new UI and these latest updates allow our clients even more immediate access to all the functionality they use every day,” says Verismic president and CEO, Ashley Leonard. “Our team is meeting our clients’ needs by seamlessly updating their environment to be more interactive and intuitive so they can confidently and conveniently manage their IT needs today and into the future.”

[vc_single_image image=”8183″ img_size=”medium” alignment=”center”]

Verismic’s cloud-based IT management software is an easy-to-install and easy-to-use solution that can meet the needs of one-person IT shops, larger IT teams and managed service providers (MSPs) alike. It is accessible from any supported web browser with no software to install.

Verismic made additional room in the new user interface for more innovative features down the road, paving the way for clients to be more proactive in their IT management. Along with the streamlined user interface, recent updates to CMS include these two main features:

  • Multisite vRep, which allows clients to complete tasks like patch updates or deploy software to sites that cannot see each other due to isolated subnets or conflicting IP address ranges. Clients have control over which virtual representative handles each environment from a single dashboard.
  • Patch Grouping, which was developed to increase clients’ efficiency. It allows clients to bring together a large list of patches into one group and treat them as a single unit that clients can reuse whenever necessary.

Read the full article on SYS-CON Media’s Cloud Expo Blog.

|||

Microsoft Edge: A Poison Pill?

By News, Patch ManagementNo Comments

With March just around the corner, now is a good time to get a head start on spring cleaning. Updating your customers’ Microsoft software should be at the top of your list.

This month’s Patch Tuesday brings 13 bulletins that resolve more than 40 vulnerabilities. Of these 13 bulletins, six are rated “critical,” with the remainder rated “important.” Extra vigilance is critical, and end user education is strongly recommended. This month, seven vulnerabilities are marked as Remote Code Execution; these exploits seek to trick employees into downloading innocent-looking viruses. We had seven of these vulnerabilities last month, too. Make sure you warn customers that their employees are the target du jour.

This month’s patch release highlights some ongoing Microsoft product instability issues — many of which are being discovered by competitors, including Google, many of which now have dedicated teams specifically focused on vulnerability assessment.

[vc_single_image image=”7532″ img_size=”medium” alignment=”center”]

For example, we now see MS 16-009 patching IE9: Has Microsoft made a U-turn after announcing only last month that pre IE11 versions are being deprecated? This move could have come as a result of the “Google vs. Microsoft: Game of Flaws” article written by Kaspersky last month. The article revealed that Google stuck to its 90-day disclosure rule and informed Microsoft of a vulnerability only two days before its Patch Tuesday releases, much to the annoyance of Chris Betz, senior director of the Microsoft Security Response Center.

MS 16-022 also makes an appearance in this baseline. It is reported to solve over 20 individual fixes and should be earmarked as a priority, says Wolfgang Kandek, CTO of Qualys. “MS16-022 leads our priority list at Qualys for this month, but none of the vulnerabilities described is in the use in the wild,” says Kandek.

Microsoft Edge: A Poison Pill?

Microsoft Edge was released in October 2015, along with Windows 10. While Microsoft considers Edge its flagship browser, it hasn’t seen widespread enterprise adoption yet. That doesn’t, however, mean Edge isn’t installed on plenty of desktops.

Many companies believe that if an application is not in use then it does not need to be patched. Wrong. Industry research found that 80 percent of vulnerabilities were exploited after IT departments stopped patching software they were done using. Companies that have Microsoft Edge installed are leaving themselves exposed to an attack, even if employees are not using it.

And note that often it is not the program that is vulnerable, but the binary files within the operating system, says James Rowney, service manager for Verismic. “For the last four months the Edge browser has on average more updates than IE,” says Rowney. “And, since the pre IE11 updates were deprecated last month, we would highly recommend the Edge update be considered as a priority even if you don’t use it.”

We highly recommended that you deploy all the critical vulnerabilities at your earliest convenience, with particular emphasis on MS16-009, MS16-011, MS16-015 and MS16-022 in this priority order. This recommendation is justified by combining the vendor severity, vulnerability impact and expected exploits.

The independent CVSS scores used below range from zero to 10. Vulnerabilities with a base score in the 7.0 to 10.0 range are High, those in the range of 4.0 to 6.9 are Medium, and zero to 3.9 are Low.

Bulletin ID Description Impact Restart Requirement Severity Rating
MS16-009

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploits this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Remote Code Execution Requires restart Critical
MS16-011

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Remote Code Execution Requires restart Critical
MS16-012

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Microsoft Windows PDF Library improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. However, an attacker would have no way to force users to download or open a malicious PDF document.

Remote Code Execution May require restart Critical
MS16-013

This security update resolves vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Remote Code Execution May require restart Critical
MS16-014

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.

Remote Code Execution Requires restart Important
MS16-015

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Remote Code Execution May require a restart Important
MS16-016

This security update resolves vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses the Microsoft Web Distributed Authoring and Versioning (WebDAV) client to send specifically crafted input to a server.

Elevation of Privilege May require a restart Important
MS16-017

This security update resolves vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an authenticated attacker logs on to the target system using RDP and sends specially crafted data over the connection. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.

Elevation of Privilege Requires restart Important
MS16-018

This security update resolves vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. A reboot is required to complete this update.

Elevation of Privilege Requires restart Important
MS16-019

This security update resolves vulnerabilities in Microsoft .NET Framework. The more severe of the vulnerabilities could cause denial of service if an attacker inserts specially crafted XSLT into a client-side XML web part, causing the server to recursively compile XSLT transforms.

Denial of Service May require restart Important
MS16-020

This security update resolves vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS server, causing the server to become nonresponsive.

Denial of Service May require restart Important
MS16-021

This security update resolves vulnerability in Microsoft Windows. The vulnerability could cause denial of service on a Network Policy Server (NPS) if an attacker sends specially crafted username strings to the NPS, which could prevent RADIUS authentication on the NPS.

Denial of Service May require restart Important
MS16-022

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Remote Code Execution Requires restart Critical