Skip to main content
Monthly Archives

October 2019

Why Cybersecurity is a Challenge for Highly Distributed Enterprises

By Patch Management

Why Cybersecurity is a Challenge for Highly Distributed Enterprises

Most enterprises are becoming highly distributed, and they must find a way to secure and defend their businesses.

There is no longer any doubt that one of the major challenges for enterprises of all sizes as we enter the ‘20s is information and network security. Simply put, “enterprises have a lot to worry about,” according to a recent article on InformationAge. And the job of dealing with cybersecurity continues to get increasingly complex.

To compound the problem, in today’s digital economy, an enterprise’s traditional boundaries are constantly being stretched. For instance, it’s estimated that there are more than 1.6 million remote or branch offices in the United States. And especially highly distributed enterprises must secure systems and data scattered across, not only these remote operations, but headquarters, the cloud, and elsewhere, as well. According to the article, every perimeter and endpoint must be protected, and networks must be continuously monitored to detect and mitigate attacks.

“This growing legion of remote offices and employees accessing systems and data on corporate networks and in public clouds . . . are creating opportunities for cyberattacks by exposing new entry points and unsecured devices, data, and applications,” writes Nick Ismail, the author of the InformationAge article. IT departments typically put a lot of focus on protecting the networks and systems within the four walls of their company HQ, he explains, but the branch offices and remote employees can introduce risky exposures that, if breached, can cause a great deal of damage.

Identifying Security Processes a Struggle

While companies agree that it is in the organization’s best interest to invest in solutions for all their offices and remote employees to prevent breaches, they struggle to identify straightforward and workable network-security processes. Often, remote workers and branch offices get short shrift. This is dangerous, says Ismail, since attackers often target the weakest link in an organization—including remote offices—in order to get to the larger corporate prizes. Given the many challenges involved in securing highly distributed enterprises, organizations must choose carefully when it comes time to select a security solution.

Bob Violino, writing for Security Boulevard, explained further: “A recent report from the Infosys Knowledge Institute (IKI) provides a clear picture of how important cyber security has become:

‘In today’s hyperconnected and digitized world, cyber security has become an important strategic imperative owing to the sophistication of cybercrime. Digital businesses require complex and distributed interactions among people, applications, and data—on-premise, off- premise, on mobile devices and in the cloud. The result is an increase in the attack surfaces that are hard to protect and defend.” In other words, most, if not all, enterprises are becoming highly distributed, and they must find a way to secure and defend.

Further, according to the IKI study cited, to help address these threats, organizations are deploying products and services such as security incident management, risk and compliance, and security awareness training.

To overcome some of these challenges, more than half of the organizations are focusing on adopting integrated security platforms and are working with technology and service integrator partners. Network segregation, threat intelligence platforms, and advanced threat protection are the most commonly implemented security tools.

Among the top trends that will shape the future of cyber security, according to the survey, are artificial intelligence; privacy and personal data protection; and blockchain and deception technologies.

Operational technology (OT) and the Internet of Things (IoT) “massively expand the scope of security strategy and operations.” As the enterprise perimeter continues to diminish and all enterprises become highly distributed, the study concluded, visibility into the environment will become tougher.

The Simple & Powerful Solution

Syxsense lets you see and manage all endpoints inside and outside the network, with coverage for all major operating systems and endpoints, including IoT devices.

Experience a complete solution to manage your environment anywhere, anytime. The intuitive features include software distribution, patch management and more—start your free trial today.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Microsoft Warns Windows 10 1803 Users to Upgrade

By News

Microsoft Warns Windows 10 1803 Users to Upgrade

Microsoft has started to display a warning to users running Windows 10 1803 that states the version is nearing end of support.

Support for Microsoft Windows 10 Version 1803 (April 2018 Update), on consumer-based licenses, will be ending in just a few weeks. Microsoft has already started recommending an update to all end-users before the forced upgrade begins.

“Windows 10, version 1803 will reach the end of servicing on November 12, 2019. This applies to the following editions* of Windows 10 released in April of 2018: Windows 10, version 1803, Home, Pro, Pro for Workstations, and IoT Core,” Microsoft published on their website. “These editions will no longer receive security updates after November 12, 2019. Customers who contact Microsoft Support after this date will be directed to update their device to the latest version of Windows 10 to remain supported.”

Despite this only applying to non-enterprise licenses of Windows 10, since Enterprise and Education licenses will expire on November 10, 2020, it’s still imperative for all unsupported versions to be upgraded as soon as possible. Any unsupported devices will not receive the latest and greatest quality updates from Microsoft and will be left open to vulnerabilities until upgraded.

Earlier this year, Microsoft officials stated that they were putting AI algorithms in place that would automatically update those on older variants of Windows 10 directly to 1903, the May 29109 Update via the Windows Update service.

As of July 16, Microsoft started to initiate this upgrade for devices “that are at or nearing end of service and have not yet updated their device,” Microsoft’s documentation states.  “Based on a large number of devices running the April 2018 Update, that will reach end of 18 months of service [in November], we are starting the update process now for Home and Pro editions to help ensure adequate time for a smooth update process.”

Although this started back in June and we can only hope many personal devices have been automatically upgraded, end-users always seem to choose their own path and have been known to ‘turn-off’ the Windows Update services. Whether a personal device in a non-enterprise setting or versions of Windows 10 Pro being used within an organization, it’s still possible these consumer versions may exist within the industry and could potentially be left out-of-date as well as a major vulnerability within the network.

Leverage a Cloud-Based Solution

Trusting Windows Update alone, or even WSUS with Pro versions, may or may not bring these devices to a supported version.

Using a cloud-based solution to bring older Windows 10 devices up-to-date ensures success and standardization, whether devices are inside or outside the network.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Microsoft Announces Critical Security Update For All Windows 10 Users

By News

Microsoft Announces Critical Security Update For All Windows 10 Users

Microsoft has launched a feature called Tamper Protection that will make Windows 10 devices more secure for all 900 million users.

After the release of Windows 10 version 1903 (May 2019 Update), Microsoft has officially announced the introduction of a new Tamper Protection feature for its Microsoft Defender Antivirus service.

Tamper Protection is a feature of Microsoft Defender (previously Windows Defender) for both corporate and consumer versions of Windows 10. When enabled, it hinders any changes to the Windows Security settings by other programs, so that the only way to change the settings is through the Windows interface using an administrator account.

Work on the feature began back in December 2018, when it was first rolled out to Windows Insider previews and starting this week, the feature is available for all Microsoft Defender users on the May 2019 Update.

“Customer feedback on deployment and other aspects of the feature were critical in our journey towards today’s GA.” – Shweta Jha of the Microsoft Defender team.

Microsoft stated that the feature will be enabled by default for all users in the coming weeks, in a multi stage rollout. (If users don’t prefer to wait, Microsoft has stated they can also enable Tamper Protection right now.)

According to Microsoft, with Tamper Protection, malicious apps won’t be able to perform the following:

  • Disable virus and threat protection
  • Disable real-time protection
  • Turn off behavior monitoring
  • Disable Defender’s antivirus components
  • Disable cloud-delivered protection
  • Remote security intelligence updates

Microsoft states that Tamper Protection halts and prevents security settings from being altered through third-party apps and methods such as:

  • Configuring settings in Registry Editor on a Windows machine
  • Changing settings through Powershell cmdlets
  • Editing or removing security settings through group policies

“Tamper Protection prevents unwanted changes to security settings on devices. With this protection in place, customers can mitigate malware and threats that attempt to disable security protection features,” Jha from Microsoft elaborated. “We’re currently turning on the feature gradually…We believe it’s critical for customers, across home users and commercial customers, to turn on Tamper Protection to ensure that essential security solutions are not circumvented. We will continue working on this feature, including building support for older Windows versions.”

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Emergency Fix for IE Zero Day

By News, Patch Management

Microsoft Releases Patch to Address Active Exploit

After learning about it from Google, Microsoft has moved to fix CVE-2018-8653. This flaw in Internet Explorer is being actively exploited in the wild.

According to the Microsoft release, this remote code execution issue “could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.”

The vulnerability effects Internet Explorer 11 on Windows 7 to 10 and Windows Server 2012, 2016, and 2019. For Explorer 10, it effects Windows Server 2012. For Explorer 9, it effects Windows Server 2008.

As it is being actively exploited, it’s critical to check that all systems have updated Internet Explorer.

Using Syxsense to Address This Issue

Syxsense is designed to facilitate and simplify any patching strategy. While you can run a comprehensive scan of all devices on a network, you can also run a targeted scan seeking a specific software. The console can easily display which devices are running which version of an application that might be at risk.

From there, it’s simple to set up a task that targets every device that requires the needed update.

With visual gadgets in both the device and task views, an IT manager can track the completion status of the deployment.

With everything being integrated, a report can be generated from the task information. Software can also be completely rolled back, if needed.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Windows 7 Post-Retirement: Patches for a Price

By News, Patch Management

Windows 7 Post-Retirement: Patches for a Price

Microsoft has announced that it will offer Windows 7 patch support to any business, no matter how small, that is willing to pay.

Microsoft is now allowing Windows 7 Extended Security Updates (ESUs) to be available to any business. The major move ensures that any business user who is unable to (or unwilling to) migrate to the newer Windows 10 can still receive security updates and support until January 2023.

Back in September 2018, Microsoft announced extended support for the aging operating system, except it was limited to only customers with volume licensing deals for Windows 7 Enterprise, as well as Windows 7 Professional. Recently, it was altered again to make it more widely available to any business simply willing to pay (commonly referred to as “patches-for-a-price”) since the deadline for support on Windows 7 is strictly coming to an end in January 2020.

“Through January 2023, we will extend the availability of paid Windows 7 Extended Security Updates (ESU) to business of all sizes,” stated Jared Spataro, Corporate Vice President for Microsoft 365. “The Windows 7 ESU will be sold on a per-device basis with the price increasing each year. Starting on December 1, 2019, businesses of any size can purchase ESU through the cloud solution provider (CSP) program. This means that customers can work with their partners to get the security they need while they make their way to Windows 10.”

How much will Windows 7 support cost?

The new pricing won’t be very cheap and will be strictly-limited to a per-device model. The pricing will also be different between Pro- and Enterprise-licenses and will indeed increase each year. Pricing of the ESUs will start from $25 per device for Windows Enterprise in year one, then up to $100 per device in year three. For Pro users, the ESU pricing starts at $50 per device in year one and up to $200 per device in year three.

In addition to exclusive and continued support for the dying operating system, Microsoft reminded all Office 365 users that Windows 7 is coming to an end and is strongly urging all to upgrade as soon as possible due to potential security risks if left unsupported. “Using Office 365 ProPlus on older, unsupported operating systems may cause performance and reliability issues over time,” stated Microsoft in late September. “Therefore, if your organization is using Office 365 ProPlus on devices running Windows 7, we strongly recommend your organization move these devices to Windows 10.”

Even though Windows 7 is now receiving extended support for security updates and fixes, Microsoft will not allow the device running Windows 7 to receive Office 365 ProPlus feature updates, limiting the license itself.

“This information applies even if you have purchased Extended Security Updates (ESU) for Windows 7…After you move Office 365 ProPlus to a supported Windows operating system, preferably Windows 10, you can configure Office 365 ProPlus to begin receiving feature updates again. Since updates for Office 365 ProPlus are cumulative, you will receive all the feature updates that you missed while the device was running Windows 7.”

It’s worth noting that although Windows 7 can still technically be used for Office 365, Microsoft didn’t release any additional details on that level of support, “We’ll be providing more information by January about how to get security updates for Office 365 ProPlus on devices running Windows 7 after support for Windows 7 ends.”

Final Thoughts

So there you have it. Windows 7 will gain extended support, if you want to pay the hefty price, but any Office 365 users (or any service for that matter) should be wary that certain aspects will not receive support after the January 2020 deadline.

The industry recommendation is to migrate all devices to Windows 10 to ensure all services won’t be affected as well as full support for quality and feature updates.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Syxsense Beats Industry Average with Outstanding Customer Support Satisfaction Results

By News, Press Release

Syxsense Beats Industry Average with Outstanding Customer Support Satisfaction Results

ALISO VIEJO, Calif. (October 10, 2019) – Verismic, a global leader in cloud-based IT management and security technology, has released its latest customer support satisfaction survey results, beating industry averages by achieving a 98.6 percent customer satisfaction rating.

The support team that services Verismic’s products, Syxsense and Syxsense Secure, continue to outpace competitors in the rapidly evolving IT security and management market while demonstrating its commitment to excellence in providing world-class customer support.

“With the stakes so high, organizations can no longer afford to have their IT Security and Management tool take a reactive approach to addressing potential threats, especially given today’s never-ending siege of costly data breaches, malware, ransomware and other disasters,” commented Ashley Leonard, CEO of Verismic Software. “Verismic’s support organization gives us a competitive differentiator and assurance to customers that their most important strategic asset – their data – will have the highest level of protection.”

Syxsense regularly surveys its customers to determine their satisfaction with customer support and services and compares those results to published industry benchmarks. The results provide a “customer voice” to influence and improve Syxsense’s IT support and services priorities and initiatives. The survey spans a range of help desk topics, including time to respond versus time to close, interactions done in real-time, and more.

About Verismic Software, Inc.

Verismic Software Inc. is a global industry leader providing cloud-based IT management and security technology focused on enabling greater efficiency, cost-savings and security control for users, all while engaging in endpoint management. Headquartered in Aliso Viejo, Calif., Verismic is a growing and dynamic organization with offices in four countries and 12 partners in nine countries. Verismic works with companies ranging from 50 to 10,000 endpoints delivering a variety of solutions. Verismic’s software portfolio includes the first-of-its-kind agentless, Syxsense ; For more information, visit www.syxsense.com.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

5 Lessons Learned from Deploying 100,000,000 Patches

By Patch Management

5 Lessons Learned from Deploying 100,000,000 Patches

With over 100 million patches deployed, see our top five lessons learned over the past decade of patch management services.

A History of Patching

It was a cold December afternoon in 2008. A support customer, one of the largest retail outlets in the United Kingdom, was breached.

The down-n-up virus, also called Conficker, infected one remote server and spread across almost every single server and a huge number of workstations. Over the next 48 hours, hundreds of hours were spent running a custom “Conficker Killer” on every device and rebooted. It was almost eradicated, but they failed to install (KB958644, KB957097 and KB958687).

As quickly as that, the virus was back.

Compared to recent infections, the Conficker virus didn’t steal anything or hold you to ransom, but it did slowly drain resources which could destroy the Operating System and force a Blue Screen system crash. This end user disruption had to be resolved quickly.

The initial reaction from the IT Director was to set up a patching task to bring the estate up to date. Their premise toolset was scheduled to install everything that night. In hindsight, that strategy didn’t work, and that was when we were asked to resolve the situation.

After more than 10 years, 100 million patches deployed, and hundreds of customers onboarded, no customer has ever been breached.

Here are our 5 biggest lessons we have learned over the past decade of patch management services.

1. Patching is Essential Even If You Have an Up-to-Date AV

Industry experts estimate data breaches have increased almost 60% in 2019, and ransomware specific infections have increased 90% potentially costing businesses $11.5 billion this year alone.

Many senior IT Directors, CIOs and CISOs believe their own perimeter protection, including firewall and antivirus / anti spyware protection, will keep their environment safe. However, this is now how data theft and network / system intrusions occur. Once a break in occurs, sophisticated exploitation is easy but extremely difficult to track or remediate.

We followed a simple experiment conducted by a group of students in the United Kingdom. They built several Windows, Linux and Mac OS systems in a lab fully protected with firewall and antivirus / anti spyware without any OS updates. All had access to the internet with a routed IP Address. Each system was left “as was” without any updates, patches or hotfixes and left 720 hours to see which, if any, would become victim to an external attack. The following results are somewhat astounding and worrying at the same time:

 

Operating System Exposed / Infected Notes
Windows 7 Yes Infected by Windows 2012
Windows 10 Yes Infected by Windows 2012
Windows Server 2012 Yes Exploited using RDP
Windows Server 2016 No
Mac OS “Mojave” No
Linux Ubuntu 14 No
Linux SUSE No

 

Before the destruction of the lab, forensic evidence was collected that demonstrated RDP was used to exploit ransomware on the Windows Server 2012 server and two Windows virtual desktops. None of the Linux or Mac OS devices were impacted. Maybe if the experiment had been left longer, others could perhaps have been exploited? What we can take from this experiment is that anyone can be a victim even with firewall and antivirus/anti spyware protection in place.

2. Performing and Recording Test Evidence

No one will appreciate the fear an IT Manager feels when they hear these 7 little words; “Is anyone doing any patching right now?”

We have learned that any patching should be based on a platform of transparency. We believe there is a perfect allocation of resources to be used to test and document your testing. This leads to less end user disruption and a rise in confidence.

The following template is an example of what we perform routinely for our customers:

  1. Each Operating System (with unique Service Packs / Feature Updates), a copy of the image which best exemplifies the live environment is prepared in a virtual lab. All variations must be tested.
  2. Each Operating System is rebooted multiple times to ensure all post reboot activities are performed. A patch we tested in 2015 changed the keyboard layout to Chinese. It would have only been found after multiple reboots, and if not found, would have caused a catastrophic nightmare for the global helpdesk. This particular patch was removed from the deployment.
  3. All issues are investigated thoroughly, even if they are seen only a single time.
  4. All patches which have an uninstall, are tested to ensure the uninstall works! Do not always believe the vendor, this is one of our golden rules.
  5. Any patch which does not have an uninstall is tested at least twice. This is another one of our golden rules.

All tests are documented and should be concluded before any further activity. Any issues found during the deployment, testing, or post reboot are detailed. Most customers will want to see this evidence before starting the Change Control process.

3. Deployment

The deployment is just a couple clicks away from being complete, right? In reality, this is where your knowledge of the environment you are working in is invaluable.

You have completed testing and know the patches do not contribute to end user disruption. However, what you do not know is how those patches deployed “on mass” will have on your network, the amount of time needed to install and environmental requirements on your workstations and servers.

Here are some of the high level requirements you need to complete:

  1. Rank the patches missing by severity in order. Determine which patches are the most important. If you can, also rank by CVSS score since this is the most accurate independent severity available today. Secure your environment by covering the worst offenders!
  2. Identify which patches are superseded. You do not need to deploy all Critical updates if they are already replaced—make your deployment efficient!
  3. Calculate the size of the patches. Is there enough free disk space on your workstations and servers, and can the network handle such a deployment? Planning improves confidence!
  4. Time the installation as part of your testing. Can your users wait this long? Happy end users is the reference of a good service! 

4. Change Management

Change control used to be nonexistent in most of our customer environments. It was only the banking, retail and local government that insisted on a formal patching approval process. The ranking and selection of patches combined into a schedule and approval received frames our service for success. This is why all of our customers allow us to provide change control, even when it is not fully implemented elsewhere in their company.

In some studies, formal change management is implemented at more than 80% of companies, and 100% in the FTSE 100. Our job is to provide the evidence of the patches we want to deploy, the testing we have conducted, the results of that testing, and to seek approval to begin a Pilot or Live rollout. It does place the onus on others, but doing so ensures any scheduling which will take place is conducted at the right time. Can you imagine deploying to users in the UK and Japan simultaneously?

5. Reporting and Perception

The final but critical step in your patching strategy should be to report on your success. It is important that upper management see the patch coverage for the entire environment and length of the service. If you are under contract to deploy updates every month, have reports which can prove this. Nothing helps alleviate governance concerns that proving your monthly efforts with “service over time.”

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Patch Tuesday: October Update Includes Sleeper Vulnerability

By News, Patch Management, Patch Tuesday

Patch Tuesday: October Update Includes Sleeper Vulnerability

Microsoft released 59 updates for its monthly Patch Tuesday Update. Beware of a sleeper vulnerability and a patch that is being weaponized.

Microsoft’s October 2019 Patch Tuesday Fixes 59 Vulnerabilities

Microsoft has released 59 updates for its monthly Patch Tuesday Update, much less than September’s release of 80 updates. However, that doesn’t mean you can be complacent—there are still 9 Critical and 49 Important updates to deal with.

CVE-2019-1367 has been re-released and is being weaponized! This out-of-band update was actually released at the end of September, but following several misguided attempts to reassure customers, Microsoft released it to WSUS on October 7 and have released it again today. They also noted the updated patch addresses some ‘quality issues’ in the first versions of the patch. Customers of Syxsense had all versions available to them—including the uninstalls.

Our expert onboarding team helps implement a successful patching strategy to complement every customer’s environment with Syxsense, including the ability to roll back problematic updates.

Beware of a Sleeper Vulnerability

CVE-2019-1311 is only marked as Important, but this could have a huge impact if not addressed. It carries a CVSS score of 7.8 and could allow a sophisticated attack using the same credentials as the victim if exposed.

To exploit the vulnerability, an attacker needs to convince a user to open a specially crafted .WIM file. If you are concerned about moving to newer versions of Windows 10 and being vulnerable to the same attack, we recommend prioritizing this update.

CVE-2019-1340 Windows AppX Deployment Server and CVE-2019-1358 Windows Jet Database Engine also carry high CVSS severities which we recommend prioritizing.

Protect Roaming Users

A recent study revealed that companies are more concerned with protecting corporate networks that they took their eyes off roaming users. Roaming users, especially C-Level executives, were most vulnerable when using hotel or home networks which do not have the highest secure network level firewalls or Host Intrusion Prevention tools.

When choosing a cyber security solution, ensure the security of roaming users whenever they are connected to the internet—you cannot trust your users to connect into VPN.

Adobe Updates

There are no Adobe updates released today. However, keep your eyes peeled because Adobe does not always release updates on the same day as Microsoft.

Patch Tuesday Updates

We have made a few recommendations below which you should prioritize this month:

Our Recommendation CVE Reference Description Severity Publicly Announced Actively Exploited
Yes CVE-2019-1060 VBScript Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1238 VBScript Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1239 VBScript Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1307 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1308 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1333 Remote Desktop Client Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1335 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1366 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1372 Azure App Service Elevation of Privilege Vulnerability Critical No No
 Yes CVE-2019-1311 Windows Imaging API Remote Code Execution Vulnerability Important No No
CVE-2019-0608 Microsoft Browser Spoofing Vulnerability Important No No
CVE-2019-1070 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-1166 Windows NTLM Tampering Vulnerability Important No No
CVE-2019-1230 Hyper-V Information Disclosure Vulnerability Important No No
CVE-2019-1313 SQL Server Management Studio Information Disclosure Vulnerability Important No No
CVE-2019-1314 Windows 10 Mobile Security Feature Bypass Vulnerability Important No No
CVE-2019-1315 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important No No
CVE-2019-1316 Microsoft Windows Setup Elevation of Privilege Vulnerability Important No No
CVE-2019-1317 Microsoft Windows Denial of Service Vulnerability Important No No
CVE-2019-1318 Microsoft Windows Transport Layer Security Spoofing Vulnerability Important No No
CVE-2019-1319 Windows Error Reporting Elevation of Privilege Vulnerability Important No No
CVE-2019-1320 Microsoft Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1321 Microsoft Windows CloudStore Elevation of Privilege Vulnerability Important No No
CVE-2019-1322 Microsoft Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1323 Microsoft Windows Update Client Elevation of Privilege Vulnerability Important No No
CVE-2019-1326 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Important No No
CVE-2019-1327 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2019-1328 Microsoft SharePoint Spoofing Vulnerability Important No No
CVE-2019-1329 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No
CVE-2019-1330 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No
CVE-2019-1331 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2019-1334 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-1336 Microsoft Windows Update Client Elevation of Privilege Vulnerability Important No No
CVE-2019-1337 Windows Update Client Information Disclosure Vulnerability Important No No
CVE-2019-1338 Windows NTLM Security Feature Bypass Vulnerability Important No No
CVE-2019-1339 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important No No
CVE-2019-1340 Microsoft Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1341 Windows Power Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1342 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important No No
CVE-2019-1343 Windows Denial of Service Vulnerability Important No No
CVE-2019-1344 Windows Code Integrity Module Information Disclosure Vulnerability Important No No
CVE-2019-1345 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-1346 Windows Denial of Service Vulnerability Important No No
CVE-2019-1347 Windows Denial of Service Vulnerability Important No No
CVE-2019-1356 Microsoft Edge based on Edge HTML Information Disclosure Vulnerability Important No No
CVE-2019-1357 Microsoft Browser Spoofing Vulnerability Important No No
CVE-2019-1358 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1359 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1361 Microsoft Graphics Components Information Disclosure Vulnerability Important No No
CVE-2019-1362 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2019-1363 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1364 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2019-1365 Microsoft IIS Server Elevation of Privilege Vulnerability Important No No
CVE-2019-1369 Open Enclave SDK Information Disclosure Vulnerability Important No No
CVE-2019-1371 Internet Explorer Memory Corruption Vulnerability Important No No
CVE-2019-1368 Windows Secure Boot Security Feature Bypass Vulnerability Important No No
CVE-2019-1375 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important No No
CVE-2019-1376 SQL Server Management Studio Information Disclosure Vulnerability Important No No
CVE-2019-1325 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability Moderate No No

 

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

The U.S. Government’s Patch Management Problem

By Blog

The U.S. Government’s Patch Management Problem

Businesses are not the only ones experiencing the constant threat of data breaches. The U.S. government has its own fair share of patch management problems.

The Ponemon Institute’s 2018 study of enterprise security and vulnerability found that 57 percent of the organizations queried claimed a data breach had occurred in the past two years because of their failure to apply an available patch they didn’t know about. Even worse, another 34 percent said they knew they were vulnerable and that a patch was available—but they didn’t apply it.

As it turns out, it appears that business enterprises are not the only ones remiss. From all accounts, the U.S. government has its own patch management issues. The continued presence of open-source software in the public sector plays a significant role here, as does the fact that numerous governmental agencies at all levels are hamstrung by legacy IT infrastructure.

The vulnerability time-bomb

According to NextGov, it usually takes about three days for word of a software program’s significant flaws to reach the community of malicious online actors—and for those hackers to figure out how to take advantage of these vulnerabilities.

For a government agency, three days isn’t much time, considering the red tape and bureaucracy that lies between knowledge and action. The reality is, if agency security staffs aren’t working fast enough in their search to find and quarantine or eradicate the flaw, chances are high that the bad guys can do some damage.

Security holes in government departments

Worse, it turns out that federal agencies—including the Departments of Defense, Treasury, and Justice, as well as the Nuclear Regulatory Commission and the Office of Personnel Management—are aware, at least to some extent, of existing security flaws.

Scorecards mandated by the Federal IT Acquisition Reform Act indicating agencies’ levels of cybersecurity and general tech capabilities have shown dismal grades in recent years: Most agencies scored F, F+ or D for multiple metrics on their two 2018 evaluations. The DoD, whose responsibilities include handling some of the most sensitive information in the whole government ecosystem, fares particularly poorly in such assessments, as its own Inspector General’s office confirmed in a December 2018 report.

Bob Metzger, an attorney with the government cybersecurity-focused law firm RJO, said in an interview with NextGov that patch management is a specific part of this problem. Agencies don’t necessarily have any clear process for assessing and patching software. Furthermore, department officials’ knowledge gaps regarding their own technology effectively handicaps any patch management measures they do have.

“I would be very surprised if even a small percentage of federal agencies today had a usable inventory of the open-source components in the software that they rely upon for their critical agency functions,” Metzger explained.

Dealing with open-source concerns

In other words, programs built with at least some open-source components—whether based in long-established languages such as Java or newer code such as Python—are everywhere in the global IT ecosystem, including the U.S. government. It’s unrealistic for any such agency—or, for that matter, any private-sector organization—to completely eradicate the use of such code. It is equally impossible, of course, to ignore the security risks it can pose.

According to Sonatype’s 2019 State of the Software Supply Chain report, 25 percent of all public- and private-sector developers said they underwent a breach caused by flaws in open-source components during 2018. The study also found that such breaches rose in frequency by 75 percent between 2014 and 2018.

What this all points to is simple: Any government agency or business looking to establish reasonable control over risk associated with open-source software and code must set up a patch management strategy immediately. It should include update support, not only for standards such as Microsoft Windows and Apple iOS, but also platforms from third-party software vendors and open-source developers—everything from Chrome, Linux, Java, and Python to individual programs such as Firefox, VLC, Adobe Flash and many more.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Still Relying on WSUS? Here’s Why You Can’t

By Uncategorized

Still Relying on WSUS? Here’s Why You Can’t

In one of the worst patch rollouts in Windows history, Microsoft's surprise zero-day patch for IE was released, but not released, then pushed sporadically, but only in preview, and never explained.

Microsoft’s Patch Disaster

Last week, Microsoft ordered users to immediately download an “emergency” out-of-band security patch meant to close up a security flaw in some versions of Internet Explorer that can be exploited by hackers.

Specifically, the IE zero-day vulnerability (CVE-2019-1367) is a remote code execution flaw that could easily enable an attacker to remotely run malicious code on an affected device and take it over. This vulnerability is so serious that Homeland Security also issued an advisory telling users to download the patch immediately.

But not so fast.

ComputerWorld’s Woody Leonhard reports that, “in what may be the worst rollout in modern Windows patching history, Microsoft rolled all over itself in its handling of IE security hole CVE-2019-1367.” You can read about the full timeline here, but this is what Leonhard concluded:

“September’s surprise zero-day patch for Internet Explorer hole CVE-2019-1367—released, but not released, then pushed sporadically, but only in preview, and never explained.”

In other words, the patch for this serious vulnerability wasn’t available through Windows Update or the Update Server; it was only available as a manual download from the Catalog.

Nevertheless, all Windows users are strongly advised to patch as soon as possible. And remember, if your organization is relying on WSUS to deploy patches, you are still at risk for CVE-2019-1367.

Syxsense can scan all your machines, deploy the patch, and report back the all clear. We take patching seriously, and you can start a trial of our Syxsense here.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo