Skip to main content
Monthly Archives

July 2019

||

UPDATED: VLC Player Hit With Critical Vulnerability

By News, Patch ManagementNo Comments

VLC Player Hit With Critical Vulnerability

VLC Media Player has a critical security flaw that could put millions of users at risk.

UPDATE July 25, 2019, 11:55 BST

The recent CVE Security Vulnerability issued for the VNC video player maybe incorrect according to a recent tweet by VideoLAN
“About the “security issue” on #VLC : VLC is not vulnerable.
tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago.
VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim.
This brings up some interesting questions:
1. Can we trust CVE?
2. A possible bigger issue is, we not only have to worry about the security vulnerabilities in the products we use, but also the 3rd Party Libraries those vendors choose to include in their products.

The free and open-source VLC media player has a critical-severity bug that allows for RCE (remote code execution) which potentially allows attackers to install, modify, or run software without authorization.

The latest vulnerability could put millions of users at risk, pointed-out by security researchers from German firm, CERT-Bund, and so far the software has been downloaded more than a billion times across the world. Categorized as CVE-2019-13615, the vulnerability is rated at 9.8/10 by NIST (National Institute of Standards and Technology) and was discovered in the latest version, VLC 3.0.7.1.

The vulnerability has been detected in Windows, Linux, and Unix versions of VLC Media Player.

Vulnerabilities such as this allow not only for disruption of service and unauthorized modification, but are a catalyst for greater concerns like ransomware,” says Jon Cassell, Senior Solutions Architect at Verismic Software, Inc. “So far, there still doesn’t appear to be any updates to remediate the bug, although VLC has already been made aware and are working on a patch. Our best recommendation, for now, would be to uninstall the software entirely until the situation is alleviated.”

Syxsense has the innate ability to show all devices with VLC Media Player installed, as well as includes the latest VLC Media Player software updates for easy remediation. Simply target all devices, select Patch Now, and choose the latest VLC Media Player updates. Also included is the action to entirely uninstall the software from any target devices and it’s just as easily as updating. When the task is complete, you’ll have full assurance that the vulnerability no longer applies.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
July 24, 2019
Love0
||

EvilGnome Spyware Targets Linux Users

By NewsNo Comments

EvilGnome Spyware Targets Linux Users

New research has revealed a rare piece of spyware called EvilGnome that's designed to spy on unsuspecting Linux desktop users.

Known as EvilGnome, all Linux workstation users are at risk of a new backdoor threat which implants spying software capable of recording your screen, keyboard and mouse click functions. Reports are also debating whether this parasite is able to steel actual files from the PC without user interaction or warning, or even has the ability to distribute other malware – this makes the threat much higher priority than other types of vulnerability.

There is no known patch for EvilGnome as yet, but industry experts recommend updating your Linux antivirus and patching to the latest version – something Windows users are all too familiar with.

EvilGnome Spyware Modules

The Spy Agent of EvilGnome contains five malicious modules called “Shooters,” as explained below:

  • ShooterSound — this module uses PulseAudio to capture audio from the user’s microphone and uploads the data to the operator’s command-and-control server.
  • ShooterImage — this module uses the Cairo open source library to captures screenshots and uploads them to the C&C server. It does so by opening a connection to the XOrg Display Server, which is the backend to the Gnome desktop.
  • ShooterFile — this module uses a filter list to scan the file system for newly created files and uploads them to the C&C server.
  • ShooterPing — the module receives new commands from the C&C server, like download and execute new files, set new filters for file scanning, download and set new runtime configuration, exfiltrate stored output to the C&C server, and stop any shooter module from running.
  • ShooterKey — this module is unimplemented and unused, which most likely is an unfinished keylogging module.

Patching Linux OS with Syxsense

Syxsense offers predictive Linux patching. Via the discovery process, all Linux devices can be detected and inventoried. Our Patch Manager displays the packages missing just like the scripts above, only we include additional information which is important to IT managers like the description, the vendor severity and the independent CVSS score which we understand to be the cutting edge of vulnerability severity assessment.

