Skip to main content
Monthly Archives

December 2018

|

Emergency Fix for IE Zero Day

By News, Patch Management

Microsoft Releases Patch to Address Active Exploit

After learning about it from Google, Microsoft has moved to fix CVE-2018-8653. This flaw in Internet Explorer is being actively exploited in the wild.

According to the Microsoft release, this remote code execution issue “could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.”

The vulnerability effects Internet Explorer 11 on Windows 7 to 10 and Windows Server 2012, 2016, and 2019. For Explorer 10, it effects Windows Server 2012. For Explorer 9, it effects Windows Server 2008.

As it is being actively exploited, it’s critical to check that all systems have updated Internet Explorer.

Using Syxsense to Address This Issue

Syxsense is designed to facilitate and simplify any patching strategy. While you can run a comprehensive scan of all devices on a network, you can also run a targeted scan seeking a specific software. The console can easily display which devices are running which version of an application that might be at risk.

From there, it’s simple to set up a task that targets every device that requires the needed update.

With visual gadgets in both the device and task views, an IT manager can track the completion status of the deployment.

With everything being integrated, a report can be generated from the task information. Software can also be completely rolled back, if needed.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Google’s Project Zero Discloses Logitech Vulnerability

By News

Logitech’s Logic Called Into Question

On December 11, Google’s Project Zero disclosed a vulnerability in Logitech’s Options application. It seems that the application opened a port (10134) to simplify client-server communication.

However, this also means that authentication steps would be skipped, creating possible security risks.

The researcher who discovered the vulnerability, Tavis Ormandy, suggests that an attacker could execute a keystroke injection and take control of a Windows PC running Logitech’s Options application.

Just two days after the public disclosure, Logitech released an update (version 7.00.564 for Windows, 7.00.554 for Mac). This update seems to have satisfied Ormandy’s concerns.

Companies need to sweep their network for the Logitech Options application and confirm the current version is deployed.

Is there an easier way to manage?

Use Syxsense to detect and then remediate critical updates. While you could run a comprehensive scan of all devices on a network, you can also run a targeted scan seeking a specific software. Easily see which devices are running which version of an application that might be at risk.

From there, it’s simple to set up a task that targets every device that need the update.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||

Microsoft Re-Releases Windows 10 v1809

By News

Issue-Plagued October Update is Available…again.

After being publicly pulled twice, Microsoft is tentatively releasing Windows 10 version 1809 again. To be able to deploy this update now, one would have to manually check systems through Windows Update.

It will not be automatically pushed to any devices.

Of the 7 issues Microsoft has been tracking, 3 have been labeled as resolved. There is no indication when the remaining 4 will be completed. Microsoft intends to have yet another release of this update once they are certain all issues have been resolved.

This update has been a nightmare to deploy. Attempts have been met with file system bugs, driver conflicts, incompatibilities with graphics cards, and more.

If you really want to deploy this update, the best recommendation that can be made is to ensure everything else is completely up-to-date first. Update all drivers, software, and firmware that you can.

Syxsense, a powerful IT management solution, can facilitate a complete update of your systems. A patch scan task will show you which devices and software have missing updates. From there, an update deployment can be set up to distribute any needed patches.

Syxsense also has maintenance windows. These are leveraged to run tasks around business hours and to create repeating tasks for as frequently as you desire.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||

Equifax Blames One IT Guy for Not Patching

By News, Patch Management

Former Equifax CEO Blames One Employee for Massive Hack

After over a year of investigation, the U.S. House of Representatives Oversight and Government Reform Committee have released their report on the Equifax data breach. Their report is scathing, drawing immediate attention to massive failures.

The report calls the hack “entirely preventable” and states that there was “lack of accountability and management structure…complex and outdated IT systems…failure to implement responsible security measurements… [and they were] unprepared to support affected consumers.”

Last year the Apache Struts vulnerability, that had been exploited in the wild for months, was used to gain access to corporate systems. Equifax was even warned about the vulnerability, but failed to properly patch it. The critical Apache Struts vulnerability was publicly disclosed on 7th March last year, and the Department of Homeland Security alerted Equifax on this security flaw the next day.

After a high profile and massive data breach, there were repercussions. From simply not patching their systems, the CEO, CIO, and CISO all lost their jobs. This can be just one of many consequences for not keeping patches up to date. On every level, patching is critical for continued security of businesses.

The company confirmed they sent the alert to over 400 internal staff, instructing them to apply the necessary patch, and also held a meeting on 16th March about the vulnerability.  Unfortunately to their great regret, it was too late and the rest is history – 148 million customer details were stolen and distributed over the internet.

As the report was released, the former CEO of Equifax Richard Smith tried to apologize, but threw a single unnamed IT person under the bus. Smith did state that he was “ultimately responsible,” but also said, “An individual did not ensure communication got to the right person to manually patch the application.”

Equifax have since confirmed they implemented outdated perimeter protection to reduce the risk of exposure. Robert Brown, Director of Services at Verismic Software said, “Unfortunately this kind of solution does not protect endpoints outside the network and greatly increases the chances of estate wide exposure on the first infection inside the network.”

The House report, and the CEO’s own admissions, illustrate that even a simple patching strategy would have likely prevented this disaster.

If device scans are run at night when devices are offline, hidden behind a firewall or roaming, security and IT teams have an incomplete view of their environment. Realtime Security eliminates blind spots enabling teams to manage their environment with 100% visibility.

With no steep learning curve, Realtime Security’s simple to learn web interface leverages AI, and empowers teams with the information and skill to act instantly.

Why juggle multiple consoles for device and security management? In a single place, security and IT operations can understand their exposed security risk, patch, deploy software, stop security breaches, satisfy compliance agencies and more.

Whether organizations are looking for endpoint security or IT management capabilities, including patch management, software distribution and remote control, Syxsense is the only cloud-based approach to security and systems management which enables 10-second endpoint visibility and control thousands of devices.

Get started with Syxsense and manage your entire IT environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

December Patch Tuesday: Disclosed & Exploited

By News, Patch Management, Patch Tuesday

Patch Tuesday Release: The Latest News

Microsoft has released half the updates they released last month: 39 security patches total.

Thee cover Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office.  9 of these are listed as Critical with the remaining 30 as Important.

Adobe Fixes Many Vulnerabilities

Adobe on the other have released almost 90 updates today, and all are marked Important for Adobe Acrobat and Reader. To our knowledge none of the updates released today are being exposed in the wild, but we would recommend you implement these as part of your third-party patching strategy.

Several Vulnerabilities Require Your Attention: Turn Off Windows Update

CVE-2018-8611 and CVE-2018-8517 are two important updates you need to prioritize this month. Not because they have the highest severity, but because these are publicly disclosed and actively being exploited.

CVE-2018-8611 is an update being exposed by malware which is exposing networks all over the world. Robert Brown, Director of Services for Verismic said, “Just this week we have learned one of Italy’s oil and gas exploration giants have suffered a relentless cyber-attack causing server infrastructure to go offline. Often it’s these companies who think by leaving Windows Update in its default mode are protecting their environment from zero day attacks and sophisticated espionage.”

The Best Patch Strategy

We recommend our Syxsense clients take a safe and calculated approach to managing their security. Turn off the default Windows patching mode and implementing a fully rigorous, selective but fully secure patching strategy.

Patch Tuesday Release

CVE ID Description Severity Public Exploited Recommended
CVE-2018-8611 Windows Kernel Elevation of Privilege Vulnerability Important No Yes Yes
CVE-2018-8517 .NET Framework Denial Of Service Vulnerability Important Yes No Yes
CVE-2018-8540 .NET Framework Remote Code Injection Vulnerability Critical No No Yes
CVE-2018-8583 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8617 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8618 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8624 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8626 Windows DNS Server Heap Overflow Vulnerability Critical No No Yes
CVE-2018-8629 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8631 Internet Explorer Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8634 Microsoft Text-To-Speech Remote Code Execution Vulnerability Critical No No Yes
CVE-2018-8477 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2018-8514 Remote Procedure Call runtime Information Disclosure Vulnerability Important No No
CVE-2018-8580 Microsoft SharePoint Information Disclosure Vulnerability Important No No
CVE-2018-8587 Microsoft Outlook Remote Code Execution Vulnerability Important No No
CVE-2018-8595 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2018-8596 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2018-8597 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2018-8598 Microsoft Excel Information Disclosure Vulnerability Important No No
CVE-2018-8599 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important No No
CVE-2018-8604 Microsoft Exchange Server Tampering Vulnerability Important No No
CVE-2018-8612 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important No No
CVE-2018-8619 Internet Explorer Remote Code Execution Vulnerability Important No No
CVE-2018-8621 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2018-8622 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2018-8625 Windows VBScript Engine Remote Code Execution Vulnerability Important No No
CVE-2018-8627 Microsoft Excel Information Disclosure Vulnerability Important No No
CVE-2018-8628 Microsoft PowerPoint Remote Code Execution Vulnerability Important No No
CVE-2018-8635 Microsoft SharePoint Server Elevation of Privilege Vulnerability Important No No
CVE-2018-8636 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2018-8637 Win32k Information Disclosure Vulnerability Important No No
CVE-2018-8638 DirectX Information Disclosure Vulnerability Important No No
CVE-2018-8639 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2018-8641 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2018-8643 Scripting Engine Memory Corruption Vulnerability Important No No
CVE-2018-8649 Windows Denial of Service Vulnerability Important No No
CVE-2018-8650 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2018-8651 Microsoft Dynamics NAV Cross Site Scripting Vulnerability Important No No
CVE-2018-8652 Windows Azure Pack Cross Site Scripting Vulnerability Important No No
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||

