Skip to main content
Monthly Archives

July 2020

|BootHole Vulnerability Details

New BootHole Vulnerability Affects Billions of Devices

By NewsNo Comments

New BootHole Vulnerability Affects Billions of Devices

The BootHole vulnerability impacts billions of Windows and Linux devices due to a serious bug within the GRUB2 bootloader.

BootHole Vulnerability Severely Impacts Billions of Devices

Billions of Windows and Linux devices across the globe are vulnerable due to a serious bug within the GRUB2 bootloader, researchers at Eclypsium revealed on Wednesday.

The vulnerability, dubbed BootHole (CVE-2020-10713), has a CVSS score of 8.2 and Eclypsium has stated that it indeed affects ALL operating systems that use GRUB2 (Grand Unified Bootloader version 2) with Secure Boot. Secure Boot is an industry standard that ensures that a device boots using only trusted software. It’s a process where the device uses cryptographic checks to make sure the boot process loads only securely signed firmware components. Additionally, this not only affects just Windows and Linux, but potentially macOS and BSD-based systems as well.

“The vulnerability is in the GRUB2 bootloader utilized by most Linux systems,” the researchers stated. “The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority.”

“The GRUB2 config file is a text file and typically is not signed like other files and executables,” researchers stated on Wednesday. This means that Secure Boot doesn’t necessary check it and in turn allows an attacker to modify the contents of the GRUB2 config file to include malicious code. This is also extremely dangerous since the file is loaded well before the operating system is, so the attack code runs first. “In this way, attackers gain persistence on the device.”

How BootHole Vulnerability Affects Windows and Linux Users

The illustration below shows a very simplified explanation of the BootHole attack, where attackers can exploit the code from one or more options to execute malicious commands within the GRUB2 component.

How to Stop BootHole Attacks

“Mitigation is complex and can be risky and will require the specific vulnerable program to be signed and deployed, and vulnerable programs should be revoked to prevent adversaries from using older, vulnerable versions in an attack,” the researchers noted. “The three-stage mitigation process will likely take years for organizations to complete patching.”

Although it doesn’t appear to be an easy fix at this time, Eclypsium did provide 5 recommendations to the industry:

  1. Right away, start monitoring the contents of the bootloader partition (EFI system partition). This will buy time for the rest of the process and help identify affected systems in your environment. For those who have deployed the Eclypsium solution, you can see this monitoring under the “MBR/Bootloader” component of a device.
  2. Continue to install OS updates as usual across desktops, laptops, servers, and appliances. Attackers can leverage privilege escalation flaws in the OS and applications to take advantage of this vulnerability so preventing them from gaining administrative level access to your systems is critical. Systems are still vulnerable after this, but it is a necessary first step. Once the revocation update is installed later, the old bootloader should stop working. This includes rescue disks, installers, enterprise gold images, virtual machines, or other bootable media.
  3. Test the revocation list update. Be sure to specifically test the same firmware versions and models that are used in the field. It may help to update to the latest firmware first in order to reduce the number of test cases.
  4. To close this vulnerability, you need to deploy the revocation update. Make sure that all bootable media has received OS updates first, roll it out slowly to only a small number of devices at a time, and incorporate lessons learned from testing as part of this process.
  5. Engage with your third-party vendors to validate they are aware of, and are addressing, this issue. They should provide you a response as to its applicability to the services/solutions they provide you as well as their plans for remediation of this high rated vulnerability.

The researchers concluded, “While Secure Boot is easily taken for granted by most users, it is the foundation of security within most devices. Once compromised, attackers can gain virtually complete control over the device, its operating system, and its applications and data.”

Protect Your Organization

Even though no accessible patches are available at this time, the recommendation is clear to install all operating system and application updates across all vulnerable devices. Syxsense Manage and Syxsense Secure can easily resolve outstanding updates across the environment for Windows, Linux, and Mac devices, ensuring that subsequent vulnerabilities are first addressed.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Google Chrome Fixes 8 Security Vulnerabilities

By Patch ManagementNo Comments

Google Chrome Fixes 8 Security Vulnerabilities

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution.

New Chrome Vulnerabilities Discovered

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted web page.

This vulnerability has been given a CVSS score of 9.8 which indicates it should be installed as a priority, and although has not been officially given Out of Band status, we feel it should be treated as such.

Resolved Chrome Vulnerabilities

The vulnerabilities fixed are as follows:

  • CVE-2020-6537: Type Confusion in V8
  • CVE-2020-6538: Inappropriate implementation in WebView
  • CVE-2020-6532: Use after free in SCTP
  • CVE-2020-6539: Use after free in CSS
  • CVE-2020-6540: Heap buffer overflow in Skia
  • CVE-2020-6541: Use after free in WebUSB

The stable channel has been updated to 84.0.4147.105 for Windows, Mac, and Linux and is available for deployment in the Syxsense console.

Keep Your Organization Protected

Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers.

In this unpredictable time, detecting software vulnerabilities isn’t enough. Traditional security scanners only do half the job by identifying and tracking possible vulnerabilities and exposure without eliminating the risk.

Combining security scanning and patch management in a single console, our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans. Insights into the OS misconfigurations and compliance violations reduce your attack surface and increase peace of mind.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Watch the Webcast: July Patch Tuesday

By Patch Management, Patch Tuesday, VideoNo Comments

Watch the Webcast: What You Need to Know For July Patch Tuesday

Watch the recording of our latest webcast to hear industry experts dive into July Patch Tuesday and prioritizing the latest updates.

Prioritize July Patch Tuesday Vulnerabilities

As the IT landscape continues to change, it’s never been more important to have a solid Patch Tuesday strategy.

Our webcast will show you how to prioritize the latest updates for this month’s Microsoft Patch Tuesday. We’ll do a deep dive into each of the bulletins and show you how to navigate the risks of newly-identified vulnerabilities.

Our team of IT management experts have deployed over 100 million patches. Join our free webinar to get industry-leading patch management strategies delivered right to your desk.

View the Webcast

What You Need to Know: July Patch Tuesday

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Microsoft July Patch Tuesday Resolves 123 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

Microsoft July Patch Tuesday Resolves 123 Vulnerabilities

Microsoft's Patch Tuesday has arrived with 123 security fixes across 13 products, including a major wormable bug in the Windows Server DNS component.

July Patch Tuesday Arrives With Over 120 Updates

July Patch Tuesday has 123 vulnerabilities remediated, including 18 Critical with the remaining 105 marked Important. After next month, Microsoft will have released more updates than all of 2019 combined.

If you tuned in to last month’s Patch Tuesday, you would have learned Microsoft resolved an astonishing 129 vulnerabilities breaking all known records for the number of fixes released in a single month.

Support for Windows 7 and Windows Server 2008 (including R2) officially ended after January 14, but there are 35 vulnerabilities remediated for customers who purchased an extension agreement. 6 are Critical and 29 are Important, including the Remote Desktop Client vulnerability below which is very important.

Robert Brown, Director of Services for Syxsense said, “The Hijacking vulnerability announced on Friday could not have come at a worse time being so close to the July Patch Tuesday. Today we learned that very version has an elevation of privilege vulnerability. With OneDrive being closely integrated into the Microsoft real-estate, can you afford not to protect your remote workforce?”

Important Patch Tuesday Vulnerabilities

1. CVE-2020-1350

With a CVSS score of 10.0, this DNS Server has the highest independently-scored threat this month. However, it does have a countermeasure that can be deployed by modifying a registry key on each server. This requires the DNS service to be restarted in order for the countermeasure to take effect.

This could be difficult with these servers being highly distributed. This is not currently Public Aware or Weaponised, but exploitation is extremely likely, making it our top vulnerability of the month.

 

2. CVE-2020-1463

Media streaming is usually disabled on Windows 10 devices, but with so many users working from home, it is now more likely to be used in the enterprise. This elevation of privilege could be exposed by streaming videos within Microsoft Stream or Yammer containing a specially crafted application. The method to expose this has been made Public, which means this could become Weaponized very soon.

 

3. CVE-2020-1374

This vulnerability impacts Remote Desktop Client, still used by many organizations to support staff both from within the network and at home. Although this vulnerability doesn’t have the highest CVSS score (7.5), the technology is regularly used and exploited, so we highly recommend prioritizing this update. The exploit requires a sophisticated sequence of events to take place, but it can be exploited via a simple network with ‘None’ privileges required.

 

4. CVE-2020-1465

A new version of OneDrive was recently released to resolve a hijacking vulnerability. Version 20.073.0409.0003 should have been installed without delay, however an additional vulnerability has been discovered causing an elevation of privilege.

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Syxsense Recommendations

Based on the vendor severity and CVSS score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

 

Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Counter-measure Syxsense Recommended
CVE-2020-1463 Windows Shared Stream Library Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability Critical 10 No No Yes Yes
CVE-2020-1408 Microsoft Graphics Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2020-1435 GDI+ Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2020-1436 Windows Font Library Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2020-1032 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Critical 8 No No No Yes
CVE-2020-1036 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Critical 8 No No No Yes
CVE-2020-1040 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Critical 8 No No No Yes
CVE-2020-1041 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Critical 8 No No No Yes
CVE-2020-1042 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Critical 8 No No No Yes
CVE-2020-1043 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Critical 8 No No No Yes
CVE-2020-1409 DirectWrite Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2020-1410 Window Address Book Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2020-1424 Windows Update Stack Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1421 LNK Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-1374 Remote Desktop Client Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-1403 VBScript Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-1147 .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-1025 Microsoft Office Elevation of Privilege Vulnerability Critical TBC No No No Yes
CVE-2020-1349 Microsoft Outlook Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-1439 PerformancePoint Services Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-1465 Microsoft OneDrive Elevation of Privilege Vulnerability Important TBC No No No Yes
CVE-2020-1469 Bond Denial of Service Vulnerability Important TBC No No No
CVE-2020-1240 Microsoft Excel Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-1342 Microsoft Office Information Disclosure Vulnerability Important TBC No No No
CVE-2020-1445 Microsoft Office Information Disclosure Vulnerability Important TBC No No No
CVE-2020-1458 Microsoft Office Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-1450 Microsoft Office SharePoint XSS Vulnerability Important TBC No No No
CVE-2020-1451 Microsoft Office SharePoint XSS Vulnerability Important TBC No No No
CVE-2020-1456 Microsoft Office SharePoint XSS Vulnerability Important TBC No No No
CVE-2020-1449 Microsoft Project Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-1454 Microsoft SharePoint Reflective XSS Vulnerability Important TBC No No No
CVE-2020-1444 Microsoft SharePoint Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-1443 Microsoft SharePoint Spoofing Vulnerability Important TBC No No No
CVE-2020-1446 Microsoft Word Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-1447 Microsoft Word Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-1448 Microsoft Word Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-1442 Office Web Apps XSS Vulnerability Important TBC No No No
CVE-2020-1326 Team Foundation Server Cross-site Scripting Vulnerability Important TBC No No No
CVE-2020-1416 Visual Studio Code Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-1481 Visual Studio Code Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-1400 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-1401 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-1407 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-1461 Microsoft Defender Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1402 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1396 Windows ALPC Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1359 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1375 Windows COM Server Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1368 Windows Credential Enrolment Manager Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1393 Windows Diagnostics Hub Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1418 Windows Diagnostics Hub Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1392 Windows Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1394 Windows Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1395 Windows Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1365 Windows Event Logging Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1371 Windows Event Logging Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1355 Windows Font Driver Host Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-1085 Windows Function Discovery Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1381 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1382 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1356 Windows iSCSI Target Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1336 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1411 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1372 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1346 Windows Modules Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1373 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1390 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1363 Windows Picker Platform Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1360 Windows Profile Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1249 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1353 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1370 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1399 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1404 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1413 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1414 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1415 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1422 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1347 Windows Storage Services Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1423 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1357 Windows System Events Broker Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1354 Windows UPnP Device Host Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1430 Windows UPnP Device Host Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1352 Windows USO Core Worker Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1344 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1362 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1369 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1412 Microsoft Graphics Components Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2020-1431 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2020-1405 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2020-1364 Windows Wallet Service Denial of Service Vulnerability Important 7.1 No No No
CVE-2020-1384 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1388 Windows Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1429 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1427 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1428 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1438 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1406 Windows Network List Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1437

Windows

||

Hijacking Vulnerability Discovered in Microsoft OneDrive

By Patch ManagementNo Comments

Hijacking Vulnerability Discovered in OneDrive

Microsoft cloud storage solution “OneDrive” has been found to contain a vulnerability in version 19.232.1124.0010 which could allow it to be hijacked.

Don’t Wait to Update OneDrive

Microsoft cloud storage solution, OneDrive, has been found to contain a vulnerability in version 19.232.1124.0010 which could allow it to be hijacked. We recommend upgrading OneDrive to 20.073.0409.0003 as quickly as possible.

All it takes to exploit is adding a specially crafted DLL into the %LOCALAPPDATA% directory on the PC. When OneDrive is launched, it will run the DLL and infect the system. It will have all the privileges as the users using OneDrive.

Robert Brown, Director of Services for Syxsense said, “The vulnerability and method to expose this threat has been made ‘Public Aware’ meaning there could be little time before this vulnerability becomes Weaponized. Ahead of next week’s Patch Tuesday, upgrade OneDrive right now and do not wait until after the weekend.”

Keep Your Organization Protected

Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers.

In this unpredictable time, detecting software vulnerabilities isn’t enough. Traditional security scanners only do half the job by identifying and tracking possible vulnerabilities and exposure without eliminating the risk.

Combining security scanning and patch management in a single console, our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans. Insights into the OS misconfigurations and compliance violations reduce your attack surface and increase peace of mind.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Microsoft Releases 6 Non-Security Updates for Office

By Patch ManagementNo Comments

Microsoft Releases 6 Non-Security Updates for Office

Microsoft has officially released six updates for Microsoft Office, and the latest version of Microsoft Edge as specific enhancements to the Office Suite.

New Microsoft Office Updates

On the first Patch Tuesday for the month of July, Microsoft have released 6 updates for Microsoft Office, and released their latest version of Microsoft Edge.  Although these updates are not directly related to resolve specific security vulnerabilities, they offer specific enhancements to the Office Suite.

Improvements

  1. When you open an office file from SharePoint or OneDrive for Business (OD4B) by using Office clients, the modified date and time are displayed in Coordinated Universal Time (UTC) instead of local time.
  2. Updated version of Microsoft Skype for Business 2016.
  3. This update adds a business bar notification to let users know that a file contains modern comments that they can’t access (view, add, or edit) in PowerPoint 2013.

Fixes

  1. A hang or delay issue occurs when you open Word document files with custom XML values that contain many spaces.
  2. Fixes an issue that the peek view in Outlook’s calendar occasionally fails to display.
  3. Fixes an issue in which Excel will become unresponsive after you use Ctrl+Shift+Arrow keys to scroll when the Excel window is shared through Teams.

The full list of updates can be found within the Syxsense console and are ready for deployment.

  1. Update for Microsoft Office 2016 (KB4484439)
  2. Update for Microsoft Office 2016 (KB4484174)
  3. Update for Microsoft Excel 2016 (KB4484437)
  4. Update for Skype for Business 2016 (KB4484326)
  5. Update for Microsoft Office 2013 (KB4484442)
  6. Update for Microsoft PowerPoint 2013 (KB4484349)

Keep Your Organization Protected

Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers.

In this unpredictable time, detecting software vulnerabilities isn’t enough. Traditional security scanners only do half the job by identifying and tracking possible vulnerabilities and exposure without eliminating the risk.

Combining security scanning and patch management in a single console, our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans. Insights into the OS misconfigurations and compliance violations reduce your attack surface and increase peace of mind.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo