Skip to main content
Monthly Archives

February 2021

||

Do You Really Know How Vulnerable You Are?

By NewsNo Comments

Do You Really Know How Vulnerable You Are? Vulnerability Scanning Plays an Essential Role in Modern Security

How effective is your IT security strategy? Even with 70% of breaches starting at the endpoint, many IT professionals have become complacent.

How vulnerable is your IT security strategy?

Sometimes you can get too cozy behind well-built fortifications and imposing defenses. The ancient Trojans offer a vivid example. The Greeks could do nothing to breach the mighty walls of the city state. After a decade-long siege, the people of Troy knew with certainty that their kingdom could never be successfully attacked. Yet they were defeated by a small group hidden inside a wooden horse.

The point is this: Have you become complacent with your own firewalls, intrusion detection systems, AI-driven threat detection apps, and safeguards?

Avoid Complacency

Cybercrime statistics demonstrate that vigilance is never ending. Billions of cyberattacks are launched each year from all around the globe.

Automation and a thriving dark web economy have spawned an army of hackers — they are constantly probing for any weakness, especially at the endpoint. With 70% of breaches originating at the endpoint, all it takes is one vulnerability to enter the network.

However, another reason for potential complacency could be the high volume of breaches that are caught. Security teams may be high-fiving daily at the number of probes and attack vectors they thwart. At the first sniff of an unusual traffic pattern from a port, they pounce and plug the hole. When a serious breach is detected, forensic and remediation teams scour the enterprise to ensure all areas of compromise and weakness are resolved.

Yet these stark facts remain: There is a 28% likelihood of a recurring breach within two years; and it takes 197 days on average for IT to identify a security breach. Clearly, there is no room for complacency. Like sentries on the perimeter, all it takes is a few minutes of inattention or napping on the job and the game is up.

The Need for Vulnerability Scanning

Hence the vital nature of vulnerability scanning. Malware and AV apps constantly detect malicious infections designed to steal money via online access to bank accounts, ransomware attacks, and corrupted installation packages on devices. While keeping all defenses in place, and even reinforcing them, this is no time to be without comprehensive vulnerability scanning.

Vulnerability scanning is all about inspecting points of potential exploit to identify security holes. The scan detects and classifies system weaknesses. Some tools predict the effectiveness of countermeasures. Typically, scans correlate the details of the target attack surface to a database of information about known security holes in services and ports, as well as anomalies in packet construction, and paths that may exist to exploitable programs or scripts. Therefore, scanning databases must be complete and constantly updated.

Some scans are done by logging in as an authorized user while others are done externally and attempt to find holes that may be exploitable by those operating outside the network. Both kinds should be deployed. It is all about constant alertness. And a willingness to remain willingness and overcome any tendency toward complacency.

Complete Security Management

The Syxsense vulnerability scanner is the most complete security management package on the market. It is effortless to employ, has a user-friendly interface, and effectively enhances the security of IT systems.

As its automated, security personnel determine how often and for how long to run the scan. This gives IT the ability to detect and secure vulnerabilities and security weaknesses exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers and those on the corporate network.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 26, 2021
Love0
|||

Syxsense Announces Integration with Microsoft Office 365

By Press ReleaseNo Comments

Syxsense Announces Integration with Microsoft Office 365

Syxsense has announced integration to Microsoft Office 365 allowing simple automated installation of the full Microsoft Office Suite.

Syxsense Integrates with Microsoft Office 365

Syxsense, a global leader in IT and security management solutions, today announced integration to Microsoft Office 365 allowing simple automated installation of the full Microsoft Office Suite.

IT departments have long struggled to get the Office 365 installer and configuration files deployed across the organization.  Syxsense distills the cumbersome office deployment into a simple wizard containing three questions:

  • Where – which devices should Office 365 be installed on?
  • What – should be deployed?  Syxsense is able to leverage and reuse the Office config files built at Microsoft Office Config.  Answer the questions on the Microsoft site to choose which products and languages are installed, how they should be updated and set user install experience settings.  Once stored in the config file, Syxsense imports the saved settings and uses a tiny installer to manage moving the media to the target device.
  • When – This final step leverages maintenance and blackout windows to ensure the scheduled installation has limited impact on productivity.

With an interface to save and reuse multiple configurations, Syxsense can “Quick Install” custom deployments for divisions within organizations with different Office requirements.

Get Office 365 Deployment with Syxsense

Office 365 deployment is included with Syxsense Secure and Syxsense Manage at no additional cost. Syxsense is offering free, fully-featured trials for up to 100 devices for 14 days.

More information on the software and trial can be found here.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 25, 2021
Love0
|||||

Why Use Syxsense Cortex For Your Business?

By BlogNo Comments

Why Use Syxsense Cortex For Your Business?

Why should you use Syxsense Cortex for your intelligent business management needs? We're here to provide you with all of the answers.

Why Syxsense Cortex?

Endpoint protection has become an increasingly important security concern in a world where there are so many ways to access, share, and look at information. In fact, almost 70 percent of breaches occur at the endpoint, which presents a challenge to overstretched and overworked IT departments that have more threats to deal with than ever.

Worse yet, breaches are rarely a one-time event. Almost 30 percent of companies with one breach have another breach within two years. Furthermore, the average breach cost runs in the billions of dollars — and most IT departments can take up to 200 days on average to identify a security breach.

To help you plug all those holes, Syxsense Cortex is a next-generation visual IT and security management process automation technology that simplifies the complexities of IT and security practices with an easy-to-use, drag-and-drop interface that can harden your company’s IT defenses without the need for large teams and specialists.

