Skip to main content
Monthly Archives

June 2019

||

Homeland Security Issues Critical BlueKeep Warning

By NewsNo Comments

Homeland Security Issues Critical BlueKeep Warning

Homeland Security’s cyber agency says it has tested a working exploit for the BlueKeep vulnerability, capable of achieving remote code execution on a vulnerable device.

The United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has declared an official warning to patch the wormable BlueKeep flaw. After confirming the exploit can be used to remotely execute code on vulnerable PCs, the agency released an advisory reiterating the dangers of the vulnerability.

CVE-2019-0708, also known as BlueKeep, is a critical-rated bug that affects computers running Windows 7 and earlier. An exploit able to remotely run code or malware on an affected computer could trigger a global incident similar to the WannaCry ransomware attack of 2017.

“CISA encourages users and administrators review the Microsoft Security Advisory and the Microsoft Customer Guidance for CVE-2019-0708 and apply the appropriate mitigation measures as soon as possible,” CISA writes in its alert.

CISA’s alert serves as a warning that malicious attackers could soon achieve the same results as WannaCry. As of last week, close to 1 million internet-exposed machines are still vulnerable to the flaw, according to researchers.

However, this is just the tip of the iceberg. These devices are gateways to potentially millions more machines that sit on the internal networks they lead to. A wormable exploit can move laterally within that network, rapidly spreading to anything and everything it can infect in order to replicate and spread.

Earlier this month, The U.S. National Security Agency (NSA) also issued a rare advisory, warning users to patch “in the face of growing threats” of exploitation.

Syxsense has added a “BlueKeep At Risk Devices” report to every console to help you stay on top of emerging threats. In seconds, view a list of every device that hasn’t been scanned for the vulnerability see where the risk is detected.

With a few more clicks, you can deploy the patch to every device, run the report and prove to management that you are 100% compliant.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Blue Screen of Death Occurring with Feature Updates

By NewsNo Comments

Blue Screen of Death Occurring with Feature Updates

With the introduction of the newest Windows 10 Feature Version 1903, some security application vendors have published known issues when upgrading.

This isn’t the first we’ve heard of Windows 10 upgrades being affected by antivirus or encryption software. But, in fact, Microsoft has always recommended to disable existing security software before upgrading to ensure that there isn’t any conflict during the process, and sometimes Windows will notify automatically.

“Moving to the newest feature version isn’t just another patch or update, but should be treated as an actual upgrade to the entire operating system,” says Jon Cassell, Senior Solutions Architect at Verismic Software, Inc. “Just disabling the security software won’t be enough, especially if it’s full disk encryption. Many recommend decrypting and/or uninstalling the application entirely before upgrading to the latest feature version.”

Recently, ESET has informed its Endpoint Encryption customers that upgrading to Windows 10, version 1903, causes boot errors. Specifically, post-upgrade presents an immediate blue screen error (BSOD) when booting. The device(s) receive the stop code “INACCESSIBLE BOOT DEVICE” and must fully decrypt the volume before repairing the Windows installation manually. It’s feasible the entire volume may even become corrupt and require an entire reformat.

Rather than upgrade and jump through hoops, crossing your fingers that the volume can be repaired, it’s better to proactively prepare a strategy to uninstall the application, push the upgrade accordingly, then reinstall.

Using Syxsense, the inventory feature can easily show any registered security application, such as ESET, Trend Micro, or McAfee, and allow a silent uninstall to take place with software distribution. Once the application has been removed, simply push the new upgrade using Feature Updates and let the end-user decide when they want to install and when they want to reboot their device. Post-upgrade, re-leverage the software distribution feature again to re-install the security application silently; all without the need to troubleshoot a single device manually.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

June Patch Tuesday: WSUS Needs Your Attention

By News, Patch Management, Patch TuesdayNo Comments

June Patch Tuesday: WSUS Needs Your Attention

Microsoft has released 91 patches today—the largest release of the year so far. For those using WSUS 3.0 SP2, one update must be manually installed.

Patch Tuesday Release

Microsoft have released 91 patches today covering IE, Edge, ChakraCore, Skype, Windows and Office. There are 21 rated Critical and 66 Important, which so far this year is the largest release of this year. Thankfully no updates in this release are being exploited yet, but the sheer number of updates will certainly keep your IT manager busy this month.

Urgent – WSUS needs your manual attention for KB4484071

Microsoft is continuing its SHA1 to SHA2 signing process this month, with two planned changes. Windows 10 updates are automatic, but for those customers using WSUS 3.0 SP2, KB4484071 must be manually installed to support SHA2 updates.

Robert Brown, Director of Services said, “This has caught a lot of our readers out over the past few months. If your device does not support SHA2, you are not downloading the latest content which is making your devices safe.”

Could CVE-2019-1069 be the next BlueKeep?

Many of our IT staff utilize the Windows Scheduler to perform complex software installations, as it is super useful for installing software following complex reboot operations or installing software when there is no user logged on. Both our Cyber Security Analysts and other respected insider peers are highly concerned that this “Publicly Disclosed” vulnerability could be the next BlueKeep threat, due to the potential catastrophic exploit potential of this threat.

Adobe Updates

Thankfully, unlike Microsoft Adobe have only released 10 updates for Reader and Flash Player. All updates are Critical or Important priority 2 meaning IT Admins should install these updates within the next 30 days.

We have made a few recommendations below which you should prioritize, use Syxsense to organize and deploy Windows, third-party, Mac OS and Linux updates to keep your environment safe.

Patch Tuesday Release

Verismic Recommended CVE Identity Description / Type Severity Publicly Discovered Actively Being Exploited
Yes CVE-2019-1069 Task Scheduler Elevation of Privilege Vulnerability Important Yes No
Yes CVE-2019-1064 Windows Elevation of Privilege Vulnerability Important Yes No
Yes CVE-2019-0973 Windows Installer Elevation of Privilege Vulnerability Important Yes No
Yes CVE-2019-1053 Windows Shell Elevation of Privilege Vulnerability Important Yes No
Yes CVE-2019-0990 Scripting Engine Information Disclosure Vulnerability Critical No No
Yes CVE-2019-1023 Scripting Engine Information Disclosure Vulnerability Critical No No
Yes CVE-2019-0888 ActiveX Data Objects (ADO) Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-0989 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0991 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0992 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0993 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1002 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1003 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1024 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1051 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1052 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1038 Microsoft Browser Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0985 Microsoft Speech API Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1080 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0920 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0988 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1055 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0620 Windows Hyper-V Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-0709 Windows Hyper-V Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-0722 Windows Hyper-V Remote Code Execution Vulnerability Critical No No
CVE-2019-0972 Local Security Authority Subsystem Service Denial of Service Vulnerability Important No No
CVE-2019-0941 Microsoft IIS Server Denial of Service Vulnerability Important No No
CVE-2019-1029 Skype for Business and Lync Server Denial of Service Vulnerability Important No No
CVE-2019-1025 Windows Denial of Service Vulnerability Important No No
CVE-2019-0710 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0711 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0713 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-1018 DirectX Elevation of Privilege Vulnerability Important No No
CVE-2019-0960 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2019-1014 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2019-1017 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2019-0943 Windows ALPC Elevation of Privilege Vulnerability Important No No
CVE-2019-1007 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1021 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1022 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1026 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1027 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1028 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0959 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important No No
CVE-2019-0984 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important No No
CVE-2019-1041 Windows Kernel Elevation of Privilege Vulnerability Important No No
CVE-2019-1065 Windows Kernel Elevation of Privilege Vulnerability Important No No
CVE-2019-1045 Windows Network File System Elevation of Privilege Vulnerability Important No No
CVE-2019-0983 Windows Storage Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0998 Windows Storage Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0986 Windows User Profile Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1081 Microsoft Browser Information Disclosure Vulnerability Important No No
CVE-2019-0968 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-0977 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1009 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1010 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1011 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1012 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1013 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1015 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1016 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1046 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1047 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1048 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1049 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1050 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1039 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-1043 Comctl32 Remote Code Execution Vulnerability Important No No
CVE-2019-0904 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0905 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0906 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0907 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0908 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0909 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0974 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1034 Microsoft Word Remote Code Execution Vulnerability Important No No
CVE-2019-1035 Microsoft Word Remote Code Execution Vulnerability Important No No
CVE-2019-1005 Scripting Engine Memory Corruption Vulnerability Important No No
CVE-2019-1054 Microsoft Edge Security Feature Bypass Vulnerability Important No No
CVE-2019-1019 Microsoft Windows Security Feature Bypass Vulnerability Important No No
CVE-2019-1044 Windows Secure Kernel Mode Security Feature Bypass Vulnerability Important No No
CVE-2019-0996 Azure DevOps Server Spoofing Vulnerability Important No No
CVE-2019-1040 Windows NTLM Tampering Vulnerability Important No No
CVE-2019-1031 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-1032 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-1033 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-1036 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-0948 Windows Event Viewer Information Disclosure Vulnerability Moderate No No

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

|||

BlueKeep: There’s a Report For That

By Patch ManagementNo Comments

BlueKeep: There’s a Report For That

BlueKeep exploits are on the rise—Syxsense allows you to see which of your devices are affected by this critical vulnerability.

With BlueKeep exploits looming large, knowing your exposed risk could save your time, money and business.

Syxsense has added the “BlueKeep At Risk Devices” report to every console. Our dynamic architecture helps you stay on top of emerging threats. To run the report, just go to reports, find BlueKeep and press the button.

In seconds, you will see a list of every device that hasn’t been scanned for the vulnerability and every device where the risk is detected. With a few more clicks you can deploy the patch to every device, rerun the report and prove to management that you are 100% compliant.

Click, know the facts, and secure. Experience a complete view of your IT environment with Syxsense.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

NSA Urging Users to Patch BlueKeep Vulnerability

By News, Patch ManagementNo Comments

NSA Urging Users to Patch BlueKeep Vulnerability

The National Security Agency (NSA) is warning users that a new RDP vulnerability affecting Windows 7 and Windows XP systems is potentially “wormable."

The National Security Agency has recently issued an urgent advisory to all Windows-based administrators and users to ensure they are using a fully-patched and updated system.

Last month, Microsoft released additional security updates to protect against Bluekeep, a new security vulnerability considered a potentially ‘wormable’ flaw in the Remote Desktop (RDP) protocol (CVE-2019-0708). The vulnerability is present in the still-supported Windows 7, Vista, Server 2008 and Server 2008 R2, but also in legacy systems Windows XP and Server 2003, which is a rarity for Microsoft since Extended Support ended back in April of 2014.

The vulnerability can be easily exploited and weaponized by leveraging malware or even ransomware. Microsoft has even warned that the vulnerability can surely be as damaging as Wannacry. It only takes a bit of code designed to exploit it and spread pre-authentication without requiring any user interaction in the process. Once the vulnerability has been abused, it’s only a matter of time before it will infect not only the target host, but the rest of the environment, if left unpatched.

The NSA also believes this can easily evolve in time: “This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”

The solution is simple: patch all Windows devices not only for the latest vulnerability but always, and if the devices are outside of mainstream or even extended support, like the legacy operating systems, it’s best to migrate to Microsoft’s latest OS, Windows 10.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||

How Executives Can Prevent Data Breaches

By NewsNo Comments

How Executives Can Prevent Data Breaches

When the total average cost of a data breach is $3.86 million, preventable problems are not acceptable. Here's how to mitigate the risk.

This article was originally featued in Hackernoon

Data breaches are so much a part of our way of life that we barely bat an eye any more when another company gets their data stolen. In fact, some publication or another has called every year since 2005 the “year of the data breach”. Every year there are multiple new high-profile thefts of consumer data, and a lot of them are preventable.

Equifax’s 2017 data breach is one of the best-known, and it stemmed from one of the dumbest possible reasons: not keeping up to date with patches. There are multitudes of basic, preventable problems that have caused huge data breaches: sequential user IDs in plaintext, plaintext password storage, transaction logs that don’t check balance on every transaction — the list goes on and on…

When the total average cost of a data breach is $3.86 million, preventable problems are not acceptable.

But data breaches are preventable, and as an executive you have the responsibility to make sure they don’t happen. Here’s how you can mitigate the risk.

1. Get Your Staffing Right

Equifax’s data breach was particularly egregious for a few reasons. One was the scope of the breach, with 143 million people put at risk. Another was their chief security officer being a music major with no known credentials in security.

A company of that size putting their trust in someone who had no credentials in the field is unfathomable. For patching to go undone for that long is also unfathomable, given that the patch that would have fixed the security hole had been available for months.

This could have been fixed with proper staffing. Getting the right people in the right positions is key in any organization, but in an organization that’s responsible for this much user data, it’s absolutely crucial. Make sure those key security positions are locked down.

2. Make Sure There’s Accountability In Place

When two-thirds of CEOs have organizational control over IT and 60 percent have control of the IT budget, the buck stops at the top desk.

Creating a culture of accountability starts at the top. You can’t get into a checklist mentality — once you’ve got your security checklists done, you still can’t rest. A properly-motivated staff looks for other ways to safeguard against things like zero day exploits and other possibilities that won’t show up on a checklist. Even if you’re trying to be GDPR-compliant, it will help — but there are things that won’t show up if that’s all you do.

Accountability starts with the C-suite. Are you empowering the right people to make decisions in the department? Giving them the budget they need? Holding them accountable for breaches and helping them create a better infrastructure?

As Ashley Leonard, CEO of Syxsense, told me in an email, “When it comes to an IT department, it’s important to give them the tools and people they need to do their job. Otherwise, when mistakes happen, the responsibility lies with the C-suite and not the people on the ground. Automatic solutions for patching, innovative employees that come up with possible vectors of invasion, pen testing … all those things go into creating a strategy that keeps your company safe.”

3. Educate Your Employees

This doesn’t just apply to IT. It’s important for every level of a company.

Kaspersky Labs notes that “The vast majority of data breaches are caused by stolen or weak credentials. If malicious actors have your username and password combination, they have an open door into your network. Because most people reuse passwords, cyber criminals can gain entrance to email, websites, bank accounts, and other sources of PII or financial information.”

Make sure you’re keeping your employees up to date with common phishing strategies and testing them periodically to make sure they’re on top of it. Rotate passwords frequently, even if they grumble. It’s important to make sure they don’t unwittingly open your network to attack, and that starts with proper education.

Phishing is one of the most common routes of attack for both personal identity theft and corporate data theft. It’s also getting harder to detect as groups start to use multiple redirects to obfuscate URLs. If you can stop at least the very common methods, you’ll be a lot safer.

4. Stop Data Breaches Before They Happen

Not every breach can be stopped, but it’s absolutely key that you do everything you can to keep them from happening. Data breaches are on the rise across the United States and the world. As more information makes its way onto the Internet, there are more and more ways for us to have our identities compromised and more companies that have our personal information to steal.

You can’t prevent every incursion, but what you can do is harden your perimeter. Make sure you’re not leaving holes in your security through negligence or starving your IT department of resources. Establish a culture of accountability, hire the right people, educate your employees, devote the proper resources to staying patched and secure, and you’ll be able to stop most attacks before they happen.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo