Skip to main content
Monthly Archives

March 2019

|||

ASUS Patches Live Update Bug

By News, Patch ManagementNo Comments

ASUS Patches Live Update Bug

ASUS Live Update software has been leveraged in a massive supply chain attack called "ShadowHammer" that has targeted up to a million users.

ASUS has rushed out a patch for a major vulnerability that’s infecting thousands of PCs. The bug has allowed an advanced persistent threat group to launch “Operation ShadowHammer,” a massive supply-chain attack.

This exploit has targeted a variety of ASUS PCs with a backdoor injection technique linked to a faulty software update system. Kaspersky security researchers first discovered that the software was used to distribute malware to users in January 2019.

Who is affected?

Users of the ASUS Live Update Utility were the main targets of the attack. ASUS Live Update is pre-installed on most ASUS computers and is used to automatically update certain components such as BIOS, UEFI, drivers and applications. According to researchers, more than a million worldwide may have been impacted.

Kaspersky Lab said that the attackers first launched the exploit via stolen digital certificates used by ASUS to sign legitimate binaries. They then altered older versions of ASUS software to inject their own malicious code.

If users have impacted devices, they need to immediately run a backup of their files and restore their operating system to factory settings.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Review: How to Simplify Your IT Management

By NewsNo Comments

Syxsense Review: How to Simplify Your IT Management

Managing your IT infrastructure can be a nightmare—elevate your IT strategy with an intuitive systems management solution.

Depending on how vast and intricate the dynamics of your IT environment is, managing your IT infrastructure can be a total nightmare.

After all, if you want to optimize how your IT management runs, there are a couple of things you’d need to stay on top of.

Things like:

  • Onboarding new applications and programs
  • Software access and security
  • Software distribution
  • Patch management
  • Costs
  • And installing updates (among other things)

With all of these in your plate, one of the worst mistakes you can make is to do your tasks manually — as in, one by one.

Not only will doing so increase your chances of making catastrophic IT mistakes — costly ones, at that — but you’ll also hurt your productivity.

That’s why you need a reliable IT management solutions like Syxsense  in your arsenal.

What is CMS, Anyway?

From a 30,000 ft perspective, CMS is a cloud-based platform that you can use to manage your internal and external devices.

Some of CMS’ top features are software distribution, user-friendly reports, real-time security, remote control, patch management, and so much more.

With CMS, you can manage your IT environment from a single platform — through the cloud by using a web browser, at that.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Critical Red Hat Updates Released for Firefox

By News, Patch ManagementNo Comments

Critical Red Hat Updates Released for Firefox

With a high risk for exposure, IT managers should deploy these updates immediately.

Red Hat has rated a new Firefox update as Critical, recommending IT managers deploy these updates immediately. These updates upgrade Firefox to version 60.6.0 ESR and can be found in Syxsense for this essential deployment.

  1. RHSA-2019:0622-01 firefox-60.6.0-3.el7_6
  2. RHSA-2019:0623-01 firefox-60.6.0-3.el6_10

Both Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 are affected, and impacts both desktop, server & HPC node architectures. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Robert Brown, Director of Services said, “Firefox is by far the worlds most popular browser for Linux, and has been downloaded over 1 billion times. With such potential exposure we would recommend all browsers be updated within the next 24 hours. Critical vulnerabilities on Linux are not released often, so when they are you generally need to act quickly.”

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||

Microsoft is Making It Harder to Use Windows 7

By NewsNo Comments

Microsoft is Making It Harder to Use Windows 7

With Microsoft ending support for Windows 7 in January 2020, users are being pushed to upgrade.

With less than a year to go until Microsoft ends support for its ten-year-old operating system Windows 7, as many as 43% of enterprises are still running the outdated platform.

Recent research has found that nearly a fifth (17%) of IT departments don’t know when the end of support deadline is (It’s Jan 14, 2020), while 6% are aware of the end of support but have yet to start planning for their migration away from Windows 7.

End of support means that Microsoft will no longer issue security updates for the 10-year-old Windows 7 after Jan. 14, 2020. This poses a serious security risk for organizations to continue running Windows 7 unpatched.

Microsoft has already started to push users to upgrade to Windows 10 if they are using a computer with a newer processor type and an OS older than Windows 10.

If a computer has any of the following OS/ Processor combinations, they will be unable to install and patches. The only solution is to upgrade to Windows 10.

The specific processor types are:

Intel seventh (7th)-generation processors

AMD “Bristol Ridge”

Qualcomm “8996

The specific OS types are:

Windows Server 2012 R2

Windows 8.1

Windows Server 2008 R2

Windows 7

With the powerful inventory query function, Syxsense can easily detect if you are exposed with unpatched operating systems running on new hardware.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Frustrated with WSUS Errors?

By News, Patch ManagementNo Comments

Frustrated with WSUS Errors?

With WSUS, patch management is more frustrating, complicated, and time consuming than it should be.

Tired of scouring through forums to figure out why WSUS isn’t installing updates? Do you keep getting errors even though you followed every step perfectly?

We hear you. Patching with WSUS is a struggle to say nothing of updating the WSUS server itself. It’s more complicated, confusing, and time consuming than it should be.

That is exactly why people love Syxsense. Our modern cloud-based patching solution enables you to patch Windows, Mac OS X, Linux, and 3rd party software in a single dashboard. We eliminate your WSUS headaches by allowing you to:

  • See your full inventory and vulnerability status
  • Prioritize and deploy patches based upon severity
  • Start patching systems within minutes
  • Use automated maintenance windows to maintain patch security
  • Report on your entire infrastructure

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

Georgia County Pays $400,000 to Ransomware Attackers

By NewsNo Comments

Ransomware Attack on Georgia County Gets Criminals $400,000

The government of Jackson County, Georgia, paid hackers $400,000 to regain access to its files after a devastating ransomware attack.

The government of Jackson County, Georgia, paid $400,000 to regain access to their IT systems after a devastating ransomware attack.

The attack hit the county’s internal network on Friday, March 1. As a result of the infection, the majority of machines were forced offline, with the exception of its website and 911 emergency system.

After notifying the FBI, Jackson County officials worked with a cybersecurity consultant to negotiate payment—$400,000 for a decryption key and access to their ransomed files.

“We had to make a determination on whether to pay,” County Manager Kevin Poe said. “We could have literally been down months and spent as much or more money trying to get our system rebuilt.”

Poe said the ransomware was Ryuk, a new strain from Eastern Europe focused on targeting local government, healthcare, and large enterprise networks. Targeted assaults are typically executed through phishing, likely the method used in the case of Jackson County.

Ryuk recently impacted newspapers throughout the US from Tribune Publishing and Los Angeles Times. An attack from December 2018 affected the Wall Street Journal, New York Times, and other major publications.

Prevent Breaches with Realtime Security

Syxsense Realtime Security collects live, accurate data from thousands of devices in under 10 seconds. Instantly detect running .exes, malware or viruses, and kill those processes before they spread.

Whether it’s a ransomware attack or supporting users on the fly, Realtime Security allows you to manage, patch, and remediate your environment with ease.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

March Patch Tuesday: Eliminate the Exploits

By News, Patch Management, Patch TuesdayNo Comments

March Patch Tuesday: Eliminate the Exploits

It's the second Tuesday of March, which means it's time for another round of Patch Tuesday security updates.

Microsoft has released 64 patches today covering IE, Edge, Exchange, Windows and Office. There are 17 rated Critical, 45 rated Important, 1 is rated Moderate and is rated Low in severity—this is much less than last month’s release of over 80 updates, however there are still some surprises in this release to keep you busy.

Prioritize Now: Public Announced and Current Exploits

Four of the updates CVE-2019-0683, CVE-2019-0754, CVE-2019-0757 and CVE-2019-0809 are marked as “Publicly Disclosed” meaning there is an increased risk of attack in the very near future, and two updates CVE-2019-0797 & CVE-2019-0808 are marked as “Being Exploited” meaning you should prioritize them now.

Robert Brown, Director of Services for Verismic said, “You should treat these 6 updates with the highest importance, and you should especially treat CVE-2019-0797 & CVE-2019-0808 as a Zero Day because active exploits means actual attempts on your networks by those who wish to expose your data.”

Adobe Patches Flash, Photoshop and Digital Editions

Adobe has given a slight reprieve to IT managers this month by releasing only 3 updates: one for Flash, Photoshop and Digital Editions. Although these updates carry a Critical severity, they are ranked by Adobe with a Priority of 3 meaning administrators should install these updates at their discretion.

Features Updates Due for Retirement

On April 9, the Windows 10 feature update version 1709 will be due for retirement on Home, Pro and Pro for Workstations editions. If you are still using Enterprise or Education editions, you have another year to plan your upgrade.

Use Syxsense to organize and deploy Windows, third-party, Mac OS and Linux updates to keep your environment safe. Our clients love having control over when and where the scanning and deployment of updates takes place, providing peace of mind to any IT department.

Patch Tuesday Release

ID Description Severity Publicly Announced Actively Exploited Recommended
CVE-2019-0797 Win32k Elevation of Privilege Vulnerability Important No Yes Yes
CVE-2019-0808 Win32k Elevation of Privilege Vulnerability Important No Yes Yes
CVE-2019-0683 Active Directory Elevation of Privilege Vulnerability Important Yes No Yes
CVE-2019-0754 Windows Denial of Service Vulnerability Important Yes No Yes
CVE-2019-0757 NuGet Package Manager Tampering Vulnerability Important Yes No Yes
CVE-2019-0809 Visual Studio Remote Code Execution Vulnerability Important Yes No Yes
CVE-2019-0592 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0603 Windows Deployment Services TFTP Server Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0609 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0639 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0666 Windows VBScript Engine Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0667 Windows VBScript Engine Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0680 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0697 Windows DHCP Client Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0698 Windows DHCP Client Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0726 Windows DHCP Client Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0756 MS XML Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0763 Internet Explorer Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0769 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0770 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0771 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0773 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0784 Windows ActiveX Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0612 Microsoft Edge Security Feature Bypass Vulnerability Important No No
CVE-2019-0614 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-0617 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0665 Windows VBScript Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0678 Microsoft Edge Elevation of Privilege Vulnerability Important No No
CVE-2019-0682 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important No No
CVE-2019-0689 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important No No
CVE-2019-0690 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0692 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important No No
CVE-2019-0693 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important No No
CVE-2019-0694 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important No No
CVE-2019-0695 Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0696 Windows Kernel Elevation of Privilege Vulnerability Important No No
CVE-2019-0701 Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0702 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0703 Windows SMB Information Disclosure Vulnerability Important No No
CVE-2019-0704 Windows SMB Information Disclosure Vulnerability Important No No
CVE-2019-0748 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0755 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0759 Windows Print Spooler Information Disclosure Vulnerability Important No No
CVE-2019-0761 Windows Security Zone Bypass Vulnerability Important No No
CVE-2019-0762 Microsoft Browsers Security Feature Bypass Vulnerability Important No No
CVE-2019-0765 Comctl32 Remote Code Execution Vulnerability Important No No
CVE-2019-0766 Microsoft Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-0767 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0768 Internet Explorer Security Feature Bypass Vulnerability Important No No
CVE-2019-0772 Windows VBScript Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0774 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-0775 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0776 Win32k Information Disclosure Vulnerability Important No No
CVE-2019-0778 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-0779 Microsoft Edge Memory Corruption Vulnerability Important No No
CVE-2019-0782 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0783 Scripting Engine Memory Corruption Vulnerability Important No No
CVE-2019-0798 Skype for Business and Lync Spoofing Vulnerability Important No No
CVE-2019-0821 Windows SMB Information Disclosure Vulnerability Important No No
CVE-2019-0611 Chakra Scripting Engine Memory Corruption Vulnerability Important No No
CVE-2019-0746 Chakra Scripting Engine Memory Corruption Vulnerability Important No No
CVE-2019-0780 Microsoft Browser Memory Corruption Vulnerability Important No No
CVE-2019-0816 Azure SSH Keypairs Security Feature Bypass Vulnerability Moderate No No
CVE-2019-0777 Team Foundation Server Cross-site Scripting Vulnerability Low No No

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Critical Red Hat Updates Released

By News, Patch Management, Patch TuesdayNo Comments

Critical Red Hat Updates

Ahead of Patch Tuesday, a new security advisory has been issued for Red Hat.

A recent Red Hat security advisory has been issues for Red Hat Enterprise 6 and 7 relating to Java version 7 and 8.

A CVSS score of 8.6 indicates this has a high probability of being used to targets environments soon, although we are unaware at present if attacks are actively being targeted. Red Hat vulnerabilities of this severity are not often released which couldn’t come at a more inconvenient time with Microsoft Patch Tuesday only 4 days away.

Security Updates

  1. IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547)
  2. OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422)
  3. IBM JDK: missing null check when accelerating Unsafe calls (CVE-2018-12549)
  4. libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212)
  5. Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment) (CVE-2019-2449)

All Syxsense customers can find these updates available in their console, and because of the critical nature of the vulnerability and the huge exposure of Java, we recommend this be prioritized as quickly as possible.

Is your patching strategy ready?

Having a strategic patch roll-out implemented is key to secure software updating. However, your plan and patching software must be flexible enough to deal with a rogue critical update. Will you be ready to jump into action when an emergency security update is released?

With Syxsense, you have the stability of a strategic roll-out, but also the capabilities of a response team.

This solution can patch devices with WindowsMac, or Linux operating systems. Our content library has a wide range of major software vendors.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Zero-Day Flaw in Chrome Under Active Attack

By Patch ManagementNo Comments

Zero-Day Flaw in Chrome Under Active Attack

There is a critical Chrome zero-day vulnerability being actively exploited in the wild.

Google has warned that a zero-day Remote Code Execution “RCE” vulnerability is actively being exploited in the wild by attackers to target Chrome users.

The latest attacks exploit CVE-2019-5786, a security flaw and the only patch included in the Chrome 72.0.3626.121 version, released on March 1, 2019.

How are attackers leveraging this vulnerability?

The flaw is enabling attackers to conduct remote code execution attacks, taking full control of their target PCs. Depending on the privileges given to Chrome, the attacker could install programs; view, change, or delete data; or create new accounts.

Additionally, the Google cybersecurity team has discovered that the flaw is located in the FileReader API component in the Google Chrome browser application. This is the main issue which allows launching code through remote servers.

What should you do?

Patching is the ultimate fix.

Robert Brown, Director of Services for Verismic said, “Ahead of next week’s Patch Tuesday, everyone should prioritize this update before Microsoft adds additional workload to their monthly schedule. As of March, Google Chrome is estimated to be used on 67% of all Internet browsers and as this vulnerability impacts not only Windows but Linux and Mac OS too, there is no amnesty usually associated with non-Windows OS this time.

The Best Way to Update Your Browsers

Keeping internet browsers across your company up-to-date can be surprisingly simple with the right solution. Syxsense provides detection and remediation of critical updates.

With a comprehensive patch scan, you’ll see all the devices that require updates. If you are wondering about the status of a specific software, run a targeted scan seeking a specific software. Both are easily set up and can be repeated regularly with our maintenance windows.

From there, it’s simple to set up a task that targets every device that need updates.

It’s time to switch to an IT management solution that can deploy any security updates required.

Get started with Syxsense’s patching capabilities and experience all the intuitive features.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo