Skip to main content
Monthly Archives

September 2020

||

Windows XP Source Code Leak Could Lead to Disaster

By NewsNo Comments

Windows XP Source Code Leak Could Lead to Disaster

Source code for Windows XP and Windows Server 2003 has leaked publicly for the first time. The gate for cybercriminals is wide open.

Why the Windows XP Source Code Leak is Critical

A security insider has announced that the entire code for Microsoft operating systems MS DOS 6.0, Windows 2000, Windows CE 3, Windows CE 4, Windows CE 5, Windows Embedded 7, Windows Embedded CE, Windows NT 3.5, Windows NT 4, Windows XP and Server 2003 have been leaked on the dark web. So far, Microsoft has failed to dismiss that this is the real source code.

Every operating systems designed since MS-DOS has been based, even in part, on the previous operating system.

If a hacker were to review the old code, they could find ways to exploit any supported Windows version. This includes Windows 10, which could lead to weaponized exploits. These are the worst types of attacks as it requires the vendor to release a patch in the form of a zero-day vulnerability.

What to Do About the Source Code Leak

It is highly recommended by both Syxsense and other security advisories, such as US Homeland Security and the UK National Cyber Security Centre, to ensure all software is up to date, including operating systems. Any obsolete software that is no longer supported by the vendor should be upgraded or uninstalled.

Syxsense Secure offers a sophisticated vulnerability scanner which can detect obsolete software that needs to be upgraded within your environment. Syxsense even provides the links to the latest software to help clients fast-track every step of the process.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Government Orders Agencies to Patch Zerologon Vulnerability Immediately

By Blog, NewsNo Comments

Government Orders Agencies to Patch Zerologon Vulnerability Immediately

The Department of Homeland Security's cybersecurity division has declared an emergency directive for patching the Zerologon vulnerability.

Homeland Security Issues Emergency Alert for Zerologon

The Department of Homeland Security’s cybersecurity division (CISA) has ordered federal civilian agencies to install a security patch for Windows Servers by Monday, citing “unacceptable risk” posed by the vulnerability to federal networks.

Declared via an emergency directive, the DHS order was issued via a rarely-used legal mechanism through which US government officials can force federal agencies into taking various actions.

The Zerologon vulnerability allows attackers that have a grasp on an internal network to hijack Windows Servers running as domain controllers and take over the entire network. It has been independently ranked with a CVSS score of 10.0, which is the highest possible rating. Deployment of this patch is essential.

Why the Zerologon Needs to Be Patched Immediately

Microsoft included fixes for the Zerologon vulnerability in the August Patch Tuesday update. Most IT professionals did not know how bad the bug really was until seeing a recent report from Secura and the weaponized proof-of-concepts that went public shortly afterward.

The widespread use of Windows Servers as domain controllers in US government networks, the 10 out of 10 severity rating for Zerologon, and the danger of a successful attack is what determined DHS officials to issue a rare emergency directive late Friday afternoon.

“CISA [Cybersecurity and Infrastructure Security Agency] has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action,” DHS CISA said in Emergency Directive 20-04.

The short deadline for applying security updates is primarily due to the ease of exploitation and severe consequences of a successful Zerologon attack. Although the directive applies to executive branch departments and agencies, the CISA also “strongly recommends” that the private sector take immediate action as well.

How to Patch Zerologon

We recommend deploying this update as soon as possible. Customers of Syxsense can easily patch the vulnerability by simply searching for CVE-2020-1472 within Patch Manager. Syxsense Manage and Syxsense Secure can easily deploy updates across your environment for Windows, Linux, and Mac devices. Automatically stay up-to-date and keep your environment secure with a simple and powerful solution.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|Zerologon Vulnerability|

Patch Now: Zerologon Vulnerability Being Weaponized

By News, Patch ManagementNo Comments

Patch Now: Zerologon Vulnerability Being Weaponized

Microsoft has patched the Zerologon vulnerability, an extremely dangerous bug that allows attackers to take over enterprise networks.

Zerologon Vulnerability Lets Attackers Hijack Windows Domain Controller

CVE-2020-1472 was originally released on August 11 and relates to an elevation of privilege bug used by the Netlogon Remote Protocol.

We were told this would come as a two-part solution. The first patch was made available in the August Patch Tuesday to address the server side fix, and a further fix would be released in Q1 of 2021. However, we have discovered that the vulnerability has already been weaponized in a lab, which means the severity of this vulnerability should not be taken for granted.

Why Patching Zerologon is Critical

There are several elements to Zerologon which makes it such a high priority. It has been independently ranked with a CVSS score of 10.0, which is the highest possible rating and has no countermeasures are available, which means deployment of the patch is essential to alleviate the risk.

Along with the US-CERT partner Cybersecurity & Infrastructure Security Agency, we are recommending this be treated as a zero-day vulnerability.

How to Patch the Zerologon Vulnerability

We recommend deploying this update as soon as possible. Customers of Syxsense can easily patch the vulnerability by simply searching for CVE-2020-1472 within Patch Manager.

Syxsense Manage and Syxsense Secure can easily deploy updates across your environment for Windows, Linux, and Mac devices. Automatically stay up-to-date and keep your environment secure with a simple and powerful solution.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Watch the Webcast: September Patch Tuesday

By Patch Management, Patch TuesdayNo Comments

Watch the Webcast: What You Need to Know For September Patch Tuesday

Watch this week's webcast to hear IT industry experts discuss strategies for tackling Microsoft's September Patch Tuesday updates.

September Patch Tuesday 2020

What’s your September patch strategy?

Our webcast will show you how to prioritize the latest updates for this month’s Microsoft Patch Tuesday. We’ll do a deep dive into each of the bulletins and show you how to navigate the risks of newly-identified vulnerabilities.

Our team of IT management experts have deployed over 100 million patches. Watch our free webinar to get industry-leading patch management strategies delivered right to your desk.

View the Webcast

What You Need to Know: September Patch Tuesday

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Microsoft August Patch Tuesday Fixes 120 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

Microsoft August Patch Tuesday Fixes 120 Vulnerabilities

Microsoft released updates to resolve at least 120 security issues, including two actively exploited zero-day vulnerabilities.

August Patch Tuesday Arrives with Two Major Vulnerabilities

Microsoft has officially rolled out the latest August Patch Tuesday updates. There are 120 vulnerabilities remediated, including 17 Critical with the remaining 103 marked Important. Microsoft has surpassed the entire bug list of 2019 isn’t showing any sign of slowing down.

Windows 7 & Windows Server 2008 (including R2) Post January 14 Updates

  • Windows 7 (extended support ESU): 52 vulnerabilities, Critical and 48 Important
  • Windows Server 2008 R2 (extended support ESU): 41 vulnerabilities, 5 Critical and 36 Important

With this year’s release cadence, we believe the number of addressed vulnerabilities will become the new normal for Patch Tuesday. It is highly likely that it will not drop much lower due to the number of supported Windows 10 Feature Updates still under mainstream support. IT professionals should review their patching strategy to ensure their toolset and selection criteria are built for efficiency, especially if they have a highly-distributed workforce.

Top Patch Tuesday Vulnerabilities

CVE-2020-1380 – This Critically rated vulnerability is weaponized. Exploits have been detected and there are no counter-measures available. This is an Internet Explorer 11 vulnerability affecting nearly every Microsoft OS. The vulnerability could allow memory to be corrupted, enabling the system to be exploited with the same rights as the logged-on user. We have made this our number one choice due to the vendor severity, CVSS score, and weaponized status. Although it’s not officially recognized, this should be considered a zero-day vulnerability. 

CVE-2020-1464 – This Important rated vulnerability is both weaponized and publicly aware. This file signature vulnerability isn’t likely to be used to exploit a system. However, if successful, the security features of all Windows OS could load signed files properly and cause widescale system instability or crashing. This should also be considered a zero-day vulnerability.

CVE-2020-1585 – Carrying a CVSS score of 8.8, this vulnerability should be familiar to anyone who follows out-of-band updates. This vulnerability is similar to CVE-2020-1425 which we have highlighted previously. Based on our experience actors are always trying to use both new and established ways to hack into devices.

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo