Skip to main content
Monthly Archives

March 2020

||

Windows 10 Remote Work Bug: Zero-Day Vulnerability

By Blog, Patch ManagementNo Comments

Windows 10 Remote Work Bug: Zero-Day Vulnerability

New patches are available to address a Microsoft zero-day vulnerability, however these updates are not being made available in WSUS.

More VPN Woes Amid Zero-Day Microsoft Vulnerability

With the unprecedented amount of staff working from home, the VPN is now more in demand than ever. Any IT professional whose remote workforce depends on VPN will be concerned about today’s zero-day vulnerability released by Microsoft.

The out-of-band optional update is now available on the Microsoft Update Catalog to address a known issue whereby devices using a proxy, especially those using a virtual private network (VPN), might show limited or no internet connection status.

This should be simple enough, however these updates are not being made available via WSUS, so an alternative method must be adopted this time around.

Users of Syxsense will find the following patches in their console for immediate deployment:

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
March 31, 2020
Love0
|End of Life Reboot Requirements|

Important Windows Reboot Requirements

By Patch ManagementNo Comments

Important Windows Reboot Requirements

The most recent release of Microsoft updates includes an important reboot and critical patches to prepare Windows 7 and Windows Server 2008R2 for the support extension.

Critical Updates & Essential Windows Reboot

In the most recent release of Microsoft updates, Microsoft has included updates to prepare Windows 7 and Windows Server 2008 R2 for the support extension following the end of life on January 14, 2020.

Even if you have not purchased the extension, these updates are crucial and are required.

The following updates are part of that preparation stack and some go back to 2016:

  1. KB4041678
  2. KB3205394
  3. KB3197867
  4. KB3192391

It is important to note the vendor’s reboot discipline requirements for these updates, as a reboot is essential after each update is installed.

How Syxsense Can Help

This can be easily achieved within the Syxsense console, by separating these into simple, scheduled deploy and reboot tasks. Once rebooted, you can fully update the device without any further end user disruption.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
March 24, 2020
Love0
|||

Syxsense Announces the Release of Vulnerability Scanning

By Press ReleaseNo Comments

Syxsense First to Provide Complete IT Management, Patching, and Security Vulnerability Scans in a Single Cloud Solution

Syxsense announces the addition of a Security Vulnerability Scanner, making Syxsense Secure the first product to combine IT Management, Patching and Security Vulnerability Scans in a Single Cloud Solution.

Syxsense First to Provide OS Patching and Security Scans in the Same Product

ALISO VIEJO, Calif. (March 19, 2019) –Syxsense, a global leader in IT and security management solutions, announced the addition of a Vulnerability Scanner as an enhancement to its Syxsense Secure product.

“The latest release of Syxsense Secure gives IT the ability to manage and secure vulnerabilities and security weaknesses exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations,” explained Syxsense’s Chief Executive Officer, Ashley Leonard.

Syxsense Secure includes malicious process monitoring, automated device quarantine, real-time alerting, and live data that indicates the health of all endpoints in your network or roaming devices. Built on our real-time cloud endpoint management technology, Syxsense creates a baseline defense against known threats by ensuring devices are current with the latest software updates and security patches.

Traditional IT management solutions are unable to see attack vectors, such as open ports, insecure passwords, and ineffective user policies that can lead to brute-force attacks.

Syxsense provides visibility and remediation of operating system and third-party vulnerabilities; adding security scans allows an organization to keep their attack surface even smaller, increasing cyber resilience and reducing breach risk.

“For the first time, teams can collaborate in a single console to know and close attack vectors,” concluded Leonard. “Only Syxsense Secure combines the scanning capabilities of a security and vulnerability scanner with the deployment and management capabilities of an IT management solution all delivered from the cloud.”

Start a Free Trial

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
March 19, 2020
Love0
|||

Does Patch Management Really Matter?

By Patch ManagementNo Comments

Does Patch Management Really Matter?

How important is a reliable patch management strategy? The Equifax breach of 2017 illustrates how dangerous it can be to avoid the question.

How Important is Patch Management?

Anyone wondering about the necessity of patch management best practices might want to ask someone at Equifax how critical it can be.

There are arguably no more pointed or higher-profile examples of the worst-case consequences arising from lax platform patching habits than the 2017 Equifax breach. And as tough an act to follow as exposing the sensitive information of about 148 million Americans might be, it’s dangerous to believe the sort of malicious actors responsible for hacking the credit bureau don’t plan to match or exceed that incident’s degree of damage.

Promptly applied security patches can be a matter of life and death for your data and your customers.

The Urgency of Patch Management

Applying patches in a timely manner is common sense. Ideally, they should be applied as soon as they become available. The Equifax breach illustrates how dangerous it can be for any organization to sit on its hands and not correct obvious issues affecting the software it’s using.

Apache Struts, which carried the flaw eventually leading to the hack, is Java-based. Its security problems were known well before the incident. Oracle announced the Struts vulnerability on March 7, 2017, and the Department of Homeland Security’s U.S. Computer Emergency Readiness Team alerted Equifax a day later.

The US-CERT even told the financial services firm (and Big Three credit bureau) that other corporations had already borne the brunt of cyberattacks made possible by the Struts glitch. Equifax didn’t apply the patch on a broad enough scale, the breach occurred in July of that year, and the rest is history.

Who Holds the Most Responsibility?

There’s no simple answer to this question, but certain details of the Equifax breach and its aftermath point toward the truth.

Software, app and code developers catch a great deal of flak when their products fail. Oracle, which has held the mantle of Java stewardship since its 2008 acquisition of Sun Microsystems, took a reasonable share of criticism from that date forward for Java’s issues, according to TechTarget.

Much of the anger over the 2017 breach ultimately went in Equifax’s direction rather than Oracle’s despite the latter bearing systemic responsibility. The credit bureau’s mistakes even became the subject of an inquiry by the U.S. Congress, which sharply rebuked the failures of leadership to ensure patch management across the organization.

After the congressional report, former Equifax CEO Richard Smith (who was purged post-breach along with the company’s CIO and CISO), the disgraced executive blamed an unnamed IT staffer for not communicating the urgency of manual patch application in certain legacy operating systems.

What does this all add up to? While Oracle and other developers are responsible for releasing patches to vulnerable software, the organizations using it must pay close attention to security updates and ensure they’re applied as soon as possible.

Fundamentals of Effective Patch Management

It’s debatable whether or not there can be any one-size-fits-all patch management strategy to establish definitive security control over your organization’s various operating systems and applications. But there are certain practices that most would agree upon.

  • For one, as illustrated in Michael Hoehl’s SANS Institute paper on patch management, the process should have a distinct lifecycle. Once a program’s vulnerability becomes known, customers should review the threat, determine if it will affect their operations, patch assets that are most vulnerable, test the update’s viability, verify patch placement, and repeat the process as needed.
  • It may also be beneficial to establish a dedicated team within IT to closely handle patch management.
  • Applied alongside automated patch rollout and a clear policy incorporated into an organization’s handbook, the team (sometimes called a patch vulnerability group) can help ensure all bases are covered.

Then there’s one critical element that’s sometimes forgotten: comprehensive device oversight. For example, device scans checking for vulnerabilities (or successful patch application) must run while all relevant devices are online. Trying to do this across multiple different platforms may be ineffective.

How Syxsense Can Help

Syxsense unites the patch management process under one web console, instantly providing a real-time window into the security of thousands of devices throughout your organization.

Coupled with additional IT management functions appropriate for Microsoft, Linux, Adobe, Java and Chrome, the platform allows you to promptly apply essential patches and greatly mitigate the risks posed by application flaws.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
March 13, 2020
Love0

Microsoft Zero Day Patch

By Patch ManagementNo Comments

Microsoft have released an update for Windows 10

Microsoft Zero Day – KB4551762

 

Microsoft have released an update for Windows 10 to protect your environment from an imminent threat.  A full description of this update can be found here: https://support.microsoft.com/en-us/help/4551762/windows-10-update-kb4551762

 

The vulnerability is marked as Critical and carries a CVSS score of 10.0 which is the highest score available.

 

We have completed our internal testing and based on this evidence; plus, information we have seen in the community relating to potential issues with 32bit application compatibility we are recommending a careful deployment of this patch.  We would recommend waiting at least 24 hours before a site wide deployment.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
March 13, 2020
Love0
|||||||See and Stop Every Cyber Threat with Syxsense

The Cyber Impact of Coronavirus

By BlogNo Comments

The Cyber Impact of Coronavirus

With the rise of COVID-19, prepare for the cyber risks that your network could become exposed to when employees start working from home.

Work-from-Home Security with Coronavirus

For offices around the world, the possibility of having to send employees home indefinitely as the virus spreads is becoming very real. If your organization hasn’t needed work-from-home policies in place before now, it’s time to start building them. Here are some considerations to ensure your technology and security are ready for the cyber risks that your network becomes exposed to when employees work from home.

In recent weeks, precautions have been published by national health authorities in response to the Coronavirus (COVID-19) outbreak, as the World Health Organization declared the virus an international pandemic emergency on March 11, 2020.

The virus—a flu-like illness with a higher R0 score–has recently made its way to the U.S and Europe. This has caused a surge in organizations that are examining the risks involved with allowing employees to work from home.

Big corporations like Facebook and Microsoft are seeing the outbreak’s effects first. These were some of the first to send employees out to work from home—closing down entire office locations in some areas to prevent the spread of the virus. But for smaller organizations and those that haven’t incorporated remote working before now, haphazardly trying to have all employees work from home is a serious security risk.

As CDC professionals work to get a handle on this human virus, Syxsense combats the types of computer viruses that will undoubtedly affect remote workers and organizations during the coming influx of work-from-home.

What are the cybersecurity risks of working from home?

  • Home devices are likely to have unpatched and out-of-date software
  • Exposing sensitive corporate data
  • Wider attack vector for attackers

Preparing for Remote Users

A great first step is to think about and protect the endpoint from which the employee will be working.

Is it a laptop that belongs to your organization? It should already be subject to your organization’s cyber protections, including security software, rules regarding local admin access, web filtering, and application control. If you don’t have those protections in place, this is where you need to start.

For endpoint security, we recommend focusing on implementing key security solutions: patch management to quickly remediate potential security gaps, endpoint detection and response (EDR) to monitor for cyberattack activities on the endpoint device. In addition, we also recommend Two-factor Authentication (2FA) on important accounts, especially your remote access tool.

MFA is becoming more critical as organizations grow more digitally connected. Enabling MFA on user accounts, most-used online solutions, and other business tool accounts can ensure that a “hacked” password or a lucky guess isn’t the only layer of defense that stands between your accounts and a “bad guy” on the other end.

Patching is Critical

As more business infrastructure gets connected, Juniper Research data suggests that cybercrime will cost businesses over $2 trillion total. Nearly 60% of companies have experienced web-based attacks, phishing, social engineering attacks, malicious code, and botnets. 43% of attacks target small businesses with an average of 39 seconds between attacks.

Combining security scanning and patch management in a single console, Syxsense is the only product that not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans.

If you’re not able to provide your employees with laptops or workstations they can take home, then you’ll need to make sure you have some way to protect their personal devices with standards similar to those of your corporate environment. This is vital, because there is a very real chance that some of your employees’ home devices may already be compromised.

The majority of home users, despite expressing security concerns, fail to follow cybersecurity best practices in their digital lives outside of work. In addition, many home laptop and desktop computers remain unprotected from malware and computer viruses, with one estimate showing that about 1/3 of computers worldwide become infected with malware (750 million in 2018).

Consider making your company’s security software available for your employees to install on their home systems, with emphasis on your Malware Prevention or AV. While this incurs some additional cost and administrative overhead, it may protect you from an easily-exploited attack vector. For added visibility into endpoint activity and security, consider adding an Endpoint Detection and Response (EDR) solution to alert on abnormal device behavior and signs of malicious attack activity.

Be aware that having your teams work from home using personal computers can introduce security risk factors that are out of your control—by allowing personal device use for company work, you are accepting that risk.

Provide Remote Access

  • Will you be using a remote desktop solution?
  • Are you going to allow direct connectivity to your corporate servers from remote employees?
  • Do most of your employees only require connectivity to a few cloud-based applications?

Your answers to these questions will dictate what sort of protections you need to put in place and what regulations to implement on the connectivity between your remote users and your internal infrastructure.

Ideally, you’ll want to put as many of the same protections in place for remote workers as you have for in-office workers. Make sure you’re scanning and logging all possible sessions, including VPN (Virtual Private Network) and RDP (Remote Desktop Protocol) logins, web traffic, SMB (Server Message Block) protocol access. If your firewall/VPN solution allows it, you should scan and log all sessions between your remote user and your internal systems, as well as restrict traffic to only what is necessary for each remote worker’s job role.

Whether your users will be working from company devices or whatever they’ve got at home, you want to ensure that you’re protected against data loss and theft as they access and share files across networks. This could mean implementing secure Remote Desktop solutions for users to work from and allowing users to use a corporate VPN to secure their connection when working from public or home wireless networks. If users’ traffic is as protected as possible, the risk of remote connectivity decreases significantly.

If possible, use web content filtering to continue to protect your remote employees from malicious websites and to preserve productivity.

Take advantage of two factor authentication everywhere possible. Specifically, protect your remote VPN, cloud applications, and admin sessions. While a token-based MFA solution like Google authenticator or FortiToken is best, any secondary authentication like SMS or email-based will be better than single factor logins.

Have a Support Plan for Remote Users

Your IT staff will likely need some remote support tools and be familiar with them when the time comes—especially if your work force isn’t used to working remotely. The number of calls to your support desk will increase dramatically, so make sure you’re ready to handle the influx of users struggling with new technologies for the first time.

An organization with a well-designed security policy and disaster recovery plan may find they already have a lot of these solutions in place. Working from home need not be any less secure than your office environment – just be sure to do some planning, set up some policies, and put effective measures in place.

In summary, here are some key Do’s and Don’ts for incorporating remote working into your organization:

Don’t:

  • Let your users use their home devices, if possible
  • Allow high-level asset access from remote users
  • Leave port 3389 (RDP) open and unsecured to the internet
  • Allow remote access to any administrative functions without requiring MFA. If possible, secure ALL remote connectivity with MFA.

Do:

  • Provide remote assistance options. End-users will most likely require aid while working remotely and Syxsense effortlessly provides remote control and monitoring tools, regardless of where the device(s) reside.
  • Log all remote access. If possible, log all sessions from VPN users to internal resources. Syxsense can be configured to allow remote users to securely remote connect back to corporate resources with end-user access, while ensuring the required authentication steps as well as logging all access.
  • Use MFA on every platform that supports it. The Syxsense console itself supports 2FA through Google Authenticator and email, as well as single sign-on through Okta and Azure.
  • Provide locked-down, encrypted systems (laptops, desktops or tablets) for your employees’ use. Syxsense always leverages a highly-secure connection back to the cloud to protect each and every device from external threats. Syxsense can also proactively monitor potential vulnerabilities while on external networks, but also quarantine devices should they offend corporate policy.
  • Keep all remotely accessible systems fully patched. Syxsense can easily schedule-up patch deployments for OS and third-party updates whenever desired, whether on-demand or on a routine basis whenever the device is best available. This ensures the latest vulnerabilities are remediated in a timely manner, even with zero-day situations or upgrades to Windows.

Turn to Syxsense for More Secure Endpoints

Endpoint security is a complex and multifaceted issue requiring vigilance and cooperation across all departments within any given organization. Turning to the broad complement of endpoint security solutions offered by Syxsense will be an excellent place for you to start.

  • For a “one-stop-shop” with vulnerability scanning, patch management and endpoint detection and response in one package, look no further than Syxsense Secure. Available as a standalone software product or alongside 24/7 managed services from our dedicated, experienced team.
  • The similarly comprehensive Syxsense Manage solution offers additional endpoint, OS and patch management oversight to complete the picture of meticulous and wide-ranging threat management.

Begin your organization’s journey toward airtight endpoint security with a free trial of Syxsense’s products and services.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
March 11, 2020
Love0
|Patch Tuesday: March Updates|

Microsoft’s March Patch Tuesday is Absolutely Massive

By Patch Management, Patch TuesdayNo Comments

Microsoft’s March 2020 Patch Tuesday is Absolutely Massive

Right on schedule, the official Patch Tuesday updates have arrived for March, including 115 vulnerability fixes. Catch up on the latest news from Microsoft and start patching.

March Patch Tuesday Updates are Now Available

Microsoft Patch Tuesday has officially arrived with 115 new patches. There are 26 Critical patches with the remaining marked Important and Moderate.

Support for Windows 7 and Windows Server 2008 (including R2) was officially ended in January, but there are plenty of updates released this month for customers who have purchased an extension agreement.

Robert Brown, Director of Services for Syxsense said, “A large portion of the Critical updates released today are for the Internet Explorer browser, including four of these CVEs for Windows 7. Even if your corporate policy is to use an alternative browser, if your devices have the IE binaries on the system drive, then you must patch.”

New Windows 7 Vulnerabilities

For those still using this legacy operating system, we have listed the updates you need to prioritize in this Patch Tuesday:

  1. CVE-2020-0832, CVE-2020-0833, CVE-2020-0824, CVE-2020-0847 – Internet Explorer 11 – In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
  2. CVE-2020-0844 – Connected User Experiences and Telemetry Service – The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations.
  3. CVE-2020-0645 – Microsoft IIS Server Tampering – The update addresses the vulnerability by modifying how IIS Server handles malformed request headers.
  4. CVE-2020-0788, CVE-2020-0877, CVE-2020-0887 – Win32k Elevation – The update addresses this vulnerability by correcting how Win32k handles objects in memory.
  5. CVE-2020-0787 – Windows Background Intelligent Transfer Service – The security update addresses the vulnerability by correcting how Windows BITS handles symbolic links.
  6. CVE-2020-0769 – Windows CSC – The security update addresses the vulnerability by correcting how the Windows CSC Service handles memory.
  7. CVE-2020-0849 – Windows Hard Link – The security update addresses the vulnerability by correcting how Windows handles hard links.
  8. CVE-2020-0779 – Windows Installer – The security update addresses the vulnerability by modifying how reparse points are handled by the Windows Installer.
  9. CVE-2020-0778 – Windows Network Connections Service – The security update addresses the vulnerability by ensuring the Windows Network Connections Service properly handles objects in memory.

Syxsense Recommendations

Based on the vendor severity and CVSS score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

 

<

CVE Ref. Description Vendor Severity CVSS Base Score Counter-measure Publicly Aware Weaponized Syxsense Recommended
CVE-2020-0852 Microsoft Word Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-0905 Dynamics Business Central Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-0684 LNK Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-0801 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0807 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0809 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0869 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0768 Microsoft Browser Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-0830 Microsoft Browser Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-0832 Scripting Engine Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-0833 Scripting Engine Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-0824 VBScript Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-0847 VBScript Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-0881 GDI+ Remote Code Execution Vulnerability Critical 6.7 No No No Yes
CVE-2020-0883 GDI+ Remote Code Execution Vulnerability Critical 6.7 No No No Yes
CVE-2020-0811 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0812 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0816 Microsoft Edge Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0823 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0825 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0826 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0827 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0828 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0829 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0831 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0848 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0844 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0793 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0762 Microsoft Defender Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0763 Microsoft Defender Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0808 Provisioning Runtime Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0788 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0834 Windows ALPC Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0787 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0769 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0771 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0819 Windows Device Setup Manager Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0810 Windows Diagnostics Hub Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0776 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0858 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0772 Windows Error Reporting Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0806 Windows Error Reporting Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0791 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0840 Windows Hard Link Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0841 Windows Hard Link Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0849 Windows Hard Link Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0896 Windows Hard Link Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0798 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0814 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0842 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0843 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0799 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0822 Windows Language Pack Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0802 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0803 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0804 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0845 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0857 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0867 Windows Update Orchestrator Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0868 Windows Update Orchestrator Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0797 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0800 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0864 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0865 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0866 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0897 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0758 Azure DevOps Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0815 Azure DevOps Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0700 Azure DevOps Server Cross-site Scripting Vulnerability Important TBC No No No
CVE-2020-0903 Microsoft Exchange Server Spoofing Vulnerability Important TBC No No No
CVE-2020-0893 Microsoft Office SharePoint XSS Vulnerability Important TBC No No No
CVE-2020-0894 Microsoft Office SharePoint XSS Vulnerability Important TBC No No No
CVE-2020-0795 Microsoft SharePoint Reflective XSS Vulnerability Important TBC No No No
CVE-2020-0891 Microsoft SharePoint Reflective XSS Vulnerability Important TBC No No No
CVE-2020-0884 Microsoft Visual Studio Spoofing Vulnerability Important TBC No No No
CVE-2020-0850 Microsoft Word Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0851 Microsoft Word Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0855 Microsoft Word Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0892 Microsoft Word Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0872 Remote Code Execution Vulnerability in Application Inspector Important TBC No No No
CVE-2020-0902 Service Fabric Elevation of Privilege Important TBC No No No
CVE-2020-0789 Visual Studio Extension Installer Service Denial of Service Vulnerability Important TBC No No No
CVE-2020-0770 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0773 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0860 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0645 Microsoft IIS Server Tampering Vulnerability Important 7.5 No No No
CVE-2020-0854 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2020-0786 Windows Tile Object Service Denial of Service Vulnerability Important 7.1 No No No
CVE-2020-0690 DirectX Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0877 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0887 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0876 Win32k Information Disclosure Vulnerability Important 7 No No No
CVE-2020-0898 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0779 Windows Installer Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0778 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0780 Windows Network List Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0781 Windows UPnP Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0783 Windows UPnP Service Elevation of Privilege Vulnerability Important 7 No No No

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
March 10, 2020
Love0
|Support Ending for Windows 1709||

Windows 1709 Enterprise Support Ending

By NewsNo Comments

Windows 1709 Enterprise Support Ending

Support for Microsoft Windows 10 Version 1709 on organizational editions will be ending on April 14. Microsoft has started recommending an update before the forced upgrade begins.

Support is Ending for Windows 1709 Enterprise

Support for Microsoft Windows 10 Version 1709 (Fall Creators Update), on organizational editions, will be ending on April 14, 2020. Microsoft has already started recommending an update for all organizations before the forced upgrade will begin.

Upgrades for organizational editions is a bit trickier as many environments with Enterprise or Education editions don’t have a method for upgrading the operating system.

“Windows 10, version 1709 will reach the end of servicing on April 14, 2020,” Microsoft states on their website. “This applies to the following editions of Windows 10 released in October of 2018: [sic] (October of 2017)

  • Windows 10 Education, version 1709
  • Windows 10 Enterprise, version 1709
  • Windows 10 IoT Enterprise, version 1709

“These editions will no longer receive security updates after April 14, 2020. Customers who contact Microsoft Support after this date will be directed to update their device to the latest version of Windows 10 to remain supported.”

Upgrade as Soon as Possible

Despite this only applying to enterprise licenses of Windows 10 (since Home and Pro, version 1709, has already been unsupported since April of 2019), it’s still imperative for all unsupported versions to be upgraded as soon as possible. Any unsupported devices will not receive the latest and greatest quality updates (monthly updates) from Microsoft and will be left open to vulnerabilities until upgraded.

Earlier in 2019, Microsoft officials stated that they were putting AI algorithms in place that would automatically update those on older variants of Windows 10 directly to the latest, via the Windows Update service. Unfortunately for organizational editions, these devices typically do not leverage the standard Windows Update channel and instead are managed by Windows Server Update Services or a third-party solution (or no patching solution at all!), leaving them without a reliable upgrade path.

Versions still supported for Windows 10 Education and Enterprise include:

  • 1803 – April 2018 Update – Support until November 10, 2020
  • 1809 – October 2018 Update – Support until May 11, 2021
  • 1903 – May 2019 Update – Support until December 8, 2020 (same lifecycle as consumer editions)
  • 1909 – November 2019 Update (current release) – Support until May 10, 2022
  • 2004 – April 2020 Update (TBA) – Support not yet specified but estimated Fall of 2022

Although there are additional versions these organizational editions can be consecutively upgraded to, it’s still always recommended to migrate to the latest version to receive the longest lifecycle of the operating system.

The current release (1909) is available and, as listed above, receives support until May 10, 2022; however, at the same time business editions of 1709 will be marked as unsupported, the latest 2004 update will be available. Many administrators would still recommend not to wait for the latest, but instead migrate to the current release and re-assess the latest release once it’s been released for some time.

How Syxsense Can Help

Overall, trusting Windows Server Update Services (WSUS) or other third-party patching solutions may not bring these devices to a supported version successfully. Leveraging a cloud-based solution to bring older Windows 10 devices up-to-date ensures success and standardization, whether devices are inside or outside the network.

Syxsense Manage includes the ability to migrate managed devices to any desired version of Windows 10 through the use of a Feature Update task. Simply prepare end-user installation delay and reboot options, choose the devices to target, and select a time for the upgrade that works best for these target devices. A phased deployment approach is also recommended by the industry and is always easily done with Syxsense Manage.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
March 6, 2020
Love0
|Why You Should Manage Your Endpoints|

Why You Need to Manage Your Endpoints

By Patch ManagementNo Comments

Why You Need to Manage Your Endpoints

Endpoint management is imperative today for business of all sizes. With EPP and EDR solutions available, which is the best option for your organization?

Endpoint Management is More Critical than Ever

Not every security or IT team has a confident endpoint management strategy. A recent survey of 1,000 IT professionals found that, while 88 percent of respondents acknowledged the importance of endpoint management, nearly a third didn’t know how many endpoint devices existed within their organization.

An endpoint is simply an Internet-capable hardware device on a TCP/IP network. The term can refer to desktop computers, laptops, smart phones, tablets, thin clients, printers, or other specialized hardware, such POS terminals, smart meters, AC control systems, thermometers, and the like. The connection of these devices to corporate networks creates attack paths for security threats. It stands to reason, then, that endpoint security is imperative today for business of all sizes.

EPP vs. EDR Solutions

 So, how can IT and security teams go about this? It starts with the overall concept of endpoint management: the ability to centrally discover, provision, deploy, update, and troubleshoot endpoint devices within an organization.

Such security tends to be split into two categories—albeit categories that are converging: Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR).

EPP is a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.

According to Cybrary, EPP is designed to detect and block threats at the device level. To achieve this, EPP tools contain other security solutions such as:

  • Antivirus
  • Anti-malware
  • Data encryption
  • Personal firewalls
  • Intrusion prevention (IPS)
  • Data loss prevention (DLP)

Traditional EPP solutions are preventative by nature, and typically use a signature-based approach to identify threats. The latest EPP solutions have, however, evolved to utilize a broader range of detection techniques.

Antivirus Software Isn’t Enough

On the other hand, says Cybrary, “EDR tools are designed to monitor and record activity on endpoints, detect suspicious behavior, security risks, and respond to internal and external threats. You can use EDR solutions to track, monitor, and analyze data on endpoints to enhance the fortification of your environment.”

The article goes on to explain that EDR tools do not replace traditional tools such as antivirus and firewalls but, instead, work with them to provide enhanced security capabilities. Since these tools protect endpoints, they can be considered a part of a broader endpoint management concept.

“In other words,” according to Cybrary, “antivirus software only protects end-user devices while EDR provides network security by authenticating log-ins, monitoring network activities, and deploying updates.”

While the capabilities of EDR solutions can vary, they all share the same primary purpose; alerting the user of suspicious activity and investigating threats in real-time to study the root of the attack and stop it.

It might seem like the distinction between EPP and EDR is straightforward, but it is not always that simple. Traditionally, EPP is thought of as a first-line defense mechanism, effective at blocking known threats. EDR, on the other hand, is seen as the next layer of security, providing additional tools to detect threats, analyze intrusions, and respond to attacks.

The Benefits of EDR Solutions

 EDR solutions tend to have four primary competencies: detect security incidents; contain the incident at the endpoint so network traffic or process execution can be remotely controlled; investigate security incidents; and remediate endpoints to a pre-infection state. Innovation, in the form of artificial intelligence (AI), allows EDR solutions to predict threats before they occur, in addition to the four competencies focused on detecting and eliminating threats.

EDR was initially positioned as a solution for large organizations with dedicated cybersecurity centers that can use the inputs provided by EDR to fight intrusion to their network. Now there is a growing acceptance that EDR capabilities are a necessity for all organizations of all sizes.

Of late, according to Cybrary, EDR providers have begun to incorporate aspects of EPPs into their products, and EPP providers to integrate basic EDR functionality in their solutions as well. Some companies are even now offering a more holistic security solution that combines EDR security and EPP security tools to provide both active and passive endpoint protection.

How Syxsense Can Help

Today, organizations have realized that the two solutions complement each other. Syxsense is one of those companies. As cybersecurity threats grow, there is more pressure than ever to stay ahead of the curve.

Syxsense Secure brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams. Our AI-driven threat protection gets you in front of any malicious cyberattack with the power of predictive technology.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
March 4, 2020
Love0
|How Cybersecurity Will Change Artificial Intelligence|||||

How Artificial Intelligence Will Change Cybersecurity

By BlogNo Comments

How Artificial Intelligence Will Change Cybersecurity

Artificial intelligence (AI) is quickly becoming integral to our personal and business lives. How will it affect cybersecurity in the next decade?

Artificial Intelligence is Growing

Artificial intelligence (AI) is quickly becoming integral to our personal and business lives. A recent article on Forbes noted that, while “machines haven’t taken over. . .  they are seeping their way into our lives, affecting how we live, work and entertain ourselves.” Apple, Tesla, Facebook, Amazon—these are just a few of the companies that have already begun to bring AI-infused products and services to the masses.

AI and automation is in use at 41 percent of companies. Another 42 percent are actively researching it, according to the 2019 IDG Digital Business Study.

According to Robotics & Automation News, “Machine learning and artificial intelligence are playing a significant role in cybersecurity. Automation tools can prevent, detect, and deal with tons of cyber threats way more efficiently and faster than humans. And it will continue to expand down the road.”

“Cybersecurity has emerged as an ideal use case for these technologies,” explains the article. “Digital business has opened a score of new risks and vulnerabilities that, combined with a security skills gap, is weighing down security teams. As a result, more organizations are looking at AI and machine learning as a way to relieve some of the burden on security teams by sifting through high volumes of security data and automating routine tasks.”

Cybersecurity and Artificial Intelligence

CPO Magazine’s just published “AI in Cybersecurity: 2020 Predictions” report concurs, writing that “the current state of AI is begging for a number of problems to be solved in order to continue effectively protecting users from malicious actors.” The extreme shortage of cybersecurity professionals is forcing many companies to leverage AI as a solution to defend their networks and make up for a lack of personnel.

Having an AI program smart enough to recognize real threats over background noise will be the real test in 2020, especially as hackers develop their own AI-powered tools.

Robert Brown, Director of Services for Syxsense, explained it this way: “Imagine being able to use AI and machine learning to identify devices that are using the internet in a country it shouldn’t be in. You could notice several user accounts that are getting locked out in a relatively short period of time, or discover a Power Shell script running on multiple machines in the same office location simultaneously.”

Being able to alert on these activities and quarantine devices until the potential threats have been reviewed is critical. It allows you to normalize safe routine activity from the activity your IT security teams are working so hard to protect you from.

Don’t Forget the People

AI might not be the total answer. It might be all about combining human intelligence with machine learning and AI tools. With an estimated 3.5 million cybersecurity positions expected to go unfilled by 2021 and security breaches increasing some 80 percent each year, combining human intelligence with machine learning and artificial intelligence tools becomes critical to closing the talent availability gap.

Although AI and automation will play a critical role in relieving overburdened IT security teams, organizations will still require highly skilled individuals to perform high-level analysis and remediation activities. Additionally, there will be training required for machine learning to be effective.

Dark Reading observes that the combination of big data, AI, and strict privacy regulations is going to cause headaches for companies until “security and privacy professionals start innovating better ways to shield the kind of customer analytics that fuel a lot of AI applications today.

CIO.com reports Omo Osagiede, director, Borderless-I Consulting Ltd., as saying: “We need AI/automation, but we also need humans to teach it and leverage it.” Furthermore, the tools must be augmented by human intelligence to make correlations and decisions based on the systems’ output.

The Future of AI in Cybersecurity

All sources seem to agree, however, that 2020 could be the year that AI takes its rightful place as one of the keys to successful cybersecurity. Scott Matteson has this to say on TechRepublic: “Traditional cybersecurity tools such as mere anti-malware software or login audits aren’t going to be sufficient in 2020—additional resources will be needed to protect organizations and their employees from cyberthreats. Artificial intelligence and machine learning are making productive inroads in the cybersecurity space.”

“2020 needs to be the year where AI in cybersecurity moves beyond the hype and becomes common practice,” CIO.com quotes Tim Wulgaert, owner and lead consultant, FJAM Consulting, as saying. Further, IT and security leaders suggest that detection and identification of potential threats make ideal initial use cases for AI and automation.

Turn to Syxsense for More Secure Endpoints

  • Syxsense Secure is a “one-stop-shop” with vulnerability scanning, patch management, and endpoint detection and response in one package. Available as a standalone software product or alongside managed services from our expert team.
  • Syxsense Manage offers additional endpoint, OS, and patch management oversight to complete the picture of powerful and wide-ranging threat management.

Begin your organization’s journey toward airtight endpoint security with a free trial of Syxsense’s products and services.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
March 4, 2020
Love0