Skip to main content
Monthly Archives

May 2019

||

4 Uses for Forensics in IT Systems Management

By Patch Management

4 Uses for Forensics in IT Systems Management

Forensics and systems management don’t seem to go hand in hand. However, IT managers should have the power of history at their fingertips.

Whether it’s tracking assets or identifying unauthorized software, knowing what’s there and what’s changed will ensure the security and stability of your network.

Find out the top 4 uses for forensics that can significantly improve your IT systems management strategy.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Not Your Usual Patch Tuesday: Rare Patch for Legacy Systems

By News, Patch Management, Patch Tuesday

Not Your Usual Patch Tuesday: May Updates

May includes a rare but urgent patch for previously unsupported versions: Windows XP, 7 and Server 2003.

Microsoft has released a security fix for several unsupported versions of Windows, including Windows XP and Windows Server 2003. If you are a user of either of those systems, you need to patch now.

The vulnerability, CVE-2019-0708, is a potentially ‘wormable’ flaw that could result in a malware attack like WannaCry. To exploit the vulnerability “an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP,” Microsoft officials noted.

“The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” explains Microsoft officials in today’s Microsoft Security Response Center (MSRC) blog post.

Even though unsupported, Windows 7, XP, and Server 2003, still account for over 35% of the Microsoft-based installations. This vulnerability could potentially affect over 400 million PCs worldwide.

Desktop Windows Version Market Share Worldwide - April 2019

Additionally, Remote Desktop alone has already been recognized as an insecure method of remote connection, whether using VPN or not.

An IT solution like Syxsense will facilitate a comprehensive patching strategy as well as offer a fully-encrypted Remote Control to ensure all systems are up to date and protected.

Organizations must act now and implement a proactive approach to securing their networks. An IT solution like Syxsense will facilitate a comprehensive patching strategy to ensure all systems are up to date.

Patch Tuesday Release

Microsoft have released 79 patches today covering IE, Edge, ChakraCore, .NET Framework, Azure, Windows and Office. There are 22 rated Critical and 57 are Important. In this release there are no Moderate or Low in severity, but this is up over last month’s release of 74 updates, so will keep you even busier than April.

Publicly Known & Active Exploits: Prioritize Now

Two of the updates CVE-2019-0863 and CVE-2019-0932 are “Publicly Discovered” where CVE-2019-0863 is already reported to be used in the wild where they are able to run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with administrator privileges – you must prioritise them now.

Robert Brown, Director of Services for Verismic said, “To exploit the vulnerability, an attacker must first gain unprivileged execution on a victims operating system which given the number of Remote Code Execution vulnerabilities in this release makes this specific vulnerability your number 1 priority.”

Adobe Updates

Adobe have released a shockingly huge release this month, counting up to 84 updates for Reader and Acrobat. All updates are Critical or Important priority 2 meaning IT Admins should install these updates within the next 30 days.

Patch Tuesday Release

Verismic Recommended CVE Identity Description / Type Severity Publicly Discovered Actively Being Exploited
Yes CVE-2019-0863 Windows Error Reporting Elevation of Privilege Vulnerability Important Yes Yes
Yes CVE-2019-0932 Skype for Android Information Disclosure Vulnerability Important Yes No
Yes CVE-2019-0912 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0913 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0914 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0915 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0916 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0917 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0922 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0924 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0925 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0927 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0933 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0937 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0903 GDI+ Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-0929 Internet Explorer Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0940 Microsoft Browser Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0926 Microsoft Edge Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0953 Microsoft Word Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-0884 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0911 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0918 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0725 Windows DHCP Server Remote Code Execution Vulnerability Critical No No
CVE-2019-0980 .NET Core Denial of Service Vulnerability Important No No
CVE-2019-0982 .NET Core Denial of Service Vulnerability Important No No
CVE-2019-0820 .NET Framework and .NET Core Denial of Service Vulnerability Important No No
CVE-2019-0981 .Net Framework and .Net Core Denial of Service Vulnerability Important No No
CVE-2019-0864 .NET Framework Denial of Service Vulnerability Important No No
CVE-2019-1000 Azure AD Connect Elevation of Privilege Vulnerability Important No No
CVE-2019-0727 Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability Important No No
CVE-2019-0938 Microsoft Edge Elevation of Privilege Vulnerability Important No No
CVE-2019-0957 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No
CVE-2019-0958 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No
CVE-2019-0942 Unified Write Filter Elevation of Privilege Vulnerability Important No No
CVE-2019-0892 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2019-0734 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-0936 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-0881 Windows Kernel Elevation of Privilege Vulnerability Important No No
CVE-2019-0707 Windows NDIS Elevation of Privilege Vulnerability Important No No
CVE-2019-0931 Windows Storage Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0971 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability Important No No
CVE-2019-0930 Internet Explorer Information Disclosure Vulnerability Important No No
CVE-2019-0956 Microsoft SharePoint Server Information Disclosure Vulnerability Important No No
CVE-2019-0819 Microsoft SQL Server Analysis Services Information Disclosure Vulnerability Important No No
CVE-2019-0758 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-0882 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-0961 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-0886 Windows Hyper-V Information Disclosure Vulnerability Important No No
CVE-2019-0923 Chakra Scripting Engine Memory Corruption Vulnerability Important No No
CVE-2019-0889 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0890 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0891 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0893 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0894 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0895 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0896 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0897 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0898 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0899 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0900 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0901 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0902 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0945 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0946 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0947 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0952 Microsoft SharePoint Server Remote Code Execution Vulnerability Important No No
CVE-2019-0885 Windows OLE Remote Code Execution Vulnerability Important No No
CVE-2019-0995 Internet Explorer Security Feature Bypass Vulnerability Important No No
CVE-2019-1008 Microsoft Dynamics On-Premise Security Feature Bypass Important No No
CVE-2019-0733 Windows Defender Application Control Security Feature Bypass Vulnerability Important No No
CVE-2019-0921 Internet Explorer Spoofing Vulnerability Important No No
CVE-2019-0949 Microsoft SharePoint Spoofing Vulnerability Important No No
CVE-2019-0950 Microsoft SharePoint Spoofing Vulnerability Important No No
CVE-2019-0951 Microsoft SharePoint Spoofing Vulnerability Important No No
CVE-2019-0976 NuGet Package Manager Tampering Vulnerability Important No No
CVE-2019-0872 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important No No
CVE-2019-0979 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important No No
CVE-2019-0963 Microsoft Office SharePoint XSS Vulnerability Important No No

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||

Who Are the Worst Vendors of 2019?

By News, Patch Management

Who Are the Worst Vendors of 2019?

From the highest number of software updates to highest number of critical vulnerabilities, find out which vendors are the worst offenders.

2019 has brought serious threats causing massive disruption and data theft. Which vendor has released the most software updates and fixes in 2019, and of these, which updates are the most critical? Let’s find out!

The top 20 vendors look like this for 2019—this means Microsoft has released the most patches to fix a vulnerability of any severity out of the most popular software vendors.

Let’s see how the top 10 from this list compare when we deep dive into the severity of the vulnerabilities fixed. For simplicity, we will base our statistics on the CVSS Score.

What is a CVSS Score?

The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help properly assess and prioritize their vulnerability management processes.

We can see that Microsoft have released a total of 6330 patches so far this year, with 2143 of these patches resolving a vulnerability with a CVSS score of 9 or higher. Just behind Microsoft in second place is Adobe – which has released 2052 updates.

Let’s take a look at how the most serious vulnerabilities impact the original ranking. We can see from the table below that the top 5 vendors have made significant movements and some are unexpected, e.g. IBM has moved out of the top 5 and Adobe has moved into the top 5.

Who’s the worst?

To continue this trend analysis review and to find out who has fixed the highest number of critical vulnerabilities, let’s compare the percentage of those threats against the total number of patches they have released this year.

We can do this by dividing all vulnerabilities with CVSS score more than 9 and dividing by the total number released by 100. The following table shows the new ranking of the vendors against the original ranking.

Robert Brown, Director of Services said, “What is really surprising is that a third party vendor to Microsoft has fixed more high priority vulnerabilities than them. If you do not have a strategy to include third party updates believing that only Microsoft needs to be patched, I hope this table convinces you to implement a different, more inclusive process. Not only that, some of these third party vendors like Oracle and Cisco are less likely to appear in a patching strategy which would expose a lot of your estate. Lastly, the toolset you use to patch your environment should be flexible to include other non-Windows operating systems like RedHat and Suse.”

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Flaw in Dell’s SupportAssist: The Help that Hurts

By News

Flaw in Dell’s SupportAssist: The Help that Hurts

Most Dell computers are affected by a flaw in SupportAssist that is giving hackers admin privileges to devices.

Many new Dell computers running Windows will come pre-installed with SupportAssist, which according to Dell’s website “provides automated, proactive and predictive technology that reduces troubleshooting steps and speeds up your resolution time.”  The only problem with this time-saving support is that it’s also giving hackers admin privileges to your device.