Prepare for Patch Tuesday!

By News, Patch Management, Patch Tuesday

Do you have a patching strategy? It should include turning off Automatic Windows update.

Patch Tuesday is here. To avoid the usual splitting headache, we recommend disabling automatic updates for Windows and implementing a reliable patch strategy.

Windows 10 updates whether you want it to or not…unless you know the trick. While we recommend that you always keep your systems patched, sometimes the updates are worse than the vulnerability, like the July Patch Tuesday this year.

Win10

If you have a Professional, Enterprise, or Education edition of Windows 10, you can turn off automatic updates, but the option is hidden. You need to pull yourself out of beta testing and then delay new versions by setting the “feature update” deferral to 120 days or more. Here’s what to do in version 1703, if you have a later version of Windows 10 these settings still apply, but the wording is slightly different.

  • Press Win-R, type gpedit.msc, press Enter. This brings up the Local Group Policy Editor.
  • Navigate the left pane as if it were File Explorer to
  • Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Updates.
  • Choose Select when Feature Updates are received.
  • In the resulting dialog box, select Enabled.
  • In the Options box, type in how many days you’d like to pause updates and then in the next field type in today’s date.
  • Click Apply and then OK.

If you want to you can repeat this process for the second setting in Group Policy named Select when Quality Updates are received. Keep in mind, however, that quality updates include security updates and skipping them is not the best idea. On the upside, security updates are cumulative meaning if you do skip these updates, you can download the next one and be up to date.

Win7 and 8

  • Log in to the Windows 7 or Windows 8 guest operating system as an administrator.
  • Click Start > Control Panel > System and Security > Turn automatic updating on or off.
  • In the Important updates menu, select Never check for updates.
  • Deselect Give me recommended updates the same way I receive important updates.
  • Deselect Allow all users to install updates on this computer and click OK.

Patch Strategy

Your IT update solution should facilitate phased rollouts and have full rollback options. These are the necessary keys to avoiding data loss or device outages.

Step 1. Identify

You can’t manage your environment if you don’t know what devices are there and which need updates. An IT solution should also be able to manage roaming devices.

Plus, if data is stale, it could mean missing a device or update that was critical to secure. Detect the state of your environment with live, accurate, and actionable data.

Step 2. Test Group Deployment

Deploy the updates to a small group of devices. These devices should be of low impact to the overall productivity of your company. Once these devices have been successfully and safely updated, you can deploy needed updates without worrying about a massive disaster.

Step 3. Phased Rollout

Now updates should be distributed to any device that needs them. However, you want this task to preform around business hours. Updates are important, but so is avoiding interruptions of productivity. A maintenance window should be set up so that any update tasks happen before and after business hours.

And to facilitate a proper patching strategy, look to a comprehensive IT solution.

Syxsense

This is the solution for all of your patching needs. Syxsense can deploy updates to Windows, Mac, and Linux devices. It is a complete patching solution that can manage devices both in your network, but also roaming and out of the office.

Software Update Service

We understand that while updating software is the #1 way to protect your environment, it’s low on your priority list. As an IT department, you have other pressing tasks that you need your attention.

With our Software Update Service, you can move forward while we keep your devices up to date.

Our expert patch management team provides reliable support with detection and remediation for Windows and third-party software updates. We work closely with you to provide safe and efficient endpoint security with your own systems management tool or ours, Syxsense.

Our team will keep your IT systems reliable with endpoints updated and secure.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo