Skip to main content
Monthly Archives

December 2020

|||

Syxsense Confirms There is Zero SolarWinds® Orion® In Environment

By Press ReleaseNo Comments

Syxsense Confirms There is Zero SolarWinds® Orion® In Environment

Syxsense officially confirms that there is zero SolarWinds® software present in its environment in any classification of device.

SolarWinds® Orion® Is Not Present In Syxsense

Syxsense, a global leader in IT and security management solutions, has announced that it can confirm there is zero SolarWinds software in its environment, is not a SolarWinds customer and does not use any of its software. In light of the recent SolarWinds Orion vulnerability, many organizations are auditing their third-party vendors. Syxsense can confirm that there is zero SolarWinds software present in its environment in any classification of device. Furthermore, any organization wanting to detect the vulnerable SolarWinds .dll on their devices can start a Syxsense trial.

The Syxsense Inventory scanner can quickly identify devices with SolarWinds software. Simply run an inventory query for SolarWinds or Inventory Software Report to see a list of all endpoints with SolarWinds software installed. Syxsense’s software distribution features can also be helpful to initiate uninstalls of SolarWinds.

The Syxsense Secure platform uses Syxsense Realtime functions to dynamically scan all endpoints for SolarWinds software, including scanning the hard drives in real-time to look for the compromised “SolarWinds.Orion.Core.BusinessLayer.dll” by name or file hash, quarantining devices to stop lateral movement and thereby protecting the network. With added security, Syxsense blocks the execution of SolarWinds software until a security evaluation of potentially exposed endpoints can be completed.

Syxsense Can Detect the SolarWinds® Orion® Vulnerability in Other Organizations

Organizations wanting to scan their environment for the SolarWinds® Orion® vulnerability are urged to start a free, fully-featured trial of Syxsense for up to 100 devices for 14 days.

More information on the software and trial can be found here.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
December 22, 2020
Love0
||

Identifying Endpoints with SolarWinds® Orion® Software

By BlogNo Comments

Identifying Endpoints with SolarWinds® Orion® Software

There has been a significant hack linked to security vulnerabilities in SolarWinds® Orion® software

Syxsense Allows Users to Scan for SolarWinds® Orion® Vulnerability

By now, everyone should be aware of the significant hack linked to security vulnerabilities in SolarWinds® Orion® software – https://www.solarwinds.com/securityadvisory.

The team at Syxsense has received requests asking if Syxsense Manage and Secure can help identify endpoints that might have SolarWinds software installed.

The Syxsense inventory scanner can quickly identify devices with SolarWinds software. Simply run an inventory query for SolarWinds or Inventory Software Report to see a list of all endpoints with SolarWinds software installed. Syxsense’s software distribution features can also be helpful to initiate uninstalls of SolarWinds.

The Syxsense Secure platform uses Syxsense Realtime functions to dynamically scan all endpoints for SolarWinds software, including scanning the hard drives in real-time to look for the compromised “SolarWinds.Orion.Core.BusinessLayer.dll” by name or file hash, quarantining devices to stop lateral movement and thereby protecting the network. With added security, Syxsense blocks the execution of SolarWinds software until a security evaluation of potentially exposed endpoints can be completed.

 

For technical details on how the SolarWinds Compromise and SUNBURST Backdoor work, we recommend reading a report from IT Security Company FIREEYE – https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
December 16, 2020
Love0

Watch the Webcast: December Patch Tuesday

By Patch Management, Patch TuesdayNo Comments

Watch the Webcast: December Patch Tuesday

Watch this week's webcast to hear IT industry experts discuss strategies for tackling Microsoft's December Patch Tuesday updates.

December Patch Tuesday 2020

What’s your December patch strategy?

Our webcast will show you how to prioritize the latest updates for this month’s Microsoft Patch Tuesday. We’ll do a deep dive into each of the bulletins and show you how to navigate the risks of newly-identified vulnerabilities.

Our team of IT management experts have deployed over 100 million patches. Watch our free webinar to get industry-leading patch management strategies delivered right to your desk.

View the Webcast

What You Need to Know: December Patch Tuesday

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
December 9, 2020
Love0
||

December Patch Tuesday 2020 Fixes 58 Vulnerabilities

By News, Patch Management, Patch TuesdayNo Comments

December Patch Tuesday 2020 Fixes 58 Vulnerabilities

December Patch Tuesday has arrived with 58 security gaps remediated, including 22 remote code execution vulnerabilities.

December Patch Tuesday Arrives with 58 Fixes

To end the year, Microsoft has remediated 58 bugs including 9 Critical, 46 Important and 3 Moderate. Microsoft has fixed over 1,200 vulnerabilities to date, more than any other year.

Fixes this month included Microsoft Windows, Edge (Edge HTML-based), Chakra Core, Microsoft Office and Office Services and Web Apps, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere.

However, there were surprisingly no fixes for Internet Explorer — could there be a last minute out-of-band for December? We will have to wait and see.

There were just shy of half the fixes compared to November, which was a record high of 112 vulnerabilities.

There have also been Windows 7 and Windows Server 2008 (including R2) vulnerabilities for extended support subscribers. Windows 7 and Windows Server 2008 (including R2) both have 9 vulnerabilities: all Important.

Robert Brown, Director of Services for Syxsense said, “We were told there would not be any preview updates this month to reduce the holiday burden on IT departments, but we are surprised not to see any Internet Explorer fixes in here and only 1 for Edge. Stay vigilant as there may be last minute OOB updates before New Year.”

Top December Patches and Vulnerabilities

1. CVE-2020-17132 & CVE-2020-17142: Microsoft Exchange Remote Code Execution Vulnerability

  • CVSS Score 9.1 making this one of the top 3 highest vulnerabilities to prioritize this month. No countermeasure is available.
  • If a hacker can take over a single mailbox, they can take over the entire Exchange server. These two updates are the highest rated alongside several other fixes for Exchange so this should be your highest priority if you are still using Exchange.
  • Affects Exchange 2016 & 2019
  • Workaround: None

2. CVE-2020-17158: Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

  • CVSS score of 8.8 making this joint top 2 highest vulnerabilities to prioritize this month, no countermeasure is available
  • Exploitation: More Likely
  • Attack Complexity: Low
  • User Interaction: None

3. CVE-2020-17121: Microsoft SharePoint Remote Code Execution Vulnerability

  • CVSS score of 8.8 with no countermeasure
  • Exploitation: More Likely
  • Affects SharePoint 2010, 2013, 2016 & 2019
  • Attack Vector: In a network-based attack an attacker can gain access to create a site and could execute code remotely within the kernel.
  • Integrity: There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any / all files at will.

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month; please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Reference Description Vendor Severity CVSS Score Workaround Publicly Aware Weaponised Syxscore Recommended
CVE-2020-17132 Microsoft Exchange Remote Code Execution Vulnerability Critical 9.1 No No No Yes
CVE-2020-17142 Microsoft Exchange Remote Code Execution Vulnerability Critical 9.1 No No No Yes
CVE-2020-17152 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2020-17158 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2020-17121 Microsoft SharePoint Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2020-17143 Microsoft Exchange Information Disclosure Vulnerability Important 8.8 No No No Yes
CVE-2020-17147 Dynamics CRM Web client Cross-site Scripting Vulnerability Important 8.7 No No No Yes
CVE-2020-17095 Hyper-V Remote Code Execution Vulnerability Critical 8.5 No No No Yes
CVE-2020-17141 Microsoft Exchange Remote Code Execution Vulnerability Important 8.4 No No No Yes
CVE-2020-17144 Microsoft Exchange Remote Code Execution Vulnerability Important 8.4 No No No Yes
CVE-2020-17118 Microsoft SharePoint Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2020-17140 Windows SMB Information Disclosure Vulnerability Important 8.1 No No No Yes
CVE-2020-17115 Microsoft SharePoint Spoofing Vulnerability Moderate 8 No No No Yes
CVE-2020-17117 Microsoft Exchange Remote Code Execution Vulnerability Critical 6.6 No No No Yes
CVE-2020-17131 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-17137 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-17122 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-17123 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-17125 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-17127 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-17128 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-17129 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-17124 Microsoft PowerPoint Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-17159 Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-17150 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-17148 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-17156 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-16958 Windows Backup Engine Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-16959 Windows Backup Engine Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-16960 Windows Backup Engine Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-16961 Windows Backup Engine Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-16962 Windows Backup Engine Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-16963 Windows Backup Engine Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-16964 Windows Backup Engine Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-17134 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-17136 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-17092 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-17139 Windows Overlay Filter Security Feature Bypass Vulnerability Important 7.8 No No No
CVE-2020-17096 Windows NTFS Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2020-17002 Azure SDK for C Security Feature Bypass Vulnerability Important 7.4 No No No
CVE-2020-17160 Azure Sphere Security Feature Bypass Vulnerability Important 7.4 No No No
CVE-2020-16971 Azure SDK for Java Security Feature Bypass Vulnerability Moderate 7.4 No No No
CVE-2020-17089 Microsoft SharePoint Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2020-17103 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-17099 Windows Lock Screen Security Feature Bypass Vulnerability Important 6.8 No No No
CVE-2020-16996 Kerberos Security Feature Bypass Vulnerability Important 6.5 No No No
CVE-2020-17133 Microsoft Dynamics Business Central/NAV Information Disclosure Important 6.5 No No No
CVE-2020-17130 Microsoft Excel Security Feature Bypass Vulnerability Important 6.5 No No No
CVE-2020-17119 Microsoft Outlook Information Disclosure Vulnerability Important 6.5 No No No
CVE-2020-17135 Azure DevOps Server Spoofing Vulnerability Important 6.4 No No No
CVE-2020-17126 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-17094 Windows Error Reporting Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-17138 Windows Error Reporting Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-17098 Windows GDI+ Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-17145 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability Important 5.4 No No No
CVE-2020-17120 Microsoft SharePoint Information Disclosure Vulnerability Important 5.3 No No No
CVE-2020-17153 Microsoft Edge for Android Spoofing Vulnerability Moderate 4.3 No No No
CVE-2020-17097 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 3.3 No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
December 9, 2020
Love0
||

Syxsense Announces New Asia Expansion

By Press ReleaseNo Comments

Syxsense Announces New Asia Expansion

Syxsense, a global leader in IT and security management solutions, has officially announced support for two new Asian languages.

New Language Support Added to Syxsense

Syxsense, a global leader in IT and security management solutions, announces support for two new Asian languages.

As Syxsense continues to expand internationally, supporting larger global customers, they’ve added additional language support for Japanese and Korean. Support for the new countries will be delivered from Syxsense’s US and Australian headquarters.

The additional languages supported by Syxsense expands its already global footprint. Syxsense currently has offices in the US, UK and Australia, supporting clients in Asia, Africa, Europe and the Americas.

Support for the new languages comes at a time when millions of workers are remote due to Coronavirus lockdowns, creating a cyber security risk. Several clients recently reviewed Syxsense on Gartner-owned Capterra, commenting on Syxsense’s ability to manage and secure remote workers:

  • “I’ve been able to address Windows patching for staff who no longer come into our network due to Covid-19, as well as software patching capabilities. Remote management has also been helpful as well as basic system review/maintenance in the background without the user’s input.” – Director of IT, Hospital & Health Care
  • “Being able to monitor inventory, processes, patching and queries in real-time have really helped keep our environment secure and up to date. This has been very important as remote working has increased across the board.” – IT Desktop Administrator, Non-Profit Organization Management
  • “We were starting to see issues keeping our devices up to date prior to Covid but when Covid hit and we were no longer seeing devices in the office. Syxsense was a life saver! It has allowed us to keep eyes on our devices and ensure that they are fully patched against vulnerabilities. The remote-control feature has allowed us to get to devices that we can’t access via VPN.” – Systems Administrator, Utilities
  • “Our company had a problem with management of users working from home. If they did not connect to VPN there was not a lot we could do to keep the machine patched and secure. Ever since we installed the Syxsense agent on all our machines we can keep them up to date and connect to them with one click from the dashboard.” – Systems Administrator, Computer Software

Syxsense is offering free, fully-featured trials for up to 100 devices for 14 days. More information on the software and trial can be found here.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
December 2, 2020
Love0