The exact number of affected end-users has not been released, but the SupportAssist application comes preloaded on all new Windows computers. Anyone who still has it running would be vulnerable to this kind of attack and needs to update their application right away or uninstall the Dell SupportAssist application completely. The vulnerability has been known since October last year, but a patch was just released on April 23rd, 2019.  Devices that the company sells without Windows are not affected, since the app doesn’t come pre-installed.

What is SupportAssist?

Dell’s SupportAssist is an automated support solution for Dell personal computers, tablets, storage devices, servers, and networking devices. In fact it’s the first automated solution that offers proactive and predictive support for a device. It helps prevent downtime before it has even begun by evaluating and monitoring device health along with the health of the servers and storage devices. It’s a truly proactive and preempting support solution that predicts the solution required by a device and offers resolution for problems that have not even surfaced.

How The Attack Works

H/T to Bill Demirkapi, a 17-year old security researcher who discovered the SupportAssist app vulnerability and notified Dell about the bug a few months ago. He posted a full vulnerability report on his Github and a demo video of the attack.

The attack works by first sending users to a malicious web page, which Dell’s SupportAssist is then tricked into downloading and running malware on the users’ PCs.

SupportAssist runs with administrative privileges by default, something that doesn’t apply to the vast majority of Windows applications. Because of this, the attackers are able to gain administrative rights on the users’ PCs.

The most likely scenarios in which the attacker can exploit the app’s vulnerability remotely is when the victims are on a public Wi-Fi or large enterprise network, i.e. Wi-Fi at your local Starbucks, workplace, or school.

From there, the attacker can launch Address Resolution Protocol spoofing attacks, giving them access to legitimate IP addresses within the network, as well as DNS attacks. Network, system, and endpoint security are ever more important in curbing the vulnerabilities arising from the flaw.

How Syxsense Can Help

As of February this year, Dell issued patches that are said to fix the vulnerability stemming from the flaw in their SupportAssist program. For those who do not have automatic Dell SupportAssist updates or are unable to update to Dell SupportAssist for business PCs version 2.1.4 or Dell SupportAssist for home PCs version 3.4.1, Syxsense can offer a few solutions to remedy the situation:

  1. Inventory Queries can assist in instantly showing which devices are affected because they have SupportAssist installed or verify which are safe because it’s not.
  2. Software Distribution can be leveraged to uninstall the Dell software via the original installer or via a script.
  3. Post-uninstall, Syxsense can re-verify that the software no longer exists.
  4. Syxsense’s Remote Control feature can be leveraged to verify that additional admin accounts were not created on the individual endpoints.
  5. With the help of endpoint security, all entry points and end points of end-user devices like laptops, desktops, tablets, and mobile devices can be secured to ensure that these devices don’t allow SupportAssist attacks to the client network or devices.
  6. Patch management is a crucial solution that can help resolve the Dell SupportAssist attacks or high-rated threats similar to those posed by Dell’s SupportAssist flaw. In fact Dell has already resolved the issue through a patch management solution, as explained above. Patches that fix the vulnerabilities arising from the flaw in Dell’s SupportAssist solution can help preempt the occurrence of any probable security issues or threats.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

DHS: Patch Within 15 Days – Or Else

By News, Patch Management

DHS: Patch Within 15 Days—Or Else

DHS orders agencies to patch within 15 days for "critical" flaws and 30 days for "high" severity flaws.

The Department of Homeland Security has issued a new directive to government agencies, ordering them to quickly patch critical security vulnerabilities found on their networks within 15 calendar days.

A new study is released almost every day that shows how patching continues to impact most organizations with real consequences. Nearly 60% of organizations that have suffered a data breach in the past two years cite a known vulnerability for which they had not yet patched as the culprit. The Equifax breach, which affected 148 million people, was blamed on a single IT staffer for not patching.

The new Binding Operational Directive (BOD) 19-02 from DHS instructs federal agencies and departments to address “critical” rated vulnerabilities within 15 days and “high” severity flaws within 30 days of initial detection. The clock to patch compliance will start when the vulnerability was initially detected during CISA’s weekly Cyber Hygiene scanning, rather than it was the first report to the affected agencies.

It looks like the federal government is getting serious about cyber security. This is the second BOD that CISA has released this year. Following a series of DNS hijacking incidents, the agency issued an “emergency directive” earlier this year, ordering federal agencies to audit DNS records for their respective website domains and other agency-managed domains within 10 days.

Syxsense integrates naturally into your environment without interrupting business. Through maintenance windows, you automate both the ongoing discovery of any new devices as well as the immediate response when vendors release critical patches. Know you are secure rather than worrying about it.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo