Skip to main content
Monthly Archives

December 2019

||

How to Handle Windows 7 End-of-Extended-Support

By News, Patch ManagementNo Comments

How to Handle Windows 7 End-of-Extended-Support

After 10 years since its release, Windows 7 and Server 2008/R2 (extended) support will be finally coming to an end soon.

What are Windows Extended Security Updates?

After 10 years since its release, Windows 7 and Server 2008/R2 (extended) support will be finally coming to an end on January 14, 2020. This means that routine security and optional updates will no longer be provided for the operating system, leaving many with unaddressed vulnerabilities and potentially no support from hardware manufacturers.

In January, these devices will receive their last updates. and will not receive any after that, unless administrators decide to opt-in (and pay) for Extended Security Updates (ESU) from Microsoft. These updates are designed as a stopgap and will become more expensive every year since Microsoft wants businesses and organizations to migrate to the newest versions of Windows. This means that consumers (home devices) cannot purchase these updates since they’re only available for organizations.

How are Extended Security Updates Obtained?

Once Windows 7 and Server 2008/R2 reaches End of Support, the operating system will no longer receive updates and will require new licensing to continue receiving updates.

Extended Security Updates can be purchased in 12-month increments (customers cannot purchase any shorter terms than 12-months). The updates are available to businesses and organizations of any size; however, the pricing will be different between volume licensed and non-volume licensed organizations.

Also, although end of support is January 14, 2020, organizations can purchase ESU at any time during the three years that the offer is available; however, if an organization waits and purchases ESU for the first time in year two or year three, they will have to pay for the preceding years also. This is because the security updates that are offered under the ESU program are cumulative.

Microsoft has also not published any limits on licensing, so technically an organization can purchase updates for just one device.

Once Extended Security Updates are purchased through Microsoft, or a Cloud Solution Provider (CSP), the organization will receive new activation details so that the unsupported devices can still receive new security updates throughout the year. Again, updates are purchased annually in 12-month terms, up to 3 years until Extended Security Updates is no longer offered (January 10, 2023).

An organization that uses volume licensing to manage on-premises deployments can use it to deploy ESU to the covered devices. When an organization purchases Windows 7 ESU, Microsoft provides a Multiple Activation Key (MAK) in the VLSC. This MAK key is independent of the Windows 7 activation key and can work in parallel together with a KMS activation deployment.

Is Technical Support Included with ESU?

No. Customers that purchase directly from Microsoft (for example, volume licensed customers or CSP-direct Partners) can use an active support contract such as Software Assurance or Premier/Unified Support to request assistance with Windows 7. Partners can also use their Partner Support Plans to request assistance with Windows 7.

What Other Products/Services are Affected on January 14, 2020?

Not just Windows 7 and Windows Server 2008/R2 are affected on January 14, 2020. Many Windows 7 users rely on Microsoft Security Essentials as a security application and at this time, there is no extended support planned for this product.

What if the Windows 7 or 2008/R2 Licenses Aren’t Extended?

Post-December 2019 Patch Tuesday (after KB4530734 has been deployed), Microsoft is planning to push a full-screen notification after January 15, 2020, to those still running the operating systems, making it clear that the devices are indeed out of support (this notification will not appear on domain-joined devices or devices in kiosk mode).

Other than this notification, nothing else will occur for these unsupported devices and they will remain vulnerable. The remaining options are clear:

  • Extend support for Windows 7 or 2008/R2 devices by paying extra each year for each device
  • Retire the instance of the operating system and move to the supported Windows 10 or newer versions of Windows Server

Manage and Secure Your Environment

Syxsense offers patch management for Windows 7, Windows 8, Windows 8.1, Windows Server 2008 R2, Windows Server 2012. Rest assured that as new OS’s are released, your older desktops, laptops and servers will not be security loopholes for hackers.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

December Patch Tuesday Fixes Actively Exploited Zero-Day

By Patch Management, Patch TuesdayNo Comments

Microsoft’s December 2019 Patch Tuesday Fixes Actively Exploited Zero-Day

The final Patch Tuesday of the decade fixes 36 vulnerabilities, including 7 that are rated "Critical."

What’s in December’s Patch Tuesday Update?

Microsoft has given users an easier holiday season by releasing only 36 updates today. There are 7 Critical, 28 Important and 1 Moderate updates to deal with.

If you’re counting the small number of patches, that would appear to be accurate, however, underneath this list is a number of updates you should be very concerned about.

Hello XP, My Old Friend

Can it be true? Yes, in fact—an important Remote Desktop Protocol vulnerability for Windows XP has been identified (CVE-2019-1489) in this release. The problem is that updates are not actually available for this operating system as it became end of life in 2014.

Robert Brown, Director of Services for Syxsense said. “Windows XP is still in used today, many organizations which use legacy software or hardware that only supports this operating system should pay particular attention. One of the attacker’ favorite methods of entry is via the Remote Desktop Protocol. If your organization is large enough, please take all reasonable steps to protect your environment.”

CVE-2019-1458 has been released to solve a bug which is being weaponized! This vulnerability should be treated as an ‘Out-of-Band’ as it impacts Windows 7 onwards and has no known countermeasure to mitigate your risk. This type of vulnerability has regularly appeared throughout this year, so patch this as soon as possible.

Not Critical Severity, But Still High Priority

CVE-2019-1476, CVE-2019-1477, CVE-2019-1478, CVE-2019-1483, CVE-2019-1484, CVE-2019-1453, CVE-2019-1485 and CVE-2019-1384 have only been ranked as Important by Microsoft, however the independent CVSS Score has ranked these between 7.5 and up to 7.8 which would indicate these are important enough to prioritize.

Based on those CVSS scores, they rank alongside some of Critical ones ranked by Microsoft.

New Adobe Updates

Adobe released a record number of 25 updates for Adobe Reader, Bracket, Fusion and Photoshop. Adobe Reader has the bulk of these fixes however Photoshop and Fusion contain the Critical updates. Both Syxsense and Adobe recommend these Critical updates be deployed within the next 7 days.

December 2019 Patch Tuesday Update

Based on the vendor severity and CVSS score, we have made a few recommendations for what to prioritize this month.

 

CVE Ref. Description Vendor Severity CVSS Base Score Counter-measure Publicly Aware Weaponised Syxsense Secure Recommended
CVE-2019-1458 Win32k Elevation of Privilege Vulnerability Important 7.8 No No Yes Yes
CVE-2019-1468 Win32k Graphics Remote Code Execution Vulnerability Critical 8.4 No No No Yes
CVE-2019-1471 Windows Hyper-V Remote Code Execution Vulnerability Critical 8.2 No No No Yes
CVE-2019-1476 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2019-1477 Windows Printer Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2019-1478 Windows COM Server Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2019-1483 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2019-1484 Windows OLE Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2019-1453 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Important 7.5 No No No Yes
CVE-2019-1485 VBScript Remote Code Execution Vulnerability Important 7.5 No No No Yes
CVE-2019-1349 Git for Visual Studio Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2019-1350 Git for Visual Studio Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2019-1352 Git for Visual Studio Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2019-1354 Git for Visual Studio Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2019-1387 Git for Visual Studio Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2019-1470 Windows Hyper-V Information Disclosure Vulnerability Important 6 No No No
CVE-2019-1465 Windows GDI Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1466 Windows GDI Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1467 Windows GDI Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1469 Win32k Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1472 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1474 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1480 Windows Media Player Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1481 Windows Media Player Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1488 Microsoft Defender Security Feature Bypass Vulnerability Important 3.3 No No No
CVE-2019-1332 Microsoft SQL Server Reporting Services XSS Vulnerability Important TBA No No No
CVE-2019-1400 Microsoft Access Information Disclosure Vulnerability Important TBA No No No
CVE-2019-1461 Microsoft Word Denial of Service Vulnerability Important TBA No No No
CVE-2019-1462 Microsoft PowerPoint Remote Code Execution Vulnerability Important TBA No No No
CVE-2019-1463 Microsoft Access Information Disclosure Vulnerability Important TBA No No No
CVE-2019-1464 Microsoft Excel Information Disclosure Vulnerability Important TBA No No No
CVE-2019-1486 Visual Studio Live Share Spoofing Vulnerability Important TBA No No No
CVE-2019-1487 Microsoft Authentication Library for Android Information Disclosure Vulnerability Important TBA No No No
CVE-2019-1489 Remote Desktop Protocol Information Disclosure Vulnerability Important TBA No No No
CVE-2019-1490 Skype for Business and Lync Spoofing Vulnerability Important TBA No No No
CVE-2019-1351 Git for Visual Studio Tampering Vulnerability Moderate TBA No No No

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Endpoint Security 2020: What You Need to Know

By Patch ManagementNo Comments

Endpoint Security 2020: What You Need to Know

Endpoint security and cybersecurity need to become a top priority in your enterprise’s business plans in 2020 and beyond.

The Challenge of Endpoint Security

From all accounts, dealing with endpoint security is only going to get harder. In fact, according to an article on SolutionsReview, by Ben Canner, it “looks poised to become more complex” in 2020. What new elements can make it even more challenging to implement?

For one, organizations must adapt to the increasing complexity of hackers and their cyberattacks in 2020. Hackers never sleep; instead, they continually work to improve their cyberattacks, constantly evolving the threat landscape. Therefore, “your business must deploy an endpoint security solution that can keep up with this deluge of malware,” explains Canner.

What’s more, companies must adapt to the changing technological landscape when considering cybersecurity. Different devices and network connections require different endpoint capabilities to protect them. “After all,” writes Canner, “the threats facing these new technologies won’t resemble the threats of the past.”

Louis Columbus, writing on Forbes, goes even further, suggesting that protecting endpoints will be paramount in the future. “Attacking endpoints with AI, bots, and machine learning is gaining momentum with cybercriminals today with no signs of slowing down into 2020, making endpoint security a must-have cybersecurity goal for next year.”

Cyberattacks are Getting More Sophisticated

Cyberattacks are growing more complex and difficult to prevent, and this will only accelerate in the future, thus making endpoint security a top goal in 2020. Cybercriminals, he explains, are using structured and unstructured machine learning algorithms to hack organizations’ endpoints with increasing frequency. “Endpoint attacks and their levels of complexity will accelerate as cybercriminals gain greater mastery of these techniques,” he notes.

Simple economics come into play, as well. Some sources say that cybercrime costs the global economy $400-plus billion a year, with the cost of an average data breach expected to exceed $150 million by 2020. The cost of cybercrime will continue to increase as more businesses and consumers migrate to the cloud, notes an article on World Wide Technology.

In response to all of this, observes Columbus, endpoint protection providers are adopting machine learning-based detection and response technologies; providing more cloud-native solutions that can scale across a broader range of endpoints; and designing in greater persistence and resilience for each endpoint.

He also points to a recent IDC survey, Do You Think Your Endpoint Security Strategy Is Up to Scratch?, which says that “companies should seek to build resilience—on the assumption that breaches are inevitable—and look for ‘security by design’ features that facilitate or automate detection and recovery.” IDC surveyed 500 senior security executives globally.

Protect Your Organization from Threats

WWT suggests that “the easiest way to examine endpoint protection solutions is to look at those designed to secure endpoints before an attack versus those focused on containing a breach after an attack. An endpoint protection suite (EPS) covers the window of compromise between vulnerability and breach and is the best defense before a breach occurs. This suite will deliver the critical security components, while providing security intelligence, operational availability and maximising business productivity.”

Another survey, this one from SANS, shows that, while conventional devices such as desktops and servers represent the largest segment of endpoints connected to the network, come 2020 and beyond, the number and variety of endpoints will grow quickly. “Building security and control system devices are being gathered under the umbrella of endpoint management, and business needs are driving the inclusion of both employer-owned and employee-owned mobile devices,” SANS reports.

Organizations are still being compromised, it says, with the primary target data being logins, access control, and sensitive information. Accordingly, the most common device targets will be desktops, laptops, and servers, since they are most likely to contain that kind of information. Regarding the future: “As mobile devices become more prevalent on company networks, these devices are likely to become targets more often.”

How to Manage Endpoint Security in 2020

What needs to change in 2020, according to the IDC research, is that many organizations must manage endpoint security strategically, have an inconsistent approach across different endpoint types, and begin to fully comprehend the risks associated with all endpoints.

Not doing so “results in inadequacies in processes and procedures, such as failing to include security capabilities in endpoint procurement requirements or retaining legacy devices even after they are found to have intrinsic security vulnerabilities,” IDC writes.

Organizations, in the coming years, need to understand that when acquiring new devices, security must be a primary consideration, after factors such as cost and performance. “What organizations fail to appreciate,” states IDC, “is that once an endpoint has been compromised and provided an entry point to their network, the cost and damage to the business can be far greater than the savings they made or gains they achieved.”

So, what are some of the issues to be on the lookout for as we begin the ‘20s in a couple of months? The IDC research offers up these:

  • Threats to endpoints come at all levels (firmware, BIOS, OS, application layer)
  • Firmware-level malware infections threaten all endpoints from PCs to printers
  • Intrinsically vulnerable devices should be retired according to strictly enforced policy
  • Start with good security hygiene across PCs and printers
  • Incorporate endpoint security within overall cybersecurity strategy and ensure you remain up to date with threat trends
  • Include all endpoints equally in the endpoint security plan, not just PCs.

What Will Threaten Endpoint Security in 2020?

Finally, Solution Review’s Canner list some specific examples of what can threaten endpoint security in 2020:

Internet of Things (IoT): The IoT market continues to grow as more enterprises incorporate it into their networks. IoT attacks look to grow exponentially over the next year. In 2019 alone, endpoint security provider F-Secure found threats to IoT devices increased by 300 percent. Given the reality of IoT devices, next-generation endpoint security can help protect these devices in 2020. In fact, modern endpoint security can help you discover IoT devices which may otherwise become blind spots in your network.

Proliferation of Mobile Device: According to Verizon’s Mobile Security Index 2019, mobile device security threats grow faster than any other. Of course, mobile devices not only proliferate in enterprise IT infrastructures—they thrive. Bring-your-own-devices cultures (BYOD) have become popular in businesses of all sizes. Endpoint security must be ready for all of this in 2020.

Ransomware, Fileless Malware, and Other Penetrative Threats: Malware continues to plague enterprises, even as cybersecurity focuses on identity-based attacks. Ransomware, Fileless Malware, Cryptocurrency Mining, and other threats could damage your business processes and your long-term reputation.

New Year, New Priorities

Endpoint security and cybersecurity overall need to become a priority in your enterprise’s business plans. Cybersecurity doesn’t just protect your business; it preserves your reputation, reassures your customers, and streamlines your business processes. Without the necessary prioritization which cybersecurity demands, your endpoint security will most likely fail.

Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across your entire environment. Start the new year with a powerful solution that you can confidently and consistently rely on.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo