Skip to main content
Monthly Archives

January 2021

||

Linux Vulnerabilities of the Week: January 29, 2021

By UncategorizedNo Comments

Linux Vulnerabilities of the Week: January 29, 2021

Are you caught up on January's Linux vulnerabilities? See this week's top issues and keep your IT environment protected.

1. Samba update for Amzn1 (Amazon AWS), Red Hat Enterprise 6, 7, 8 & Red Hat Storage 3

Vendor Severity: Critical
CVSS Score: 10

A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator privileges.

CVE Reference(s): CVE-2020-14318, CVE-2020-14323, CVE-2020-1472

2. Libxslt update for Amzn1 (Amazon AWS)

Vendor Severity: Medium
CVSS Score:
9.8

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. (CVE-2019-11068).

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn’t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. (CVE-2019-18197).

CVE Reference(s): CVE-2019-11068, CVE-2019-18197

ceph-ansible: insecure ownership on /etc/ceph/iscsi-gateway.conf configuration file (CVE-2020-25677).

CVE Reference(s): CVE-2020-25660, CVE-2020-25677, CVE-2020-27781.

3. Slurm security update for Suse Enterprise 15 SP1

Vendor Severity: Moderate
CVSS Score:
9.8

Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.

CVE Reference(s): CVE-2020-27745, CVE-2020-27746

4. Kernel security update for Oracle Linux 6 & 7

Vendor Severity: Important
CVSS Score: 8.8

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9009 advisory.

CVE Reference(s):  CVE-2020-27673, CVE-2020-29568, CVE-2020-29569, CVE-2020-28374

5. Red Hat Ceph Storage 4.2 Security and Bug Fix update for Red Hat Enterprise 7

Vendor Severity: Critical
CVSS Score:
10

ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila (CVE-2020-27781).

ceph: CEPHX_V2 replay attack protection lost (CVE-2020-25660).

ceph-ansible: insecure ownership on /etc/ceph/iscsi-gateway.conf configuration file (CVE-2020-25677).

CVE Reference(s): CVE-2020-25660, CVE-2020-25677, CVE-2020-27781.

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

What is a Vulnerability Scanner?

By BlogNo Comments

What is a Vulnerability Scanner?

Vulnerability scanning is the use of software to identify and report on security issues, implementing fixes to security holes.

What is Vulnerability Scanning?

Vulnerability scanning is the use of software to identify and report on security issues. These security issues are known as vulnerabilities, because when your security is weak, you are vulnerable to attack. This vulnerability assessment produced by the vulnerability scanner is then used to implement fixes and to remediate these vulnerabilities, making the system safe and secure.

A vulnerability scanner can have thousands of tests that it uses to probe for vulnerabilities and gather information about potential risks and problems. These tests spot holes in your security that could be exploited by hackers to access unauthorized data, steal it, sell it, or otherwise compromise your business.

The vulnerability scanner identifies and creates an inventory of all the systems connected to a network, including but not limited to desktop and laptop computers, servers, printers, virtual machines, firewalls, and switches. On every device that the vulnerability scanner identifies, it will run through its many tests and attempt to find the vulnerabilities present in each item. This includes investigating open ports and user accounts.

After the vulnerability scanner has identified and run through the tests on these systems, it will add it to its inventory, and routinely run checks of all systems in the inventory to make sure that they are continually protected against vulnerabilities.

The process of using a vulnerability scanner to search out these security holes, as well as the process of repairing those vulnerabilities, is referred to as vulnerability management.

What are Vulnerability Scanning Tools Used For?

The media and movies like to portray hacking as something that happens to large corporations through highly sophisticated and large-scale attacks. While there may be some truth to the “sophisticated” claim, the truth is that vulnerabilities are in every system, large or small, and hackers are just as likely, if not more likely, to attack small businesses. “Soft exploits” are also critical as some small businesses are unable to train staff to identify malicious emails and pop-up messages on their systems.

Whether your company relies on a proprietary software system, a cloud-based system, or even something as basic as a website through which users create accounts or pay bills, you can be the target of hackers. If anyone in your business has a computer, it can be the target of hackers. Even if your business merely uses a credit card machine connected to a cash register, you can be the target of hackers.

A breach of your system can reveal sensitive information, including the personal information of customers as well as usernames, passwords, payment information, credit information, financial documents, and personnel files. The cost of an attack like this can be enormous — it not only results in time and money invested in fixing the problem, but also it causes customers to lose trust in your business and send them fleeing to competitors.

When it comes to testing for vulnerabilities in your systems, two techniques are typically used: vulnerability scanning and penetration testing. The two are very different, and each has its pros and cons.

Benefit of Vulnerability Scanning

Vulnerability scanning’s main benefit is that it is automatic and continuously running, and operates at a lower cost than penetration testing. New security issues are identified as soon as they pop up. Penetration testing is a more manual type of testing, usually performed by consultants, which means that it is both expensive and slow.

It can occasionally find more than a vulnerability scanner, because it involves a human worker with an elevated level of understanding, but it is generally restricted to higher profile needs, and periodic use. For day-to-day work, vulnerability scanners are preferred, though there’s nothing wrong with employing both.

Generally speaking, companies that are new to vulnerability testing should begin with vulnerability scanners to regularly test against attack. Penetration tests can be used on an as-needed basis, but it should be clearly understood that a penetration test, while often more comprehensive, takes a snapshot of your systems at a single moment in time, and does not patrol the systems day-in and day-out. For that, even companies who pay for penetration testing rely on vulnerability scanners for their routine work.

Syxsense Vulnerability Scanner (Learn More)

How Vulnerability Scanning Works

Vulnerability scanners find vulnerabilities, and work within a four-part framework to manage them. These parts include identification of vulnerabilities, evaluation of the risk of the vulnerabilities, treatment of the vulnerabilities, and reporting of the vulnerabilities.

Identifying Vulnerabilities

A vulnerability scanner works to identify vulnerabilities by locating devices, software, and open ports. It is connected to a vulnerability database with which it remains in constant updating contact so that it can correlate vulnerability information in as close to real time as possible.

Vulnerability scanning can be more or less aggressive, per the user’s wishes, with the knowledge that the more aggressive a vulnerability scanner is, the more burden it will put on the system and may cause things to slow or otherwise affect the performance of the system. Vulnerability scanners can partially overcome this by running during off hours (though this can lead to the problem that some devices, such as laptops, may no longer be connected to the system during the off hours).

An alternative is adaptive vulnerability scanning, which detects changes to the network, such as when a new device (a computer, a server, a printer, or something else) is connected for the first time. When this happens, the vulnerability scanner activates automatically and searches the new system for vulnerabilities, in addition to waiting for the standard off-hours scans.

Risk Evaluation

When a vulnerability scanner is activated, it can produce a long list of vulnerabilities identified, which can be overwhelming to the IT department. Therefore, a good vulnerability scanner will triage these identifications. This ranking can determine how dangerous the vulnerability is and what kind of impact it would have if exploited, as well as how practical it would be for a hacker to actually exploit it and how easily it would be accomplished. It can also determine what existing security measures could combat the vulnerability, and it can also recognize false positives.

All of this information is given to the IT team for evaluation so that they can move forward with the next steps.

Treatment of Identified Vulnerabilities

A good vulnerability scanner, and, indeed, Syxsense’s scanner, treats the identified vulnerabilities that have been detected during the scan. There is not always an easy solution or a patch that is immediately available. In these circumstances the vulnerability scanner’s job is to notify the IT department’s security team to address the vulnerabilities manually. The team may examine the vulnerability, come up with a fix, or simply decide that the vulnerability poses so little risk that it doesn’t need a fix.

Syxsense is the only vulnerability scanner on the market currently that shows you what’s wrong and also deploys a solution to fix it. Because of this you can recognize vulnerabilities as they appear and get automated patching.

Try the Syxsense Vulnerability Scanner for Free

Syxsense’s vulnerability scanner helps you prevent cyber security attacks by scanning authorization issues, security implementation, and antivirus status. Insights into the OS misconfigurations and compliance violations reduce your attack surface and increase peace of mind.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Syxsense Announces the Release of Syxsense Cortex

By Press ReleaseNo Comments

Syxsense Announces the Release of Syxsense Cortex

Syxsense announces its release of Syxsense Cortex, a no-code interface for IT and security teams to easily perform complex, automated jobs.

Syxsense Announces the Release of Syxsense Cortex, A Next-Generation, Visual IT and Security Management Process Automation Solution

Syxsense Continues to Deliver on Its Mission to Allow IT and Security Teams to Manage and Secure Everything, Everywhere, Anytime, From the Cloud with an Ultra-Advanced IT Automation Solution

Syxsense announces its release of Syxsense Cortex, available as part of a Syxsense Secure subscription, a no-code, ultra-advanced interface for IT and security teams to easily perform complex, automated jobs with a drag-and-drop interface. This keeps organizations secure and running without the need for large teams and specialists. Syxsense Cortex’s intelligent IT automation allows IT and security teams to create complex, multi-step actions using their own rules or the Syxsense prebuilt templates without developing scripts.

Syxsense Cortex creates intelligent endpoints, monitoring and alerting of potential threats and changes to your environment. Syxsense’s unique architecture enables communication across highly-distributed work environments in real time. Syxsense Cortex allows organizations to easily create and automate complex processes, including:

  • COVID Readiness: Detect devices logging back into the corporate network after working from home, quarantine the device, run a vulnerability scan, deploy patches, check vulnerability level, and then return the secured device to full privileges on the corporate network.
  • VM Host Patching: Detect which devices are hosting virtual machines, safely shutdown all VM guests, scan and patch the server, reboot, and return all VMs to a running state.
  • Server and Device Monitoring: Set policies to constantly monitor CPU, RAM, and disk space usage. Set custom evaluation period and frequency to easily detect and alert on critical sustained spikes.
  • Complex Multi-Stage Patching: Running PowerShell scripts, automating email approvals for patch deployment, scanning, deploying, rebooting, and then running cleanup PowerShell scripts.
  • Software Provisioning: Create a single, automated pipeline to version check all installed software, upgrade and install new versions, all while protecting the productivity of users.
  • Risk Reduction: Identify and correct changes to Firewalls, Bitlocker, Admin Accounts, and Administrative Group membership.

“Syxsense Cortex’s codeless intelligent IT hyper-automation interface uses a drag-and-drop visual workflow designer to automate IT tasks in minutes,” commented Diane Rogers, Chief Product Officer at Syxsense. “Tests have shown this saves 93% of the time spent remediating incidents and delivers a 62% cost reduction on repetitive manual tasks.”

“Syxsense Cortex delivers a new management paradigm putting real power and control in the hands of all IT departments,” commented Ashley Leonard, Chief Executive Officer at Syxsense. “As security risks multiply every year, we are delivering simple, yet powerful tools that secure all endpoints, allowing everyone on the IT team to sleep better at night.”

Syxsense will host an informative webcast detailing many of the ways Syxsense Cortex automation can be used to simplify complex IT and security processes. The webcast will take place on February 4th at 8am Pacific. To attend, click here to register.

Syxsense Cortex is included with Syxsense Secure at no additional cost. Syxsense is offering free, fully-featured trials for up to 100 devices for 14 days. More information on the software and trial can be found here.

About Syxsense

Syxsense is the leading provider of innovative, intuitive technology that sees all and knows everything about every endpoint, in every location, everywhere inside and outside the network, as well as in the cloud. It combines the power of artificial intelligence with industry expertise to manage and secure endpoints by stopping threats before they occur and neutralizing threats when they happen. The Syxsense Endpoint Security Cloud always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm.

Try Syxsense Cortex free for 14 days.

Syxsense Cortex is included with Syxsense Secure — get up and running quickly with an easy-to-use solution, free for 14 days.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Windows RDP Servers Targeted In DDoS Attacks

By NewsNo Comments

Windows RDP Servers Targeted In DDoS Attacks

Windows Remote Desktop Protocol (RDP) servers are being used to weaponize ‘Distributed Denial of Service’ (DDoS) attacks.

Windows RDP Servers Exploited for DDoS Attacks

Windows Remote Desktop Protocol (RDP) servers are being used to weaponize ‘Distributed Denial of Service’ (DDoS) attacks. By default, the default TCP 3389 and / or UDP 3389 provides authenticated remote virtual desktop infrastructure (VDI) access to Windows-based workstations and servers.

These default ports, if used, are much easier to identify on remote networks (including over the internet) and from that those systems can be susceptible to ‘Distributed Denial of Service’ (DDoS) attacks.

What is a Distributed Denial of Service (DDoS) attack?

Distributed denial-of-service attacks target websites and online services. The aim is to overwhelm the processes running on them with more traffic than the server or network can accommodate, and therefore causing an outage or critical loss of service. Pinging a server from a single source will not cause a DDoS attack, but amplify that several thousand times by threat actors and severe loss of service can occur.

Rob Brown, Head of Customer Success said, “Back in February 2020, last year we learned a DDoS attack crippled Amazon Web Services. This has been recorded as the largest DDoS attack in history.”

How to Prevent RDP Attacks

No server with Remote Desktop Services running should be configured with the default port and we recommend changing it immediately. With Syxsense Secure, you can scan every device and easily identify which devices need to be corrected.

The following Powershell command will change the port to another selected port — we recommend using a nonstandard port.

If you are using Syxsense Manage or Syxsense Secure, you can deploy these Powershell scripts right from the console.

Get-ItemProperty -Path
‘HKLM:SYSTEMCurrentControlSetControlTerminal
ServerWinStationsRDP-Tcp’ -name “PortNumber”

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

FreakOut Botnet Freaking Out Linux Administrators

By NewsNo Comments

FreakOut Botnet Freaking Out Linux Administrators

A highly-sophisticated botnet known as FreakOut is targeting applications running on Linux operating systems — immediate patching is required.

FreakOut Botnet Exploiting Linux Vulnerabilities

A highly-sophisticated botnet known as FreakOut is targeting applications running on Linux operating systems which require immediate patching. Initial reports indicate this is primarily impacting Linux systems which have not been patched.

During a Weaponized attack, the botnet talks back to a remote system from where the Linux device becomes a slave, and the attacker has full access to the victim to deliver ransomware or perform data theft. 

Syxscore Risk Alert

The following vulnerabilities have been identified as important vulnerabilities to remediate in order to reduce the risk of the botnet becoming weaponized; we recommend to deploy at least one or preferably all three if they are detected on any of your systems.

1. CVE-2020-28188 – RCE in TerraMaster management panel (disclosed on December 24, 2020)

CVSS Score: Critical 9.8

Attack Vector: Network

Vector Complexity: Low

Privileges Required: None

User Interaction: None

Jump Point (Scope): No

 

2. CVE-2021-3007 – Deserialization bug in the Zend Framework (disclosed on January 3, 2021)

CVSS Score: Critical 9.8

Attack Vector: Network

Vector Complexity: Low

Privileges Required: None

User Interaction: None

Jump Point (Scope): No

 

3. CVE-2020-7961 – Deserialization bug in the Liferay Portal (disclosed on March 20, 2020)

CVSS Score: Critical 9.8

Attack Vector: Network

Vector Complexity: Low

Privileges Required: None

User Interaction: None

Jump Point (Scope): No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

Watch the Webcast: January Patch Tuesday

By News, Patch Tuesday, VideoNo Comments

Watch the Webcast: January Patch Tuesday

Watch this week's webcast to hear IT industry experts discuss strategies for tackling Microsoft's January Patch Tuesday updates.

Watch the January Patch Tuesday 2021 Webcast

New year, new Patch Tuesday — start 2021 ahead of the latest threats and vulnerabilities.

Industry experts discuss each of this month’s bulletins and show you strategies for tackling the most important updates.

Our team of IT management experts has deployed over 100 million patches. Sign up for our free webinar to receive the top patch strategies of the month.

View the Webcast

What You Need to Know: January Patch Tuesday

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

January Patch Tuesday 2021 Fixes Critical Defender Bug

By News, Patch Management, Patch TuesdayNo Comments

January Patch Tuesday 2021 Fixes Critical Defender Bug

With 83 new bugs, Microsoft is kicking off the first Patch Tuesday of 2021 with a bang. There are 10 Critical and 73 Important new fixes.

Microsoft Patch Tuesday Released with 83 Fixes

There are 10 Critical and 73 Important fixes this month for Microsoft Windows, Edge (Edge HTML-based), ChakraCore, Office and Microsoft Office Services and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core, ASP .NET, and Azure and another month without fixes for Internet Explorer 11.

Year 2 Extended Support approaches: Windows 7 and Windows Server 2008 (including R2) have both 5 Important vulnerabilities fixed.

Robert Brown, Head of Customer Success for Syxsense said, “This is a very reasonable sized release by Microsoft this month, which we really appreciate as everyone returns to work after the New Year holiday. We do have a Weaponised vulnerability to immediately respond to which Microsoft have confirmed is being exploited, and one which has been made Publicly Aware meaning the exact mechanism to exploit is publicly known.”

Top January Patches and Vulnerabilities

1. CCVE-2021-1647: Microsoft Defender Remote Code Execution Vulnerability

The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. Although this should be updated automatically, if you have installed another Antivirus Solution which has disabled Microsoft Defender, it’s own update mechanism may not run and there you could still be vulnerable.

Vendor Severity: Critical
CVSS: 7.8
Weaponized: Yes
Syxscore Risk Alert:

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Jump Point: No

2. CCVE-2021-1648: Microsoft splwow64 Elevation of Privilege Vulnerability

SPLWOW64.exe is a Windows process that runs when using 32-bit printer drivers on 64 bit Windows operating systems. Although most operating systems in use are 64bit, most legacy software will still need to use a 32bit driver.

Vendor Severity: Important
CVSS: 7.8
Publicly Aware: Yes
Syxscore Risk Alert:

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Jump Point: No

3. CVE-2021-1691: Hyper-V Denial of Service Vulnerability

We know some organisations are using Hyper-V to setup secure stations (aka sandbox) back to corporate networks since the beginning of the lockdown. This vulnerability impacts both Window10 and Windows Server OS.

Vendor Severity: Important
CVSS: 7.7
Syxscore Risk Alert:

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Jump Point: Yes

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month; please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Reference Description Vendor Severity CVSS Score Countermeasure Publicly Aware Weaponised Syxsense Recommended
CVE-2021-1647 Microsoft Defender Remote Code Execution Vulnerability Critical 7.8 No No Yes Yes
CVE-2021-1648 Microsoft splwow64 Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-1658 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-1660 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-1666 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-1667 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-1673 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-1664 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-1671 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-1700 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-1701 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-1674 Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability Important 8.8 No No No Yes
CVE-2021-1669 Windows Remote Desktop Services ActiveX Client Security Feature Bypass Vulnerability Important 8.8 No No No Yes
CVE-2021-1707 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-1665 GDI+ Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-1643 HEVC Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-1668 Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-1691 Hyper-V Denial of Service Vulnerability Important 7.7 No No No Yes
CVE-2021-1692 Hyper-V Denial of Service Vulnerability Important 7.7 No No No Yes
CVE-2021-1705 Microsoft Edge (HTML-based) Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2021-1636 Microsoft SQL Elevation of Privilege Vulnerability Important 8.8 No No No
CVE-2021-1712 Microsoft SharePoint Elevation of Privilege Vulnerability Important 8 No No No
CVE-2021-1719 Microsoft SharePoint Elevation of Privilege Vulnerability Important 8 No No No
CVE-2021-1718 Microsoft SharePoint Server Tampering Vulnerability Important 8 No No No
CVE-2021-1649 Active Template Library Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1651 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1680 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1644 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1713 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1714 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1711 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1710 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1715 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1716 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1642 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1652 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1653 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1654 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1655 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1659 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1688 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1693 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1703 Windows Event Logging Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1662 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1657 Windows Fax Compose Form Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1661 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1697 Windows Install Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1689 Windows Multipoint Management Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1695 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1702 Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1650 Windows Runtime C++ Template Library Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1681 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1686 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1687 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1690 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1638 Windows Bluetooth Security Feature Bypass Vulnerability Important 7.7 No No No
CVE-2021-1723 .NET Core and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-1694 Windows Update Stack Elevation of Privilege Vulnerability Important 7.5 No No No
CVE-2021-1685 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important 7.3 No No No
CVE-2021-1704 Windows Hyper-V Elevation of Privilege Vulnerability Important 7.3 No No No
CVE-2021-1706 Windows LUAFV Elevation of Privilege Vulnerability Important 7.3 No No No
CVE-2020-26870 Visual Studio Remote Code Execution Vulnerability Important 7 No No No
CVE-2021-1682 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-1709 Windows Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-1646 Windows WLAN Service Elevation of Privilege Vulnerability Important 6.6 No No No
CVE-2021-1679 Windows CryptoAPI Denial of Service Vulnerability Important 6.5 No No No
CVE-2021-1708 Windows GDI+ Information Disclosure Vulnerability Important 5.7 No No No
CVE-2021-1677 Azure Active Directory Pod Identity Spoofing Vulnerability Important 5.5 No No No
CVE-2021-1725 Bot Framework SDK Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1656 TPM Device Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1699 Windows (modem.sys) Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1683 Windows Bluetooth Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2021-1637 Windows DNS Query Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1696 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1676 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1663 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1670 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1672 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1684 Windows Bluetooth Security Feature Bypass Vulnerability Important 5 No No No
CVE-2021-1645 Windows Docker Information Disclosure Vulnerability Important 5 No No No
CVE-2021-1641 Microsoft SharePoint Spoofing Vulnerability Important 4.6 No No No
CVE-2021-1717 Microsoft SharePoint Spoofing Vulnerability Important 4.6 No No No
CVE-2021-1678 NTLM Security Feature Bypass Vulnerability Important 4.3 No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Top Linux Vulnerabilities For January

By Patch ManagementNo Comments

Top Linux Vulnerabilities for January

Explore the top Linux threats for January 2021 and find out the best solution for managing these vulnerabilities.

1. Samba update for Amzn2 (Amazon AWS), Red Hat Enterprise 7 and Oracle Linux 7

Vendor Severity: Critical
CVSS Score: 10

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318)

A null pointer dereference flaw was found in Samba’s winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-14323)

A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-1472)

CVE Reference(s): CVE-2020-14318, CVE-2020-14323, CVE-2020-1472.

 

2. Kernel update for Oracle Linux 6 & 7

Vendor Severity: Moderate
CVSS Score: 9.8

A heap-based buffer overflow was discovered in the Linux kernel. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices’ country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.

CVE Reference(s): CVE-2019-14895, CVE-2020-10711, CVE-2020-12464, CVE-2020-12652, CVE-2019-19447, CVE-2019-19037, CVE-2020-14305, CVE-2020-25668, CVE-2020-28915, CVE-2020-28974, CVE-2019-20934, CVE-2020-15436, CVE-2020-14351, CVE-2020-25705.

 

3. Security update for SUSE Manager Client Tools

Vendor Severity: Moderate
CVSS Score: 9.8

In SaltStack through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

CVE Reference(s): CVE-2020-25592

 

4. Security update for python36 on SUSE Linux Enterprise Server 12-SP5

Vendor Severity: Important
CVSS Score: 9.8

Python testsuite calls eval () on content received via HTTP. If an attacker can compromise the pythontest.net server, they gain arbitrary code execution on all buildbots.

If an attacker has control over the network connection of a machine running the Python test suite, they gain arbitrary code execution to the entire system.

CVE Reference(s): CVE-2019-18348, CVE-2019-20916, CVE-2020-27619

 

5. Libproxy update for Ubuntu 20.10, 20.04 LTS, 18.04 LTS and 16.04 LTS

Vendor Severity: Medium
CVSS Score: 9.8

libproxy incorrectly handled certain PAC files delivered from a Windows 10 device. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

CVE Reference(s): CVE-2020-26154

 

6. Security update for Mozilla Thunderbird for SUSE Linux Enterprise Workstation Extension 15-SP2 and Red Hat Enterprise 5,6,7 and 8

Vendor Severity: Critical
CVSS Score: 8.8

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable.

CVE Reference(s): CVE-2020-16042, CVE-2020-26970, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35112, CVE-2020-35113.

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo