Skip to main content
Monthly Archives

September 2019

Microsoft Releases Out-of-Band Security Updates

By News, Patch Management, Patch TuesdayNo Comments

Microsoft Releases Out-of-Band Security Updates

Microsoft's out-of-band security updates address two vulnerabilities, including a zero-day vulnerability in the Internet Explorer (IE) scripting engine.

Microsoft Urges Users to Install Emergency Patches

Microsoft released an emergency set of cumulative updates for Windows 10 devices running the May 2019 update (Windows 10 version 1903) and earlier.

The out-of-band security updates address two vulnerabilities, including a zero-day vulnerability in the Internet Explorer (IE) scripting engine that has been actively exploited in the wild as well as a Microsoft Defender bug.

The IE zero-day vulnerability (CVE-2019-1367) is a remote code execution flaw that could easily enable an attacker who successfully exploited it to gain the same user rights as the current logged-in user.

“If the current user is logged-on with administrative rights, an attacker who successfully exploited the vulnerability could take control of an affected system,” stated Microsoft.

This flaw could also be exploited remotely and online; the attacker could even potentially host their own website specifically-designed to exploit the vulnerability within IE and then trick the end-user to view said website, via email or other means.

U.S. CERT Warns of Microsoft Vulnerabilities

The other released vulnerability (CVE-2019-1255) is a denial-of-service flaw in Microsoft Defender, Microsoft’s standard antivirus that ships with Windows 8 and later operating systems.

According to Microsoft, “an attacker could exploit the vulnerability to prevent legitimate accounts from executing legitimate system binaries.” The flaw allows an attacker to disable the Defender components from executing. Microsoft has released V1.1.16400.2 to the Microsoft Malware Protection Engine to resolve the concern.

“Microsoft has released out-of-band security updates to address vulnerabilities in Microsoft software,” stated the U.S. Computer Emergency Readiness Team (CERT). “A remote attacker could exploit one of these vulnerabilities to take control of an affected system.”

These updates stand out seeing as Microsoft typically only releases security updates on Patch Tuesday, the second Tuesday of every month. Microsoft rarely changes their frequency of release unless the updates are considered critically important for security issues.

This release is indeed very important and all Windows users are strongly advised to patch as soon as possible. The update for the IE zero-day vulnerability is a manual update while the Defender bug will be patched automatically and silently within 48 hours of its availability.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Patch Tuesday: Massive September Updates

By News, Patch Management, Patch TuesdayNo Comments

Patch Tuesday: Massive September Updates

Patch Tuesday is officially here. Microsoft has published 80 security fixes, but which patches should you prioritize this month?

September Patch Tuesday Release

Microsoft have released 80 patches today covering IE, Edge, ChakraCore, Windows and Office. There are 17 rated Critical and 62 Important with only 1 rated Moderate.

Urgent: Public and Exploited

There are a total of 4 vulnerabilities in this Patch Tuesday which are either publicly disclosed or being actively exploited. These vulnerabilities if exploited could allow easy elevation of privilege allowing the spread of malware or ransomware throughout your environment – these should be considered “Zero Day Vulnerabilities.”

Robert Brown, Director of Services for Verismic said, “We highly recommend these be prioritized for immediate deployment. Having an independent severity is essential along with the vendor severity is critically important for transparent prioritization of your next round of patching.”

Guess who’s back?

CVE-2010-3190 which resolves a vulnerability with MFC Insecure Library Loading Vulnerability with Exchange Server has been re-issued. Any customers who have any supported Exchange Server installed (Microsoft Exchange Server 2010 Service Pack 3, Microsoft Exchange Server 2013 or Microsoft Exchange Server 2016) should reinstall KB2565063. KB2565063 is a really old Visual C++ package linked t MS11-025.

Adobe Updates

Adobe have released 3 updates today resolving vulnerabilities with Flash and Application Manager.

Patch Tuesday Updates

We have made a few recommendations below which you should prioritize this month:

Verismic Recommended CVE Reference Description Severity Publicly Announced Actively Exploited
Yes CVE-2019-1214 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important No Yes
Yes CVE-2019-1215 Windows Elevation of Privilege Vulnerability Important No Yes
Yes CVE-2019-1235 Windows Text Service Framework Elevation of Privilege Vulnerability Important Yes No
Yes CVE-2019-1294 Windows Secure Boot Security Feature Bypass Vulnerability Important Yes No
Yes CVE-2019-0787 Remote Desktop Client Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-0788 Remote Desktop Client Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1138 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1208 VBScript Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1217 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1221 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1236 VBScript Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1237 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1257 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1280 LNK Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1290 Remote Desktop Client Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1291 Remote Desktop Client Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1295 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1296 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1298 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1300 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1306 Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability Critical No No
CVE-2019-0928 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-1142 .NET Framework Elevation of Privilege Vulnerability Important No No
CVE-2019-1209 Lync 2013 Information Disclosure Vulnerability Important No No
CVE-2019-1216 DirectX Information Disclosure Vulnerability Important No No
CVE-2019-1219 Windows Transaction Manager Information Disclosure Vulnerability Important No No
CVE-2019-1220 Microsoft Browser Security Feature Bypass Vulnerability Important No No
CVE-2019-1231 Rome SDK Information Disclosure Vulnerability Important No No
CVE-2019-1232 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1233 Microsoft Exchange Denial of Service Vulnerability Important No No
CVE-2019-1240 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1241 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1242 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1243 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1244 DirectWrite Information Disclosure Vulnerability Important No No
CVE-2019-1245 DirectWrite Information Disclosure Vulnerability Important No No
CVE-2019-1246 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1247 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1248 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1249 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1250 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1251 DirectWrite Information Disclosure Vulnerability Important No No
CVE-2019-1252 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1253 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1254 Windows Hyper-V Information Disclosure Vulnerability Important No No
CVE-2019-1256 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2019-1258 Azure Active Directory Authentication Library Elevation of Privilege Vulnerability Important No No
CVE-2019-1260 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No
CVE-2019-1261 Microsoft SharePoint Spoofing Vulnerability Important No No
CVE-2019-1262 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-1263 Microsoft Excel Information Disclosure Vulnerability Important No No
CVE-2019-1264 Microsoft Office Security Feature Bypass Vulnerability Important No No
CVE-2019-1265 Microsoft Yammer Security Feature Bypass Vulnerability Important No No
CVE-2019-1266 Microsoft Exchange Spoofing Vulnerability Important No No
CVE-2019-1267 Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability Important No No
CVE-2019-1268 Winlogon Elevation of Privilege Vulnerability Important No No
CVE-2019-1269 Windows ALPC Elevation of Privilege Vulnerability Important No No
CVE-2019-1270 Microsoft Windows Store Installer Elevation of Privilege Vulnerability Important No No
CVE-2019-1271 Windows Media Elevation of Privilege Vulnerability Important No No
CVE-2019-1272 Windows ALPC Elevation of Privilege Vulnerability Important No No
CVE-2019-1273 Active Directory Federation Services XSS Vulnerability Important No No
CVE-2019-1274 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-1277 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1278 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1282 Windows Common Log File System Driver Information Disclosure Vulnerability Important No No
CVE-2019-1283 Microsoft Graphics Components Information Disclosure Vulnerability Important No No
CVE-2019-1284 DirectX Elevation of Privilege Vulnerability Important No No
CVE-2019-1285 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2019-1286 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1287 Windows Network Connectivity Assistant Elevation of Privilege Vulnerability Important No No
CVE-2019-1289 Windows Update Delivery Optimization Elevation of Privilege Vulnerability Important No No
CVE-2019-1292 Windows Denial of Service Vulnerability Important No No
CVE-2019-1293 Windows SMB Client Driver Information Disclosure Vulnerability Important No No
CVE-2019-1297 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2019-1299 Microsoft Edge based on Edge HTML Information Disclosure Vulnerability Important No No
CVE-2019-1301 .NET Core Denial of Service Vulnerability Important No No
CVE-2019-1302 ASP.NET Core Elevation Of Privilege Vulnerability Important No No
CVE-2019-1303 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1305 Team Foundation Server Cross-site Scripting Vulnerability Important No No
CVE-2019-1259 Microsoft SharePoint Spoofing Vulnerability Moderate No No

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Syxsense Secure Adds Cyber Threat Alerting and Quarantine

By Blog, News, Press ReleaseNo Comments

Syxsense Secure Adds Cyber Threat Alerting and Quarantine

New features in Syxsense Secure allow IT departments to detect active threats within seconds and neutralize them.

ALISO VIEJO, Calif. (September 10, 2019) – Verismic, a global leader in cloud-based IT management and security technology, has released a new Syxsense Secure version featuring real-time threat alerting and device quarantine to detect, isolate, and prevent cyber security breaches. These new features, plus the industry-leading patch management already available in Syxsense Secure, provides IT departments with both endpoint security and management in a single console.

The inability to see attacks and prioritize patching is the No. 1 issue in IT security according to Gartner. Syxsense Secure aims to solve this problem, which would stop more than 80 percent of all breaches from occurring. Syxsense Secure consists of a single, lightweight agent, which provides continuous management and monitoring of endpoint activity and protects by automating the response to cyber security breaches. The instant the suspicious activity of a malicious process is detected, the process is stopped, and the device is proactively quarantined to prevent further infection.

Syxsense Secure allows IT and Security professionals to:

  • See and Stop Attacks: See precisely which machines are being actively exploited enterprise-wide and filter by specific vulnerability and available patches.
  • Secure Every Device: Stop an attack immediately and prevent future attacks of a similar nature across the organization.
  • Fix the Biggest Problems: Understand which patches will have the biggest impact across the organization and then quickly patch, within seconds, the most actively exploited machines – whether online or quarantined.

“Syxsense Secure gives IT and Security teams a real-time picture and response time to any unpatched or vulnerable endpoints on their network, as well as the ability to isolate and remediate endpoints,” says Diane Rogers, Chief Product Officer at Verismic.

More information on the new release of Syxsense Secure can be found here: https://www.syxsense.com/quarantine

 

About Verismic Software, Inc.

Verismic Software Inc. is a global industry leader providing cloud-based IT management and security technology focused on enabling greater efficiency, cost-savings and security control for users, all while engaging in endpoint management. Headquartered in Aliso Viejo, Calif., Verismic is a growing and dynamic organization with offices in four countries and 12 partners in nine countries. Verismic works with companies ranging from 50 to 10,000 endpoints delivering a variety of solutions. Verismic’s software portfolio includes, Syxsense and Cloud Security Suite. For more information, visit www.syxsense.com.

Start a Free Trial

Try Syxsense Secure today and get real-time threat alerting and device quarantine to detect, isolate, and prevent cyber security breaches.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

CVE and CVSS: Explained

By BlogNo Comments

CVE and CVSS: Explained

CVE and CVSS are some of the most commonly misunderstood aspects of patching today. Explore the differences and see how they can affect your patching strategy.

Although many IT managers are familiar with these terms, CVE and CVSS are some of the most commonly misunderstood aspects of patching today. These two different terminologies are synonymous with operating system, software vulnerabilities, and patching.

What is CVE?

The CVE (Common Vulnerabilities and Exposures) number is a unique identifier used by vendors such as Microsoft, RedHat, and Adobe to catalog individual vulnerabilities where patches are provided as a resolution.  For example, every page of a book has a unique number. This solves the problem of finding the information on the page quickly.

Usually all CVE numbers look like this: CVE-nnnn-nnnn. You can see there is scope for millions of vulnerabilities.

“Our clients should feel confident that the CVE number is not owned by any specific software vendor,” said Robert Brown, Director of Services for Verismic Software. “Therefore, it is an unbiased and independent database for all vendors to publish their vulnerabilities.”

This also means that vendors must publish transparent content to these databases. At the very least, this provides some assurance to the accuracy of the data. Each company that wishes to publish its vulnerability announcements must become a CNA (CVE Numbering Authority) before its participation is considered reliable.

Vendors will include as much information as possible within each CVE record. For example:

  • CVE number
  • Description of vulnerability
  • Severity
  • References to other CVE records (also known as supersession)
  • Change History
  • Publish Date

What is a CVSS Score?

The CVSS (Common Vulnerability Scoring System) is an independently assigned score (out of 10) which is based on a large number of factors to determine the importance of a vulnerability. To compare CVSS scores, let’s look at how Microsoft scores their vulnerabilities.

Microsoft’s rating system is relatively simple:

  1. Critical – A vulnerability that could allow remote code execution without user interaction or where code executes without warnings or prompts.
  2. Important – Vulnerabilities where the client is compromised with warnings or prompts and whose exploitation could result in compromise of data.
  3. Moderate – The impact is mitigated by numerous factors such as authentication or non-default applications being affected.
  4. Low – The impact is comprehensively mitigated by the characteristics of the mitigated component.
  5. NA – Not Available

However, Microsoft’s approach self-certifies vulnerabilities in its products.

Generating the CVSS score is highly complex, but it takes into consideration the following important questions:

  1. How easy is the vulnerability to be exploited? Do you need network or physical access and do you need elevated privileges?
  2. Can you exploit over the internet or do you need physical access?
  3. Is specific software or configuration of software needed? Does it impact everything?
  4. How much end-user interaction is needed?

Each of the above (and much more) are arranged in a sub score that is calculated together. The CVSS score is then calculated out of 10. Industry experts believe this offers the most accurate way to determine the priority of how quickly you must take action if any of these vulnerabilities exist within your environment.

Rating CVSS Score
None 0.0
Low 0.1 – 3.9
Medium 4.0 – 6.9
High 7.0 – 8.9
Critical 9.0 – 10.0

 

Are CVSS scores necessary? Prove it!

Let’s take a couple updates from the August 2019 Patch Tuesday, and a few others to compare:

 

Vendor Patch Name Vendor Security CVSS Score
Google Chrome_v76.0.3809.100 NA High – 8.8
Microsoft KB4462137 Critical High – 7.8
Microsoft KB4474419 NA Critical – 9.8
Microsoft KB4508433 NA Critical – 9.8
The Document Foundation LibreOffice_v6.2.5 NA Critical – 9.8

 

As you can see from the sample above, vendor severity and CVSS scores are not always aligned. If you take Microsoft’s severity rating at face value, you can potentially waste two of the most precious assets you have—time and resources. Rolling out many patches across a massive distributed IT environment takes time.

The longer a known vulnerability is left unpatched, the greater the risk of having it exploited by an attacker. Evidence suggests that attacks against known vulnerabilities spike in the hours and days after the patches are released—this is why it’s important to know how urgent a vulnerability is. 

What’s the solution?

Take any vulnerability ratings with a respectful pinch of salt and start looking at independently assessed scores, such as the Common Vulnerability Scoring System (CVSS). Each month US-CERT / NIST uses CVSS to rate most patch updates the same day they are released. This gives a better idea of the risk level for a particular vulnerability to your business.

Downtime for businesses can also be extremely costly. The best approach to patching is to have a dedicated window of downtime each month to update systems. If there is a compatibility issue with a patch and systems need to be rolled back, this extends the downtime and can impact the bottom line of a business.

However, this is a service we provide to clients. We analyze the binary code for each patch update and begin testing and piloting the updates before deploying them through Syxsense. This allows us to discover any problems with patch updates before they’re implemented.

Patching is all about improving your security posture. By taking a measured approach and using independently assessed scores, you can confidently prioritize which patches need to roll out.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo