Skip to main content
Monthly Archives

June 2017

|

Turn Off Auto-Updates: July Third-Party Patch Update

By News, Patch ManagementNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

You Need to Turn Off Auto-Updates Now

It’s been reported that MeDoc, a third-party accounting software, is the source of the latest global ransomware attack. Security experts say accounting program provider MeDoc was breached and the NotPetya ransomware was spread via forced automatic updates. This new attack, given the title ‘NotPetya’ by Kaspersky, has so far been detected in Poland, Italy, Germany, France, the US, the UK, Russia, and Ukraine. This is yet another global ransomware event within a month.

While patching is vitally important, many recent attacks have seen successes against Microsoft Software, which is much more likely to be kept up to date than third-party content. Third-party software tends to be left for last, or forgotten about, and could pose a greater vulnerability to your systems.

NotPetya has highlighted the danger of relying on auto updates to secure your operating systems and third party applications. CMS has always recommended disabling auto updates in apps and OS to allow you to properly test, pilot and control distribution of updates.

[vc_single_image image=”12386″ img_size=”200×200″]

Over the years, Microsoft has released many defective updates causing errors and blue screens, leading to cumbersome patch recalls. Typically, patches do not go through the same level of testing as a full software release, which creates risk for your business.

Systems Management best practices is to test patches on all images, then use a controlled, staged distribution. With CMS, creating a strategic deployment is rapid, reliable, and stable. We have the leading library of third-party vendors and are always adding more based on customer recommendations.

Turn off auto-updates and trial Syxsense today!

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_separator]

Third-Party Updates

Every month we see a bevy of new third party updates, and are always enhancing our library of supported vendors. Special requests and additions are welcomed. This month’s releases include:

 

 

Product Category Patch
Chrome Web Browser Chrome_v59.0.3071.115
Wireshark Network Protocol Analyzer Wireshark_2.2.7
Firefox Web Browser Firefox_v54.0
Thunderbird Email Client Thunderbird_v52.2.1
Glary Utilities PC cleanup Glary_v5.78
AIMP Audio Player AIMP_v4.13.1897
LibreOffice Document Manager LibreOffice_v5.3.4
ImgBurn Image Burner ImgBurn_v2.5.8.0
Trillian Instant Messenger Trillian_6.0 Build 59
Notepad++ Source Code Editor Notepad++_7.4.2
Citrix Receiver CitrixReceiver_v4.8

 

 

Patch Details
Chrome_58.0.3029.140 Includes bug fixes, security updates, and feature enhancements.

However, the following devices are NOT live with this update.
Acer Chromebook 11 (C730 / C730E / C735)

AOpen Chromebox Commercial

Dell Chromebook 11 (3120)

Enguarde based 11″ Chromebooks

HP Chromebook 11 2100-2299 / HP Chromebook 11 G4/G4 EE / HP Chromebook 11 G3

HP Chromebook 14 ak000-099 / HP Chromebook 14 G4

Lenovo ThinkPad 11e Chromebook

 

Wireshark_2.2.7 Bug fixes and updated protocol support

 

Firefox_54.0 Added Burmese locale. Added support for multiple content processes (e10s-multi). Simplified the download button and download status panel. Various security fixes.

 

Thunderbird_52.2.1 Fixed: Problems with Gmail (folders not showing, repeated email download, etc.)

 

Glary_v5.78 New UI and enhancements

 

AIMP_v4.13.1897 Common: localization have been updated

Audio Converter: special build of LAME codec with unicode file names support has been added

Fixed: Sound Engine – some scrunchies can be heard when stopping playback by closing the application

Fixed: Sound Engine – app hangs on lost the audio focus if DirectSound method is used for output

Fixed: Playlist – playlists with relative paths in AIMPPL4 format are imported incorrectly if file path is started form + or – character

Fixed: Tag Editor – WAV-file that was edited in AIMP opens in Adobe Audition with the “meta data is corrupted” message in some cases

Small bugs were fixed.

 

LibreOffice_v5.3.4 New features and bug fixes.

 

ImgBurn_v2.5.8.0 Bug fixes.

 

Trillian_6.0 Build 59 Fixed:

Bot: Proper message headers for previous message history from bots

Media: Screen capture could fail on a certain display bit depth

Message Window: Fixed issues related to closing the second message window with the single tab setting.

Settings: Properly show Trillian 5 license information in account area

What’s New: Translations not working correctly.

 

Notepad++_7.4.2 Fixed:

Add SWIFT language support.

Fix replace in files regression.

Enhance Find Replace dialog (resizable & remove search direction radio buttons).

Fix a crash issue while doing a column insertion on a CJK unicode document.

Fix repeated notification dialog for modification from outside of Notepad++.

Fix a visual glitchy during tab drag and drop.

 

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
|

Breaking: Petya Ransomware Creates Global Chaos

By News, Patch ManagementNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

New Cyberattack Spreads Across Europe, Russia and U.S.

A devastating and well-coordinated ransomware attack hit key parts of Ukraine’s infrastructure Tuesday. The ransomware called Petya is now being reported worldwide, spreading throughout Europe, Russia and the United States. This attack follows the global WannaCry outbreak that struck in May. Petya includes elements that make it even more severe than the WannaCry attack. It can inflict more damage on machines than WannaCry by targeting the hard drive rather than individual files.

“This attack doesn’t just encrypt data for a ransom – but instead hijacks computers and prevents them from working altogether,” said Ken Spinner, vice president of Varonis. “The implications of this type of cyberattack spread far and wide: and can affect everything from government to banks to transportation.”

Although Microsoft has patched the issue, which took advantage of a Windows vulnerability, users who haven’t downloaded the fix can still be hit. This is another reason why having a reliable patch management strategy is extremely critical.

“This new Petya ransomware variant is like WannaCry without the kill switch, spreading automatically from computer to computer by itself and locking files,” said Steve Malone, the director of security product management at Mimecas.

[vc_single_image image=”12756″ img_size=”medium”]

How to Protect Yourself

Windows computers that have installed both the March 2017 and April 2017 security-patch bundles should be immune to the ransomware attack. We strongly recommend identifying all vulnerable operating systems and patching immediately.

Many IT management tools rely on agents to identify and manage devices, but these tools may not support these older operating systems. If they do support the operating systems they are limited by only being able to patch devices which have an agent installed.

We strongly recommend using a solution like Syxsense, that supports older operating systems and has agentless ability to scan your entire IT environment for all devices and remediate without the need to have agents deployed.

[vc_separator css=”.vc_custom_1494626301140{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Protect Against Petya

Start a free, 14-day Trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]

Inside Look: Syxsense

By VideoNo Comments
[vc_separator]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
|

Linux Exploit Leads to Massive Ransomware Payout

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”large”]

$1 Million Ransomware Demand Paid by Victim

Recently, a South Korean web hosting firm, NAYANA, was hit with ransomware. To release the 153 compromised servers, the attackers demanded a staggering 550 bitcoins, which is equal to approximately $1.62 million USD.

Although Nayana was able to negotiate the price down, the company still ended up paying around $1 million USD in bitcoins.

The malware used has been identified as Erebus. While the actual attack vector isn’t clear yet, in the past, Erebus has exploited vulnerabilities within Linux. Researchers suspect that vulnerabilities in outdated systems may be how the attackers got ahold of Nayana servers.

With over 34,000 customers affected, Nayana had to act quickly to free their data.

What should I do?

Keeping your systems up to date with patches is critical. An effective patch management tool will have a comprehensive library of patches from Microsoft and third-party vendors, as well as supporting Linux.

With Syxsense’s patching solution, you can easily build an automated patching routine to scan your devices and deploy critical updates to fix vulnerabilities.

[vc_single_image image=”11213″ img_size=”medium” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]

Hidden Cobra: North Korea’s History of Hacking

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”large”]

North Korea’s DDoS Botnet Infrastructure

Since 2009, Hidden Cobra actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group and Guardians of Peace. DHS and the FBI assess that Hidden Cobra actors will continue to use cyber operations to advance their government’s military and strategic objectives.

Tools and capabilities used by Hidden Cobra actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware.

The hack commonly targets systems running older, unsupported versions of Microsoft operating systems. The multiple vulnerabilities in these older systems provide targets for exploitation. Adobe Flash player vulnerabilities have also been used to gain entry into compromised networks.

What should I do?

These are the known vulnerabilities used to exploit this vulnerability:

  • CVE-2015-6585: Hangul Word Processor Vulnerability
  • CVE-2015-8651: Adobe Flash Player 18.0.0.324 and 19.x Vulnerability
  • CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability
  • CVE-2016-1019: Adobe Flash Player 21.0.0.197 Vulnerability
  • CVE-2016-4117: Adobe Flash Player 21.0.0.226 Vulnerability

[vc_single_image image=”12545″ img_size=”180×180 px” alignment=”center”]

We recommend organizations upgrade these applications to the latest version and patch level. If Adobe Flash or Microsoft Silverlight is no longer required, we recommend that those applications be removed from systems.

Further details can be found here.

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]

June Patch Tuesday: Beat the Heat

By Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Summer Security: Another Backlog of Updates

Microsoft announced it is making multiple updates to historic content for critical security updates.

These are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures. Some of the releases are new and some are for older platforms that we are making publicly available today.

$8 Trillion Dollars

The ransomware crisis that swept the world last month highlights what we’ve known for years:  the global IT infrastructure is incredibly vulnerable. If you need any more convincing, cybercrime is estimated to cost global business $8 trillion in the next five years.
[vc_single_image image=”12386″ img_size=”medium”]

The following table summarizes the updates available for vulnerabilities that Microsoft presumes to be at risk of imminent attack. Customers should prioritize deployment of these updates and plan to migrate to supported platforms if you have not already done so.

Robert Brown, Director of Services for Verismic says: “As we saw last month, ransomware has the ability to infiltrate the largest companies in the world, if those companies fail to patch their systems.”

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Microsoft Updates

Microsoft have taken another unprecedented step of releasing old content in order to protect their customers. In case Microsoft knows something we don’t, we recommend deploying these updates as quickly as possible where needed.  Full details of the Microsoft statement can be found here.

Bulletin or CVE ID  Title and Executive Summary  Severity Rating and Vulnerability Impact  Restart Requirement  Affected Software 
MS08-067 Vulnerability in Server Service Could Allow Remote Code Execution (958644)
This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft, Windows XP and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit.
Critical 
Remote Code Execution
Restart required Microsoft Windows
MS09-050 Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service.
Critical 
Remote Code Execution
Restart required Microsoft Windows
MS10-061 Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
This security update resolves a publicly disclosed vulnerability in the Print Spooler service. The vulnerability could allow remote code execution if an attacker sends a specially crafted print request to a vulnerable system that has a print spooler interface exposed over RPC. By default, printers are not shared on any currently supported Windows operating system.
Critical 
Remote Code Execution
Restart required Microsoft Windows
MS14-068 Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)
This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only.
Critical 
Elevation of Privilege
Restart required Microsoft Windows
MS17-010 Security Update for Microsoft Windows SMB Server (4013389)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.
Critical 
Remote Code Execution
Restart required Microsoft Windows
MS17-013 Security Update for Microsoft Graphics Component (4013075)
This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.
Critical 

Remote Code Execution

Restart required Microsoft Windows
CVE-2017-0176 Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176 )
A remote code execution vulnerability exists in Remote Desktop Protocol (RDP) if the RDP server has Smart Card authentication enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Critical 
Remote Code Execution
Restart required Microsoft Windows
CVE-2017-0222 Internet Explorer Memory Corruption Vulnerability (CVE-2017-0222)
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Critical 
Remote Code Execution
Restart required Microsoft Internet Explorer
CVE-2017-0267 – CVE-2017-0280 Security Update for Microsoft Windows SMB (CVEs 2017-0267 through 2017-0280
Security updates exist in Microsoft Windows SMB. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted packets to a Microsoft Server Message Block 1.0 (SMBv1) server.
Critical 
Remote Code Execution
Restart required Microsoft Windows
CVE-2017-7269 WebDAV Remote Code Execution Vulnerability (CVE-2017-7269)
A vulnerability exists in IIS when WebDAV improperly handles objects in memory, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
Critical 
Remote Code Execution
Restart required Microsoft Windows
CVE-2017-8461 Windows RPC Remote Code Execution Vulnerability (CVE-2017-8461)
A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Critical 
Remote Code Execution
Restart required Microsoft Windows
CVE-2017-8464 LNK Remote Code Execution Vulnerability (CVE-2017-8464)
A remote code execution exists in Microsoft Windows that could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Critical 
Remote Code Execution
Restart required Microsoft Windows
CVE-2017-8487 Windows olecnv32.dll Remote Code Execution Vulnerability (CVE-2017-8487)
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.
Critical 
Remote Code Execution
Restart required Microsoft Windows
CVE-2017-8543 Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Critical 
Remote Code Execution
Restart required Microsoft Windows
CVE-2017-8552 Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Important 
Remote Code Execution
Restart required Microsoft Windows

 

Microsoft have addressed 94 vulnerabilities in Windows, Internet Explorer, Edge, Office, and SharePoint. The vulnerabilities could allow an attacker to execute arbitrary code, gain escalated privileges, bypass security protections, view sensitive information, or cause a denial of service. We have chosen a few updates to prioritize this mont. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly, the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

 

Bulletin or CVE ID  Vulnerability Alert CVSS Base Score Recommended
CVE-2017-0283 Microsoft Windows Uniscribe Remote Code Execution Vulnerability 8.8 Yes
CVE-2017-8506 Microsoft Office Arbitrary Code Execution Vulnerability 8.8 Yes
CVE-2017-8527 Microsoft Windows Graphics Remote Code Execution Vulnerability 8.8 Yes
CVE-2017-8528 Microsoft Windows Uniscribe Remote Code Execution Vulnerability 8.8 Yes
CVE-2017-8543 Microsoft Windows Search Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-0294 Microsoft Windows Arbitrary Code Execution Vulnerability 8 Yes
CVE-2017-0193 Microsoft Windows Hyper-V Hypervisor Privilege Escalation Vulnerability 7.8 Yes
CVE-2017-0260 Microsoft Office Arbitrary Code Execution Vulnerability 7.8 Yes
CVE-2017-8507 Microsoft Outlook Memory Corruption Vulnerability 7.8 Yes
CVE-2017-8509 Microsoft Office Arbitrary Code Execution Vulnerability 7.8 Yes
CVE-2017-8510 Microsoft Office Arbitrary Code Execution Vulnerability 7.8 Yes
CVE-2017-8511 Microsoft Office Arbitrary Code Execution Vulnerability 7.8 Yes
CVE-2017-8512 Microsoft Office Arbitrary Code Execution Vulnerability 7.8 Yes
CVE-2017-8513 Microsoft PowerPoint Arbitrary Code Execution Vulnerability 7.8  Yes
CVE-2017-8464 Microsoft Windows Shortcut Handling Arbitrary Code Execution Vulnerability 7.5
CVE-2017-8517 Microsoft Internet Explorer and Edge Scripting Engine Memory Corruption Vulnerability 7.5
CVE-2017-8519 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5
CVE-2017-8547 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5
CVE-2017-8548 Microsoft Edge Memory Corruption Vulnerability 7.5
CVE-2017-0296 Microsoft Windows TDX Driver Privilege Escalation Vulnerability 7
CVE-2017-0297 Microsoft Windows Kernel Privilege Escalation Vulnerability 7
CVE-2017-8465 Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability 7
CVE-2017-8466 Microsoft Windows Cursor Privilege Escalation Vulnerability 7
CVE-2017-8468 Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability 7
CVE-2017-8494 Microsoft Windows Privilege Escalation Vulnerability 7
CVE-2017-0298 Microsoft Windows COM Session Privilege Escalation Vulnerability 6.6
CVE-2017-8514 Microsoft SharePoint Cross-Site Scripting Vulnerability 6.4
CVE-2017-8529 Microsoft Edge and Internet Explorer Information Disclosure Vulnerability 6.4
CVE-2017-8545 Microsoft Outlook for Mac Security Bypass Vulnerability 6.1
CVE-2017-8550 Microsoft Skype for Business Information Disclosure Vulnerability 6.1
CVE-2017-8551 Microsoft Project Server Cross-Site Scripting Vulnerability 6.1
CVE-2017-8493 Microsoft Windows Security Bypass Vulnerability 5.6
CVE-2017-8530 Microsoft Edge Security Feature Vulnerability 5.4
CVE-2017-0173 Microsoft Windows Device Guard Security Bypass Vulnerability 5.3
CVE-2017-0215 Microsoft Windows Device Guard Security Bypass Vulnerability 5.3
CVE-2017-0216 Microsoft Windows Device Guard Security Bypass Vulnerability 5.3
CVE-2017-0218 Microsoft Windows Device Guard Security Bypass Vulnerability 5.3
CVE-2017-0219 Microsoft Windows Device Guard Security Bypass Vulnerability 5.3
CVE-2017-0295 Microsoft Windows Default Folder Spoofing Vulnerability 4.8
CVE-2017-0299 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-0300 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8462 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8469 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8470 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 4.7
CVE-2017-8471 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 4.7
CVE-2017-8472 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 4.7
CVE-2017-8473 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 4.7
CVE-2017-8474 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8475 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 4.7
CVE-2017-8476 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8477 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 4.7
CVE-2017-8478 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8479 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8480 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8481 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8482 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8483 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8484 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 4.7
CVE-2017-8485 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8488 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8489 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8490 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8491 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8492 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8515 Microsoft Windows Virtual Memory Denial of Service Vulnerability 4.7
CVE-2017-8534 Microsoft Windows Uniscribe Information Disclosure Vulnerability 4.7
CVE-2017-8553 Microsoft Windows Graphics Component Information Disclosure Vulnerability 4.7
CVE-2017-0282 Microsoft Windows Uniscribe Information Disclosure Vulnerability 4.4
CVE-2017-0284 Microsoft Windows Uniscribe Information Disclosure Vulnerability 4.4
CVE-2017-0285 Microsoft Windows Uniscribe Information Disclosure Vulnerability 4.4
CVE-2017-0286 Microsoft Windows Graphics Information Disclosure Vulnerability 4.4
CVE-2017-0287 Microsoft Windows Graphics Information Disclosure Vulnerability 4.4
CVE-2017-0288 Microsoft Windows Graphics Information Disclosure Vulnerability 4.4
CVE-2017-0289 Microsoft Windows Graphics Information Disclosure Vulnerability 4.4
CVE-2017-8531 Microsoft Windows Graphics Information Disclosure Vulnerability 4.4
CVE-2017-8532 Microsoft Windows Graphics Information Disclosure Vulnerability 4.4
CVE-2017-8533 Microsoft Windows Graphics Information Disclosure Vulnerability 4.4
CVE-2017-0291 Microsoft Windows PDF Handling Arbitrary Code Execution Vulnerability 4.3
CVE-2017-0292 Microsoft Windows PDF Handling Arbitrary Code Execution Vulnerability 4.3
CVE-2017-8460 Microsoft Windows PDF Handling Information Disclosure Vulnerability 4.3
CVE-2017-8498 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-8504 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-8508 Microsoft Outlook Security Bypass Vulnerability 4.3
CVE-2017-8523 Microsoft Edge Security Bypass Vulnerability 4.3
CVE-2017-8555 Microsoft Edge Security Feature Bypass Vulnerability 4.3
CVE-2017-8496 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8497 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8499 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8520 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8521 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8522 Microsoft Internet Explorer and Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8524 Microsoft Internet Explorer and Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8549 Microsoft Edge Scripting Engine Information Vulnerability 4.2
CVE-2017-8544 Microsoft Windows Search Information Disclosure Vulnerability 3.3

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]

Patchception: June Third-Party Patch Update

By News, Patch ManagementNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Third-Party-Software of 3rd Party Software

We tend to take the security of major websites and software, such as Facebook, Twitter, Instagram and their respective apps, for granted.

However, there are numerous ways that persons with malicious intent could gain access to accounts of those sites. Recently, Twitter faced a breach of security to one popular method; exploiting connected third-party software.

A small number of accounts on Twitter were hacked and began posting pro-Nazi messages and symbols. These included the accounts of Amnesty International, Forbes and a few other prominent groups. Twitter’s servers had not been hacked, the hack was traced to another software, Twitter Counter.

This sort of breach is a reminder to be careful of what software you trust.

[vc_single_image image=”12545″ img_size=”200×200″]

VLC caught up in Wikileaks’ ‘Vault 7’

Wikileaks released a series of documents regarding the CIA and their set of malware tools. One of these revelations concerns VLC media player. The tool collects information from the computer or network and hides itself inside VLC.

However, VideoLAN Organization has released a statement regarding this. They say “the leaked document does not describe a vulnerability that is remotely exploitable, nor is present in a normal VLC installation.” As long as you have kept VLC up to date and downloaded it from the official site, you are safe.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_separator]

Third-Party Updates

Every month we see a bevy of new third party updates, and are always enhancing our library of supported vendors. Special requests and additions are welcomed. This month’s releases include:

 

 

Product Category Patch
Chrome Web Browser Chrome_v58.0.3029.140
Skype Online calls Skype_v7.36
Adobe (Flash Player, Adobe Experience Manager Forms) APSB17-15

APSB17-16

Thunderbird Email Client Thunderbird_v52.1.1
Glary Utilities PC cleanup Glary_v5.76
AIMP Audio Player AIMP_v4.13.1895
iTunes Media Player iTunes_12.6.1
CDBurnerXP CD/DVD Burner CDBurnerXP_4.5.7.6623
Trillian Instant MessengerCode Editor Trillian_6.0 Build 1
Notepad++ Code Editor Notepad++_7.4.1
GOM Player Media Player GOMplayer_2.3.16.5272
Malwarebytes Security Software Malwarebytes_3.1
RealVNC Remote Access RealVNC_6.1.1
VLC Media Player VLC_2.2.5

 

 

Patch Details
Chrome_58.0.3029.140 Includes bug fixes, security updates, and feature enhancements.

However, the following devices are NOT live with this update.
Acer Chromebook 11 (C730 / C730E / C735)

AOpen Chromebox Commercial

Dell Chromebook 11 (3120)

Enguarde based 11″ Chromebooks

HP Chromebook 11 2100-2299 / HP Chromebook 11 G4/G4 EE / HP Chromebook 11 G3

HP Chromebook 14 ak000-099 / HP Chromebook 14 G4

Lenovo ThinkPad 11e Chromebook

Skype_7.35 Quality improvements and general fixes.
Adobe

 

APSB17-15

 

 

 

 

APSB17-16

 

 

 

These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2017-3071). These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074).

 

These updates resolve an information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms. This issue was resolved by providing administrators with additional controls in the configuration manager to restrict the file paths and protocols used to pre-fill a form.

Thunderbird_52.1.1 Fixed: Large attachments may not be shown or saved correctly if the message is stored in an IMAP folder which is not synchronized for offline use.

Unable to load full message via POP if message was downloaded partially (or only headers) before.

Some attachments can’t be opened or saved if the message body is empty.

Crash when compacting IMAP folder.

Glary_v5.76 Bug Fixes and Feature Enhancements
AIMP_v4.13.1895 Fixed: Player – an issue with opening files from AIMP’s context menu that integrated to Windows Explorer

Fixed: plugins – API – adding files to playlist with the AIMP_PLAYLIST_ADD_FLAGS_FILEINFO flag produces internal exception in some cases

Small bugs were fixed

iTunes_12.6.1 Minor app and performance improvements.
CDBurnerXP_4.5.7.6623 DPI improvements for copy disc dialog

DPI improvements for ISO image dialog

DPI improvements for video DVD dialog

Fixed potential crash when refreshing media info

Trillian_6.0 Build 1 Bug Fixes and Feature Enhancements
Notepad++_7.4.1 Fix Notepad++ hanging issue on startup due to its connection on Internet – disable the certification chain verification.

Fix the opened zero length file not saving bug.

Improve Document Peeker performance issue for large files.

GOMplayer_2.3.16.5272 [Enhanced Playback Performance]

• Added video codec format support

– FMVC (FM Screen Capture Codec), Clear Video, Avid MJPEG, TSCC2 Codec added

• Added audio codec format support

– QDMC (QDesign Music Codec), DSD (Direct Sound Digital), shorten audio Codec added

 

[Improved Functions]

• Now supporting left/right 360 degree video

• Enhanced video playback for VR (360 degree) videos

 

[VOC and bug fixes]

– Fixed 3 channel audio error

– Fixed playback speed error

– Fixed Intel H/W regarding H.264 videos

– Audio Channel bug fixes

– TS format bug fixes

– Audio capture saving bug fix

– Screen color bug fixes

– Additional minor bug fixes

Malwarebytes_3.1 Fixed several crashes in the Web Protection module

Fixed issue where Ransomware Protection would be stuck in ‘Starting’ state after a reboot

Fixed a conflict with Norton that caused web pages not to load and plug-ins to crash in Chrome

Fixed issue with WMI protection technique in Exploit Protection that could cause Office applications to crash

Fixed several crashes related to the service and tray

Fixed security vulnerabilities that could be chained together to perform local privilege escalation

Fixed many other miscellaneous defects and user interface improvements

RealVNC_6.1.1 FIXED: Active Directory user accounts with no expiry date can now be used to authenticate to VNC Server using single sign-on (SSO)

FIXED: VNC Server’s Information Center dialog no longer shows an erroneous error message when the legacy SecurityTypes parameter is set to a value other than <auto> (this may affect users upgrading from VNC 5.x).

FIXED: VNC Server in Virtual Mode (Xvnc) no longer crashes due to a bug in the X11 render extension.

VLC_2.2.5 VLC 2.2.5 “Weatherwax” is the fifth update to VLC’s 2.2 release series.

Fix green line rendering on Windows with AMD drivers

Fix mp3 playback regression on macOS and 64bit Windows leading to distortion for some media

Fix screenshots size

Improved lua scripts for various websites

Various security improvements in demuxers and decoders

Security hardening for DLL hijacking environments

Fix scrolling sensitivity on Sierra

Fix screen recording on Windows

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]