Skip to main content
Monthly Archives

October 2018

||

Most Linux Builds Need an Immediate Patch

By News, Patch ManagementNo Comments

An Attacker Could Take Over Impacted Systems With 3 Commands or Less

A security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora.

The flaw, tracked as CVE-2018-14665, was introduced in X.Org server 1.19.0 package that remained undetected for almost two years and could have been exploited by a local attacker on the terminal or via SSH to elevate their privileges on a target system.

The X.Org foundation has now released X.Org Server version 1.20.3 with security patches to address the issue. While, popular distributions like OpenBSD, Debian, Ubuntu, CentOS, Red Hat, and Fedora have published their advisories to confirm the issue and working on the patch updates.

All Linux vendors are recommending all customers update their operating systems as quickly as possible, all patches are available from OS vendors to address the vulnerability and are now available in Syxsense for immediate deployment.

Our discovery scan will identify every device with an IP address connected to your networks, including Linux devices.

Then, thanks to a comprehensive collection of inventory information, you can easily filter the device view and see which Linux devices need the required updates.

Within minutes you will have identified vulnerable devices and started a strategic remediation. Start a free trial of Syxsense and patch your Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||

IoT OS Breached, Crashed and Hacked

By NewsNo Comments

FreeRTOS Has 13 Major Security Flaws

Research performed by Zimperium’s zLabs team uncovered 13 vulnerabilities that could be manipulated to leak information, crash devices, and even take control with remote code execution.

“During our research, we discovered multiple vulnerabilities within FreeRTOS’s TCP/IP stack and in the AWS secure connectivity modules. The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOSSafeRTOS,” shared zLabs in their report.

FreeRTOS and SafeRTOS “have been used in a wide variety of industries: IoT, Aerospace, Medical, Automotive, and more,” according to the company’s post.

“Due to the high risk nature of devices in some of these industries, zLabs decided to take a look at the connectivity components that are paired with these OS’s. Clearly, devices that have connectivity to the outside world are at a higher degree of risk of being attacked.”

These OS, being under the Amazon Web Services umbrella, are some of the most widely used IoT OS.

Organizations should check their environments immediately for any vulnerable devices. It’s no longer enough to detect Windows, Mac, and Linux devices. The IoT presents a whole arena of risks. Vulnerabilities can lurk unnoticed until it’s too late.

Syxsense is the solution that gives you a complete view of your environment.

The inventory scan feature will detect any device with an IP address, including IoT devices. To effectively secure your environment, you must know what’s actually in it.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Oracle Drops Critical Update Bomb

By News, Patch ManagementNo Comments

Over 300 Vulnerabilities: 49 Rated as Critical

Oracle has just dropped its October 2018 update and it is a big one! Over 300 security flaws are addressed in this massive release. 49 of those flaws carry a critical CVSS rating (9 or higher).

One of these scored a ‘perfect’ critical rating of 10!

The flaw in question is CVE-2018-2913 for Oracle GoldenGate. According to Oracle’s Advisory, the flaw “may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.”

Of the remaining critical flaws, 45 have a CVSS rating of 9.8. This release is tackling a huge group of major vulnerabilities. Any organization running Oracle products should immediately scan their networks to figure out just how many devices require these updates.

Simplify Patch Management Tasks

If you want to make the patch management process more efficient, look to an IT solution such as Syxsense. The inventory scan feature can be set to regularly check your network and then display that information in easy to understand icons and graphs.

Then, move to the Patch Manager feature to set up a task to remediate the now obvious vulnerabilities. A task will be prepopulated for rapid deployment, or there are a multitude of controls to facilitate the update release strategy that works best for your unique environment.

Massive update bombs don’t have to wreak havoc on your work week. Discover a better way to manage your updates with Syxsense.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Malware Tops Annual Cybercrime Report

By NewsNo Comments

Europol Cybercrime Report 2018

According to Europol’s 2018 Internet Organised Crime Threat Assessment (IOCTA) report, ransomware is the top threat to organizations.

This report sites ransomware as the largest player in financially-motivated attacks. It also points out the increase in nation state cyber-attacks as a reason for ransomware’s continued leading threat level.

Distributed-Denial-of-Service (DDoS) attacks are still quite prevalent. These kinds of attacks were the second most frequent, just after malware, in 2017. It stands to reason that DDoS attacks will be a concern going forward as they are “becoming more accessible, low-cost, and low-risk.”

An emerging field is Cryptojacking. This is the act of using targeted users’ bandwidth to mine cryptocurrencies. These attacks can cripple an organization by dominating their internet bandwidth and device processing power.

How can your organization protect against these threats?

In the event of a cyberattack, authorities should be alerted. But companies should already have a comprehensive IT management solution in place. Maintaining a proper update strategy can mitigate the risk of exposure.

Syxsense has a diverse set of features that eases the burden of IT management. These features include Discovery, Inventory, Patch Management, Software Distribution, Reports, and more. As updates are released, the console will show which devices need updates.

From there, the patch manager can target those vulnerable devices and a task can be launched to deploy the needed patches. Learn more about securing your environment and start a trial with Syxsense.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

BSOD for HP

By NewsNo Comments

Windows 10 Update causes HP Blue Screen of Death

Microsoft is in trouble with its latest Windows 10 update. The October release 1809 already had a bug that was deleting users’ personal files. Now, this update is wreaking new havoc on HP devices, causing the dreaded Blue Screen of Death.

Hold off on updating any HP devices until this issue can be resolved. If you’ve already installed the update, there is a temporary solution. It seems that deleting ‘HpqKbFiltr.sys’ from C:WindowsSystem32 will mitigate the issue.

Rather than having to go to each HP device and manually delete the file in question, utilize a batch file plus a software distribution solution. With Syxsense, you can easily upload a software package and distribute it to a targeted set of computers.

With the query function, tasks can be targeted to devices that sit within a specific set of parameters. In this example, devices would be collected by manufacturer; HP.

Then, in the Software Deployment task, the created query would be selected and the batch file you created would be run on those devices only.

In minutes, the targeted file would be gone from your devices. The Task Section would even reflect the success of the deployment, to confirm the work was completed.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||

October Patch Tuesday: Windows 10 Disappears Files

By News, Patch Management, Patch TuesdayNo Comments

Patch Tuesday: The Latest News

Microsoft has released 49 security patches today covering Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office.

12 updates are listed as Critical, 35 are rated Important, one is rated as Moderate and one is rated Low severity.

Windows 10 Feature Updates Paused

The highly anticipated Windows 10 feature update (1809) was hotly awaited by Windows 10 users on October 2 only to find that Microsoft have just halted the release due to a very embarrassing bug. Upon install, 1809 deletes users personal files which cannot be easily restored.

Robert Brown, Director of Services for Verismic said, “We would encourage all of our clients to use our recommended test and deployment strategy for feature updates as they do for normal Windows updates. You have 18 months for each feature update, so there is absolutely no reason to rush into mass deployment without testing the impact on your users first.”

Adobe Fixes Critical Vulnerabilities

Adobe released their monthly patch list early this month, with almost a hundred updates coming out last week. Today a modest four additional updates have been released affecting Flash, Framemaker, Adobe Digital Editions & Adobe Technical Suite.

Vulnerability Requires your Attention

On paper CVE-2018-8453 only carries a severity of Important, however we have learned this is being actively exploited. The most likely exploitation of this type of vulnerability is thought by many experts to be by global malware making this a very serious vulnerability.

We would highly recommend this be a priority for your IT manager this month.

Enhance your approach to patch management with Syxsense. Start your free trial with a cloud-based IT management solution that’s easy to use and powerful.

Patch Tuesday Release

CVE ID Description Severity Actively Exploited Highly Recommended
CVE-2018-8460 Internet Explorer Memory Corruption Vulnerability Critical No Yes
CVE-2018-8473 Microsoft Edge Memory Corruption Vulnerability Critical No Yes
CVE-2018-8489 Windows Hyper-V Remote Code Execution Vulnerability Critical No Yes
CVE-2018-8490 Windows Hyper-V Remote Code Execution Vulnerability Critical No Yes
CVE-2018-8491 Internet Explorer Memory Corruption Vulnerability Critical No Yes
CVE-2018-8494 MS XML Remote Code Execution Vulnerability Critical No Yes
CVE-2018-8500 Scripting Engine Memory Corruption Vulnerability Critical No Yes
CVE-2018-8505 Chakra Scripting Engine Memory Corruption Vulnerability Critical No Yes
CVE-2018-8509 Microsoft Edge Memory Corruption Vulnerability Critical No Yes
CVE-2018-8510 Chakra Scripting Engine Memory Corruption Vulnerability Critical No Yes
CVE-2018-8511 Chakra Scripting Engine Memory Corruption Vulnerability Critical No Yes
CVE-2018-8513 Chakra Scripting Engine Memory Corruption Vulnerability Critical No Yes
CVE-2018-8453 Win32k Elevation of Privilege Vulnerability Important Yes Yes
CVE-2018-8423 Microsoft JET Database Engine Remote Code Execution Vulnerability Important No Yes
CVE-2018-8497 Windows Kernel Elevation of Privilege Vulnerability Important No Yes
CVE-2018-8531 Azure IoT Device Client SDK Memory Corruption Vulnerability Important No Yes
CVE-2010-3190 MFC Insecure Library Loading Vulnerability Important No
CVE-2018-8265 Microsoft Exchange Server Elevation of Privilege Vulnerability Important No
CVE-2018-8320 Windows DNS Security Feature Bypass Vulnerability Important No
CVE-2018-8329 Linux On Windows Elevation Of Privilege Vulnerability Important No
CVE-2018-8330 Windows Kernel Information Disclosure Vulnerability Important No
CVE-2018-8333 Microsoft Filter Manager Elevation Of Privilege Vulnerability Important No
CVE-2018-8411 NTFS Elevation of Privilege Vulnerability Important No
CVE-2018-8413 Windows Theme API Remote Code Execution Vulnerability Important No
CVE-2018-8427 Microsoft Graphics Components Information Disclosure Vulnerability Important No
CVE-2018-8432 Microsoft Graphics Components Remote Code Execution Vulnerability Important No
CVE-2018-8448 Microsoft Exchange Server Elevation of Privilege Vulnerability Important No
CVE-2018-8472 Windows GDI Information Disclosure Vulnerability Important No
CVE-2018-8480 Microsoft SharePoint Elevation of Privilege Vulnerability Important No
CVE-2018-8481 Windows Media Player Information Disclosure Vulnerability Important No
CVE-2018-8482 Windows Media Player Information Disclosure Vulnerability Important No
CVE-2018-8484 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important No
CVE-2018-8486 DirectX Information Disclosure Vulnerability Important No
CVE-2018-8488 Microsoft SharePoint Elevation of Privilege Vulnerability Important No
CVE-2018-8492 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Important No
CVE-2018-8493 Windows TCP/IP Information Disclosure Vulnerability Important No
CVE-2018-8495 Windows Shell Remote Code Execution Vulnerability Important No
CVE-2018-8498 Microsoft SharePoint Elevation of Privilege Vulnerability Important No
CVE-2018-8501 Microsoft PowerPoint Security Feature Bypass Vulnerability Important No
CVE-2018-8502 Microsoft Excel Security Feature Bypass Vulnerability Important No
CVE-2018-8504 Microsoft Word Security Feature Bypass Vulnerability Important No
CVE-2018-8506 Microsoft Windows Codecs Library Information Disclosure Vulnerability Important No
CVE-2018-8512 Microsoft Edge Security Feature Bypass Vulnerability Important No
CVE-2018-8518 Microsoft SharePoint Elevation of Privilege Vulnerability Important No
CVE-2018-8527 SQL Server Management Studio Information Disclosure Important No
CVE-2018-8530 Microsoft Edge Security Feature Bypass Vulnerability Important No
CVE-2018-8532 SQL Server Management Studio Information Disclosure Important No
CVE-2018-8503 Chakra Scripting Engine Memory Corruption Vulnerability Low No
CVE-2018-8533 SQL Server Management Studio Information Disclosure Moderate No
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||

Major Third-Party Security Updates

By News, Patch ManagementNo Comments
[vc_single_image image=”25141″ img_size=”full” alignment=”center”]

Google Polishes Chrome

With an apparent rise in malicious extensions, Google has announced five changes that aim to secure their product. These should be incorporated into their next release in the later half of this month, Chrome 70.

1. Expanded controls for determining Chrome extension permissions

According to an article by Chrome developers, “users [will] have the ability to restrict extension host access to a custom list of sites, or to configure extensions to require a click to gain access to the current page.”

2. Code obfuscation banned

Google argues this was the main way in which malicious Chrome extensions made it onto the Chrome Web Store.

3. Two-factor authentication required for developers

Phishing attacks over the last year have targeted browser extensions as a means of mass infection. This new requirement should reduce the change of hackers getting direct access to the code of extensions.

4. New review process

Google is watching! Implementing a deeper review process and monitoring with remotely hosted code, Google hopes to quickly spot if malicious changes are taking place.

5. Updated manifest for stronger security

In 2019, Manifest version 3 will be released. The goal is to create “stronger security, privacy and performance guarantees.”

Google has taken notice of the attacks aimed at manipulating their extension functions. When Chrome 70 releases, be prepared to update it across all your systems.

[vc_separator]

Adobe Alert

Additionally, Adobe has released it’s regularly-scheduled October security updates. More than half of the 85 vulnerabilities are critical flaws, and the rest are rated as important. This is the latest update since Adobe’s critical out-of-band update from September.

The critical vulnerabilities allow arbitrary code execution. That includes 22 out-of-bounds write flaws, seven critical heap overflow glitches, seven use-after-free bugs, three type confusion bugs, three buffer error bugs, three untrusted pointer dereference flaws and a double free vulnerability.

A competing PDF software, Foxit, has also had a spike in discovered vulnerabilities. This is both good and bad news.

[vc_single_image image=”25154″ img_size=”medium” alignment=”center”]

The bad is that malicious actors are getting more aggressive by the day. The good news is that companies are taking their software flaws seriously and proactively looking for issues.

All of these vulnerabilities highlight one key lesson: keeping your systems up to date is the vital step for secure environments.

Patch Everything

Syxsense facilitates easy update deployments. A rapid patch scan can identify which devices need which updates. Then, from the Patch Manager, it’s simple to target a specific update and deploy it to any devices that require it.

Whether its deploying one update or hundreds, Syxsense will handle the task with ease.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]