[vc_single_image image=”29001″ img_size=”full”]

Identifying zero-day updates is made easy with the color coding of the interface, and the scheduler used to deploy the updated packages allowed flexible timing and reboot behavior to be set with ease. Enable your Linux Administrator to utilize their resources more efficiently by allowing them to automate and report on the patching of your Linux environment.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
July 22, 2019
Love0
||

Bluetooth Exploit Enables Tracking on Windows PCs

By BlogNo Comments

Bluetooth Exploit Enables Tracking on Windows PCs

Researchers have discovered a major Bluetooth bug that exposes users to third-party tracking and data access.

Researchers at Boston University have discovered a vulnerability in the Bluetooth Low Energy (BLE) implementations of Microsoft and Apple devices. The vulnerability allows third-parties to determine the location and other sensitive information.

“We identified that devices running Windows 10, iOS or macOS regularly transmit advertising events containing custom data structures which are used to enable certain platform-specific interaction with other devices within BLE range,” the paper reads. “The address-carryover algorithm exploits the asynchronous nature of address and payload change, and uses unchanged identifying tokens in the payload to trace a new incoming random address back to a known device. In doing so, the address-carryover algorithm neutralizes the goal of anonymity in broadcasting channels intended by frequent address randomization.”

Most concerning is that fact that the communication is based completely on public, unencrypted advertising traffic, using the specification of BLE in the latest standard of Bluetooth 5. The scale of the privacy issues may even get worse, the report concluded.

Both manufacturers have yet to release a patch for any of the operating systems to alleviate the vulnerability.

How to Fix the Bluetooth Bug

The current workarounds include either disabling the Bluetooth service and/or routinely disabling the Bluetooth device’s connection, which will reset the advertising address and the token.

Syxsense can easily inventory Windows and Mac devices, show active Bluetooth controllers to easily provide insight on which devices may be affected, and even allow an action item such as pushing routine scripts via software distribution to automatically disable Bluetooth services.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
July 17, 2019
Love0
||||

July Third-Party Security Updates

By News, Patch ManagementNo Comments

July Third-Party Security Updates

Explore the latest third-party updates as well as a controversial vulnerability with Zoom that the company has decided to eliminate.

Latest Third-Party Updates

This month there are several notable third-party updates that have been released. The vendors include Adobe, Foxit, GlavSoft LLC., Microsoft (Skype), and Mozilla.

How are you deploying third-party security updates? It’s time to switch to an IT management solution that can manage any security updates required. Syxsense can deploy a wide-range of updates, including Windows, Mac, and Linux software.

Zoom Pushes Emergency Patch for Webcam Flaw

After facing media scrutiny for a zero-day vulnerability in its collaboration client for Mac, Zoom has rushed out an emergency patch to eliminate the bug. The video conferencing company initially stated that it would not issue a full fix for the the vulnerability, but has since changed course.

The flaw (CVE-2019–13450), allows a malicious website to take over a user’s web camera without their permission, putting 4 million workers that use Zoom for Mac at risk. This isn’t the first time the company has experienced issues—late last year Zoom experienced a critical bug that could lead to malware installation.

Third-Party Updates

Vendor Category Title Date Published CVSS Score & Rating
Adobe Multimedia FlashPlayer_ActiveX_v32.0.0.223 7/9/19 N/A
Adobe Multimedia FlashPlayer_Plugin_NPAPI_v32.0.0.223 7/9/19 N/A
Adobe Multimedia FlashPlayer_Plugin_PPAPI_v32.0.0.223 7/9/19 N/A
Foxit Corporation PDF Viewer FoxitReader_v9.6.0 7/4/19 N/A
GlavSoft LLC. Remote Access TightVNC_v2.8.23.0 7/3/19 N/A
Microsoft Corporation Audio/Video Chat Skype_v8.49.0.49 7/8/19 N/A
Mozilla Web Browser Firefox_v68.0 7/8/19 N/A
Mozilla Web Browser FirefoxESR_v60.8.0 7/8/19 N/A
Mozilla Email Client Thunderbird_v60.8.0 7/8/19 N/A
Peter Pawlowski Audio Player Foobar2000_v1.4.6 7/7/19 N/A

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
July 11, 2019
Love0
||

July Patch Tuesday: Stop Zero-Day Exploits

By News, Patch Management, Patch TuesdayNo Comments

July Patch Tuesday: Stop Zero-Day Exploits

This month's Patch Tuesday release has 77 vulnerabilities, including two zero-days—security flaws that were being actively exploited.

Patch Tuesday Release

Microsoft have released 78 patches today covering IE, Edge, ChakraCore, Windows and Office.p There are 15 rated Critical and 62 Important with only 1 rated Moderate.

Urgent: Public and Exploited

There are a total of 8 vulnerabilities in this Patch Tuesday which are either publicly disclosed or being actively exploited, making July one of the worst months for the potential threats exposed by these vulnerabilities.

Robert Brown, Director of Services for Verismic said, “We highly recommend these be prioritized for immediate deployment, notice they are all rated by Microsoft as Important instead of Critical? Having an independent severity is essential along with the vendor severity is critically important for transparent prioritization of your next round of patching.

CVE-2019-0880 and CVE-2019-1132 have actually made our Most Wanted Index already this year already, meaning new vulnerabilities have been exposed and Microsoft have re-released new patches to resolve those vulnerabilities.

CVE-2019-0785 carries a CVSS score of 9.8 making this vulnerability the highest independent severity in this patch Tuesday release. All Windows Servers running DHCP going back to Windows 2012 are effected. The vulnerability exposes a memory corruption issue where if exploited could knock out the DHCP service, causing devices not to renew their IP address correctly. This impacts not just the server but every single device which uses it.

Adobe Updates

Adobe have only released 3 updates today resolving vulnerabilities with Adobe Bridge, Experience Manager, and Dreamweaver. There are no patches for Adobe Flash or Adobe Reader making Microsoft your biggest priority today.

Patch Tuesday Release

Verismic Recommended CVE ID Description Severity Publicly Disclosed Actively being Exploited
Yes CVE-2019-0880 Microsoft splwow64 Elevation of Privilege Vulnerability Important No Yes
Yes CVE-2019-1132 Win32k Elevation of Privilege Vulnerability Important No Yes
Yes CVE-2018-15664 Docker Elevation of Privilege Vulnerability Important Yes No
Yes CVE-2019-0865 SymCrypt Denial of Service Vulnerability Important Yes No
Yes CVE-2019-0887 Remote Desktop Services Remote Code Execution Vulnerability Important Yes No
Yes CVE-2019-0962 Azure Automation Elevation of Privilege Vulnerability Important Yes No
Yes CVE-2019-1068 Microsoft SQL Server Remote Code Execution Vulnerability Important Yes No
Yes CVE-2019-1129 Windows Elevation of Privilege Vulnerability Important Yes No
Yes CVE-2019-0785 Windows DHCP Server Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1001 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1004 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1056 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1059 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1062 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1063 Internet Explorer Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1072 Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1092 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1102 GDI+ Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1103 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1104 Microsoft Browser Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1106 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1107 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1113 .NET Framework Remote Code Execution Vulnerability Critical No No
CVE-2019-0811 Windows DNS Server Denial of Service Vulnerability Important No No
CVE-2019-0966 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0975 ADFS Security Feature Bypass Vulnerability Important No No
CVE-2019-0999 DirectX Elevation of Privilege Vulnerability Important No No
CVE-2019-1006 WCF/WIF SAML Token Authentication Bypass Vulnerability Important No No
CVE-2019-1037 Windows Error Reporting Elevation of Privilege Vulnerability Important No No
CVE-2019-1067 Windows Kernel Elevation of Privilege Vulnerability Important No No
CVE-2019-1071 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-1073 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-1074 Microsoft Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1076 Team Foundation Server Cross-site Scripting Vulnerability Important No No
CVE-2019-1077 Visual Studio Elevation of Privilege Vulnerability Important No No
CVE-2019-1079 Visual Studio Information Disclosure Vulnerability Important No No
CVE-2019-1082 Microsoft Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1083 .NET Denial of Service Vulnerability Important No No
CVE-2019-1084 Microsoft Exchange Information Disclosure Vulnerability Important No No
CVE-2019-1085 Windows WLAN Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1086 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1087 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1088 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1089 Windows RPCSS Elevation of Privilege Vulnerability Important No No
CVE-2019-1090 Windows dnsrlvr.dll Elevation of Privilege Vulnerability Important No No
CVE-2019-1091 Microsoft unistore.dll Information Disclosure Vulnerability Important No No
CVE-2019-1093 DirectWrite Information Disclosure Vulnerability Important No No
CVE-2019-1094 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1095 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1096 Win32k Information Disclosure Vulnerability Important No No
CVE-2019-1097 DirectWrite Information Disclosure Vulnerability Important No No
CVE-2019-1098 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1099 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1100 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1101 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1105 Outlook for Android Spoofing Vulnerability Important No No
CVE-2019-1108 Remote Desktop Protocol Client Information Disclosure Vulnerability Important No No
CVE-2019-1109 Microsoft Office Spoofing Vulnerability Important No No
CVE-2019-1110 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2019-1111 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2019-1112 Microsoft Excel Information Disclosure Vulnerability Important No No
CVE-2019-1116 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1117 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1118 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1119 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1120 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1121 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1122 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1123 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1124 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1126 ADFS Security Feature Bypass Vulnerability Important No No
CVE-2019-1127 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1128 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1130 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1134 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-1136 Microsoft Exchange Server Elevation of Privilege Vulnerability Important No No
CVE-2019-1137 Microsoft Exchange Server Spoofing Vulnerability Important No No
CVE-2019-1075 ASP.NET Core Spoofing Vulnerability Moderate No No

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
July 9, 2019
Love0
||

Major Vulnerability Discovered in KACE

By Blog, Patch ManagementNo Comments

Major Vulnerability Discovered in KACE

The CISA has recently published an advisory regarding an administrator interface vulnerability for the Quest KACE Systems Management Appliance.

The Cybersecurity and Infrastructure Security Agency has recently published an advisory regarding an administrator interface vulnerability for the Quest KACE Systems Management Appliance (ICS Advisory 19-183-02)

Affecting the KACE SMA (Systems Management Appliance) versions 8.0, 8.1, and 9.0, the vulnerability allows “unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface”, says the agency. Quest has already recommended that all users upgrade to the latest Version 9.1 or newer, so at this time, anyone remaining on the older versions will not be supported and will also remain open to the vulnerability.

This isn’t the first time that the KACE SMA has been recognized as insecure. Just last year, researcher Kapil Khot discovered several blind SQL injection flaws, tracked as CVE-2018-0504, that allow a remote but authenticated attacker with “User Console Only” privileges to obtain data from the application’s database, including sensitive information.

“Script execution could allow a malicious user of the system to steal session cookies of other users including Administrator and take over their session. This can further be exploited to launch other attacks,” CERT/CC (CERT Coordination Center at Carnegie Mellon University) said in its advisory. “The software also does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.”

Experience a Better Approach to Systems Management

Use Syxsense to detect and then remediate critical updates. While you could run a comprehensive scan of all devices on a network, you can also run a targeted scan seeking a specific software. Easily see which devices are running which version of an application that might be at risk.

From there, it’s simple to set up a task that targets every device that need the update.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
July 3, 2019
Love0