Skip to main content
Monthly Archives

August 2018

|||||||

Third-Party Patch Update: August 2018

By News, Patch ManagementNo Comments

Chrome Vulnerability Endangers Your Private Data

A vulnerability has been found within Chrome that would allow actors to access information stored by other web platforms, such as major data hoarders Facebook and Google.

CVE-2018-6177 was uncovered by Ron Masas, a security researcher from Imperva, and reported to Google. “With several scripts running at once — each testing a different and unique restriction — the bad actor can relatively quickly mine a good amount of private data about the user,” Masas said.

With their latest release, v68.0.3440.106, Google says the issue has been fixed. At the time of writing this article, there are no known active exploits of this vulnerability.

We recommend you update to the latest version of Chrome immediately.

Use Syxsense to inventory your environment and rapidly deploy any needed updates. On the home screen, you can quickly see which devices require critical updates.

By clicking on the graph, you’ll jump right into a patch deployment process, prepopulated to deploy critical updates to all devices that need them. You can easily modify this task to be more specific or start the task as-is to deploy the critical patches.

Third-Party Patch Updates

Below is a table of third-party updates:

Vendor Category Patch Version and Release Notes: CVSS SCORE
Adobe Media Software  

Acrobat DC: v18.011.20058 – https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/continuous/dccontinuousaug2018.html#dccontinuousaugusttwentyeighteen

 

Acrobat DC: v17.011.30099 – https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/classic/dcclassic17.011aug2018.html#dc17-011augusttwentyeighteen

 

Acrobat DC: v15.006.30448 – https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/classic/dcclassic15.006aug2018.html#dc15-006augusttwentyeighteen

 

Flash Player Plugin and ActiveX: v30.0.0.154 – https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html#fixed_issues

 

 N/A
Apple Media Software  

iTunes: v12.8.0.150 – https://support.apple.com/kb/dl1814?locale=en_US

 

  

N/A
Don Ho  

Notepad++: v7.5.8 – https://notepad-plus-plus.org/news/notepad-7.5.8-released.html

 
Evernote  

Evernote: v6.14.5.7671 – https://evernote.com/security/updates

 
FileZilla FTP Solution  

FileZilla: v3.35.2 – https://filezilla-project.org/versions.php

 

 N/A
GNOME Foundation Image Processing and Editing  

GIMP: v2.10.6 – https://www.gimp.org/release-notes/gimp-2.10.html

 
Google Browser  

Chrome: v68.0.3440.106 – https://chromereleases.googleblog.com/2018/08/stable-channel-update-for-desktop.html

 

 N/A
KeePass Password Manager  

KeePass: v2.39.1 – https://keepass.info/news/n180506_2.39.html

 
Mozilla Browser and Email Application  

Firefox: v61.0.2 – https://www.mozilla.org/en-US/firefox/61.0.2/releasenotes/

 

Thunderbird: v60.0 – https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/

 
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 28, 2018
Love0
||

Adobe Alert: Zero-Day Update

By News, Patch ManagementNo Comments

Photoshop Gets Edited

Adobe released an out-of-band security update to address two critical remote code execution vulnerabilities impacting Adobe Photoshop CC for Windows and Apple devices.

These two vulnerabilities, identified as CVE-2018-12810 and CVE-2018-12811, impact Adobe Photoshop CC 2018 version 19.x as well as Adobe Photoshop CC 2017 version 18.x.

Although these updates carry an Adobe Priority of 3; meaning it is not currently being exploited, we would advise a proactive deployment of these updates as quickly as possible. Their vulnerabilities are listed as critical and would be very disastrous if active exploitation begins.

Use Syxsense to survey your environment and rapidly deploy any needed updates. On the home page, you can quickly see which devices require critical updates.

By clicking on the gadget, you’ll jump right into a patch deployment process, prepopulated to deploy all critical updates to all devices that need them. You can easily modify this task to be more specific or start the task as-is to deploy the critical patches.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 24, 2018
Love0
|||||

IT Admins: Block Outbound Server Message Block (SMB) Traffic Now

By NewsNo Comments

Corporate Network Credential Harvesting

The US National Cybersecurity & Communications Integrations Center (NCCIC) recently issued advice that all organizations should block outbound Server Message Block (SMB) traffic at the firewall – Ports 137/139/445.

A recent hack has been identified that leverages Window’s ability to automatically log on to remote devices when connecting to a share.

This is very useful when connecting to devices within your corporate network, however it is a huge security hole when used by a hacker.

The hacker will send an email/spearphishing attack that contains an attachment or link to a remote server. When the file is opened or link clicked or in some cases even the email opened, a Windows workstation will send hash (simple encryption) containing your credentials, attempting to automatically authenticate to the remote share.

The remote server simply captures this hash and then using many easily available free tools on the internet the attacker can reverse to hash to get the user’s credentials.

We cannot think of any legitimate reason you should be sending SMB traffic outside your corporate firewall, so we strongly recommend you block all outbound SMB traffic at your firewalls.

Ashley Leonard, CEO
Verismic Software

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 22, 2018
Love0
||

The ‘Foreshadow’ of More Intel Issues

By NewsNo Comments

Foreshadow Flaw Found in Intel CPUs

For the more than a billion computers that depend on Intel CPUs, the flaws just keep coming. Thanks to work by researchers from KU Leuven University in Belgium, along with the universities of Adelaide and Michigan, Intel has been made aware of yet another major weakness in their processor chip sets.

Since the first flaws announced earlier this year lead to the Spectre and Meltdown attacks, this new exploit has been named ‘Foreshadow’. Intel has published a list of the affected products, which you can find below this article.

According to the cyber security arm of the US government, “an attacker could exploit this vulnerability to obtain sensitive information”. However, Intel has stated that “We are not aware of reports that any of these methods have been used in real-world exploits.” They have also pledged to ensure future processors would be built in ways to prevent vulnerability to Foreshadow.

Intel has released three CVEs to address this new issue: CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646.

Patching and Mitigation

Systems that have applied updates made available by Intel earlier this year should already be protected against Foreshadow, Intel said.

Using an IT solution like Syxsense can simplify this complex task. Maintenance windows can be set so updates are deployed around business hours.

Updates can also be deployed on demand, so that emergency fixes can be applied immediately. Syxsense provides flexibility and adaptability to accommodate the remediation strategy that best fits your business.

Learn more about the better way to manage your environment. Start a trial with Syxsense.

Impacted products:

The following Intel-based platforms are potentially impacted by these issues. Intel may modify this list at a later time.

Intel® Core™ i3 processor (45nm and 32nm)
Intel® Core™ i5 processor (45nm and 32nm)
Intel® Core™ i7 processor (45nm and 32nm)
Intel® Core™ M processor family (45nm and 32nm)
2nd generation Intel® Core™ processors
3rd generation Intel® Core™ processors
4th generation Intel® Core™ processors
5th generation Intel® Core™ processors
6th generation Intel® Core™ processors
7th generation Intel® Core™ processors
8th generation Intel® Core™ processors
Intel® Core™ X-series Processor Family for Intel® X99 platforms
Intel® Core™ X-series Processor Family for Intel® X299 platforms
Intel® Xeon® processor 3400 series
Intel® Xeon® processor 3600 series
Intel® Xeon® processor 5500 series
Intel® Xeon® processor 5600 series
Intel® Xeon® processor 6500 series
Intel® Xeon® processor 7500 series
Intel® Xeon® Processor E3 Family
Intel® Xeon® Processor E3 v2 Family
Intel® Xeon® Processor E3 v3 Family
Intel® Xeon® Processor E3 v4 Family
Intel® Xeon® Processor E3 v5 Family
Intel® Xeon® Processor E3 v6 Family
Intel® Xeon® Processor E5 Family
Intel® Xeon® Processor E5 v2 Family
Intel® Xeon® Processor E5 v3 Family
Intel® Xeon® Processor E5 v4 Family
Intel® Xeon® Processor E7 Family
Intel® Xeon® Processor E7 v2 Family
Intel® Xeon® Processor E7 v3 Family
Intel® Xeon® Processor E7 v4 Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor D (1500, 2100)

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 20, 2018
Love0
||

High Severity Linux Kernel Bug

By NewsNo Comments

Stop the Remote Attackers

A global Linux kernel bug affecting almost every Linux operating system could currently be used to expose millions of Linux servers around the world.

The vulnerability (CVE-2018-5391) carrying a CVSS score of 7.8 (High Severity) relates to the Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets.

An attacker may be able to trigger a denial-of-service condition against the system.

All Linux vendors are recommending all customers update their operating systems as quickly as possible, all patches are available from OS vendors to address the vulnerability and are now available in Syxsense for immediate deployment.

Our discovery scan will identify every device with an IP address connected to your networks; including Linux devices.

Then, thanks to a comprehensive collection of inventory information, you can easily filter the device view and see which Linux devices need the required updates.

Within minutes you will have identified vulnerable devices and begun a strategic remediation.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 16, 2018
Love0
|

Patch Tuesday? More Like Patch Doomsday

By News, Patch Management, Patch TuesdayNo Comments

August Patch Tuesday Release

Microsoft have released 60 security patches today covering Internet Explorer (IE), Edge, ChakraCore, Windows components, .NET Framework, SQL Server, as well as Microsoft Office and Office Services.

Out of these 60 CVEs, 19 are listed as Critical, 39 are rated Important, one is rated as Moderate, and one is rated as Low in severity.

Critical Adobe Updates

Adobe have also released 11 fixes today including two critical patches for Acrobat and Reader, CVE-2018-12808 is an out-of-bounds write flaw, while CVE-2018-12799 is an untrusted pointer dereference vulnerability.  IT Managers should be pleased as last month’s release included 100 vulnerability fixes.

WannaCry is Back with a Vengeance

Big hitter falls foul of WannaCry this week; Taiwan Semiconductor Manufacturing who are the largest chip supplier to Apple and other smartphone makers were compromised which disrupted global delays of chip shipments. The damage from the infection has caused serious financial revenue damage in Q3, and could have easily been avoided should a patch centric approach been adopted by their IT Managers. Learn more in our Avoiding Patch Doomsday whitepaper.

Windows 10 Feature Update Planning

If you are using Windows 10, version 1703 then you only have 2 months left to upgrade before it falls out of the standard ‘End of Service’ on October 9, 2018. Each Windows 10 version will be serviced with quality updates for up to 18 months from availability. It is important that all quality updates are installed to help keep your device secure.

Robert Brown, Director of Services for Verismic said, “CVE-2018-8373 (Scripting Engine Memory Corruption Vulnerability) & CVE-2018-8414 (Windows Shell Remote Code Execution Vulnerability) are both publicly disclosed and are actively being exploited.

Although these only carry a CVSS score of 4.8 & 6.7 respectively because these vulnerabilities are being actively being used to expose customer networks, these updates should be prioritized by your IT manager this month.

Patch Tuesday Release

CVE Title Severity
CVE-2018-8373 Internet Explorer Memory Corruption Vulnerability Critical
CVE-2018-8273 Microsoft SQL Server Remote Code Execution Vulnerability Critical
CVE-2018-8302 Microsoft Exchange Memory Corruption Vulnerability Critical
CVE-2018-8344 Microsoft Graphics Remote Code Execution Vulnerability Critical
CVE-2018-8345 LNK Remote Code Execution Vulnerability Critical
CVE-2018-8350 Windows PDF Remote Code Execution Vulnerability Critical
CVE-2018-8355 Chakra Scripting Engine Memory Corruption Vulnerability Critical
CVE-2018-8359 Scripting Engine Information Disclosure Vulnerability Critical
CVE-2018-8371 Internet Explorer Memory Corruption Vulnerability Critical
CVE-2018-8372 Chakra Scripting Engine Memory Corruption Vulnerability Critical
CVE-2018-8377 Microsoft Edge Memory Corruption Vulnerability Critical
CVE-2018-8380 Chakra Scripting Engine Memory Corruption Vulnerability Critical
CVE-2018-8381 Chakra Scripting Engine Memory Corruption Vulnerability Critical
CVE-2018-8384 Chakra Scripting Engine Memory Corruption Vulnerability Critical
CVE-2018-8385 Scripting Engine Memory Corruption Vulnerability Critical
CVE-2018-8387 Microsoft Edge Memory Corruption Vulnerability Critical
CVE-2018-8390 Scripting Engine Memory Corruption Vulnerability Critical
CVE-2018-8397 GDI+ Remote Code Execution Vulnerability Critical
CVE-2018-8403 Microsoft Browser Memory Corruption Vulnerability Critical
CVE-2018-8414 Windows Shell Remote Code Execution Vulnerability Important
CVE-2018-0952 Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability Important
CVE-2018-8200 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Important
CVE-2018-8204 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Important
CVE-2018-8253 Cortana Elevation of Privilege Vulnerability Important
CVE-2018-8266 Chakra Scripting Engine Memory Corruption Vulnerability Important
CVE-2018-8316 Internet Explorer Remote Code Execution Vulnerability Important
CVE-2018-8339 Windows Installer Elevation of Privilege Vulnerability Important
CVE-2018-8340 ADFS Security Feature Bypass Vulnerability Important
CVE-2018-8341 Windows Kernel Information Disclosure Vulnerability Important
CVE-2018-8342 Windows NDIS Elevation of Privilege Vulnerability Important
CVE-2018-8343 Windows NDIS Elevation of Privilege Vulnerability Important
CVE-2018-8346 LNK Remote Code Execution Vulnerability Important
CVE-2018-8347 Windows Kernel Elevation of Privilege Vulnerability Important
CVE-2018-8348 Windows Kernel Information Disclosure Vulnerability Important
CVE-2018-8349 Microsoft COM for Windows Remote Code Execution Vulnerability Important
CVE-2018-8351 Microsoft Edge Information Disclosure Vulnerability Important
CVE-2018-8353 Scripting Engine Memory Corruption Vulnerability Important
CVE-2018-8357 Internet Explorer Elevation of Privilege Vulnerability Important
CVE-2018-8358 Microsoft Edge Information Disclosure Vulnerability Important
CVE-2018-8360 .NET Framework Information Disclosure Vulnerability Important
CVE-2018-8370 Microsoft Edge Information Disclosure Vulnerability Important
CVE-2018-8375 Microsoft Excel Remote Code Execution Vulnerability Important
CVE-2018-8376 Microsoft PowerPoint Remote Code Execution Vulnerability Important
CVE-2018-8378 Microsoft Office Information Disclosure Vulnerability Important
CVE-2018-8379 Microsoft Excel Remote Code Execution Vulnerability Important
CVE-2018-8382 Microsoft Excel Information Disclosure Vulnerability Important
CVE-2018-8383 Microsoft Edge Spoofing Vulnerability Important
CVE-2018-8389 Internet Explorer Memory Corruption Vulnerability Important
CVE-2018-8394 Windows GDI Information Disclosure Vulnerability Important
CVE-2018-8396 Windows GDI Information Disclosure Vulnerability Important
CVE-2018-8398 Windows GDI Information Disclosure Vulnerability Important
CVE-2018-8399 Win32k Elevation of Privilege Vulnerability Important
CVE-2018-8400 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important
CVE-2018-8401 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important
CVE-2018-8404 Win32k Elevation of Privilege Vulnerability Important
CVE-2018-8405 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important
CVE-2018-8406 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important
CVE-2018-8412 Microsoft (MAU) Office Elevation of Privilege Vulnerability Important
CVE-2018-8374 Microsoft Exchange Elevation of Privilege Vulnerability Moderate
CVE-2018-8388 Microsoft Edge Elevation of Privilege Vulnerability Low
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 14, 2018
Love0

Zero-Day: HP Printer Hack

By News, Patch ManagementNo Comments

Exposing your network with HP OfficeJet Printers

A malicious fax sent to an vulnerable all-in-one inkjet printer can give hackers control of the printer and act as a springboard into your network environment.

HP’s implementation of a widely used fax protocol is used in all its OfficeJet all-in-one inkjet printers.  HP Inc. has released patches for both of these vulnerabilities (CVE-2018-5925 and CVE-2018-5924).

Robert Brown, Director of Services at Verismic said, “These vulnerabilities have a CVSS score 9.8 out of a maximum of 10 making these your highest priority this month.”

We recommend deploying these updates using Syxsense. There is suspicions that this is being actively exploited, and to complicate things further, these updates will require a reboot.

Enhance your patch strategy with Syxsense. Start your free trial today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 13, 2018
Love0
||

FBI PSA: IoT Devices Targeted by Attackers

By NewsNo Comments

The FBI has Released a New PSA

According to the alert, I-080218-PSA, actors with malicious intent have been actively using vulnerable IoT devices. Said devices act as proxies to route malicious traffic for cyber attacks and computer network exploitation.

This reinforces what we have been saying for a very long time. Ignoring or mismanaging IoT device security leaves organizations wide open to potentially devastating cyber attacks that could have far-reaching national and even international consequences.

The FBI warns that a large range of devices could be misused. Examples include routers, smart watches, IP phones, streaming devices, IP cameras, network attached storage devices, and network connected printers. The list goes on and on; any device connected to the internet could be targeted.

The alert states “Cyber actors typically compromise devices with weak authentication, unpatched firmware or other software vulnerabilities, or employ brute force attacks on devices with default usernames and passwords.”

How can companies protect themselves?

The PSA suggests several methods for protection, but here is one to review. Detect and identify all IoT devices within your networks and then ensure they are up to date with the latest security patches.

Syxsense is the IT solution with the ability to detect IoT devices. Our discovery scan will show every device with an IP address connected to your networks. It is impossible to manage vulnerable devices if you don’t know they are there in the first place.

There’s a better way to manage IoT devices. Start your trial with Syxsense.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 7, 2018
Love0