Syxsense Cortex offers always-on technology that never takes a day off or even a break — because we all know that cyber criminals never stop working.

As a complete endpoint security platform, Syxsense Cortex shows you what’s happening right now as well as potential security issues down the line, turning all that data you’re collecting into something of an IT crystal ball. You may not be able to prevent attacks from happening, but Syxsense Cortex gives you the power to deal with your company’s IT security on your terms, not theirs.

Intelligent IT Hyperautomation

At the forefront of the Syxsense Cortex product is visibility, security, and peace of mind in environments that are ever-changing. Instead of convoluted policies and complicated risk assessment capabilities that are always one step behind, Syxsense Cortex provides intelligent IT hyperautomation for companies that want to leverage information they already have for a true sense of the changes and risks that are out there. It’s real-time security for an always-on, always-changing world, and Syxsense Cortex helps you stay ahead.

With the power of the Syxsense Cortex Processor, you can process more information faster than you would ever be able to do otherwise, allowing you to leverage new or existing resources to do more with less. By parsing and bringing in data through complex workflows, you’ll be able to immediately understand any risk relative to your environment, which helps increase visibility even when you’re paying less attention.

When action has to be taken, Syxsense Cortex Jobs allows you to execute multi-step actions directly at the endpoint, reestablishing control or eliminating the risk in ways that best suit the nature of the data risk. Better yet, Syxsense Cortex can provide proof of the eliminated risk, minimizing the need for exhaustive follow-up or other acknowledgements of a data breach.

Stay One Step Ahead With Syxsense Cortex

By processing automation at the endpoint, Syxsense Cortex leverages your own data to trigger responses or actions.

Never again wonder about your true vulnerability state, the status of your networks or devices, or what processes are running — Syxsense Cortex allows you to realize the benefits of automation with intelligent endpoints, monitoring and alerts that will keep you in the know on potential threats and any changes that occur to your environment. You can start with pre-built templates for monitoring and patching, or set up alerts to cue you when it’s time to take action.

With Syxsense Cortex’s hyperautomation, you’ll get everything you need to manage your company’s IT, including Covid-readiness, VM-host patching, server and device monitoring, complex multi-stage patching, evaluating images for updates and risk reduction.

Automate Your IT Demands

Unlike other IT management tools that trade one confusing interface for another, Syxsense Cortex utilizes a convenient, drag-and-drop designer to allow easy, automated responses to the vulnerabilities that threaten your network. With simple logic and intelligent endpoint triggers that ask questions in real time, Cortex allows you to trigger an appropriate action based on an ideal workflow.

When it comes time to grant approvals, Syxsense Cortex’s granular control gives you the power to delay or confirm action before taking the next step. For those that are responsible for monitoring job conditions, real-time approval is given to administrators so that the right action can be taken now or pushed to a later time.

After identification and approval, Syxsense Cortex Actions does all the heavy lifting for you so that you can spend less time managing it all. From security and patching to software deployment, process blocking and scripting demands, just about any action can be offloaded and taken care of without constant babysitting.

Syxsense Cortex leverages your data to trigger real-time responses.

Prioritized Risk Mitigation

With Syxsense Cortex, you get it all — accurate knowledge, proactive responses, and simple implementation of all important IT policies and rules.

For vulnerable access points, risks are identified, prioritized and addressed in real time, with as much or as little oversight or hands-on management as your organization sees fit.

The power of Syxsense Cortex allows you to leverage intelligent endpoints that are constantly in communication with the rest of the network, waiting for an action or input.

Try Syxsense Cortex Free for 14 Days

The best part about Syxsense Cortex is that it’s free to try for 14 days. For most, it only takes a short while to realize the benefits of Syxsense Cortex. From comprehensive threat alerts and quarantining capabilities, Cortex provides real-time security management with both OS and third-party patching for all your company’s devices.

Get up and running quickly and realize the benefits of tools such as live device location maps and device timelines to really understand the state of your network historically and in real time. Administrators won’t be hampered by artificial user limits or missing support for crucial IoT security issues, meaning that no network is too large or complicated for the benefits of AI-driven decision making.

Not Just Syxsense Cortex

In addition to Syxsense Cortex, here at Syxsense, we’re also dedicated to providing IT security solutions that integrate all the tools you need into one, easy-to-use interface. As the first IT management and security solution that brings together vulnerability scanning and patch management capabilities into a single interface in the cloud, Syxsense Secure is yet one more way that you can harden your IT security against all threats.

We call it the future of threat prevention, but all you need to know is that you’ll get the ability to stop breaches, patch and quarantine devices and collaborate with others in the IT department to identify and close attack vectors. With the Syxsense line of products, you can stay informed, manage, and take action with the click of a button.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 22, 2021
Love0
|||

6 Ways Patch Management is Letting You Down

By Patch ManagementNo Comments

6 Ways Patch Management is Letting You Down

Unfortunately, not all patch management tools are created equal. Is your solution as effective as other available patching options?

Is your patch tool letting you down?

There are plenty of patch management tools available — their job is to issue updates and fixes that plug security holes in applications and operating systems.

Patching safeguards organization from exposure to cyberattack. It provides the latest feature improvements and updates and ensures compliance to a wide range of security mandates.

However, the level of effectiveness varies from one tool to another. Here are six ways your patch management solution may be letting you down.

1. Lack of Patch Supersedence

“Supersede’ means to replace an older thing with a newer one. An organizational policy restricting work-from-home to one day per week, for example, may have recently been superseded by a new policy requiring all employees to work from home.

How does this relate to patching? Take the case of an IT provider that releases a patch every few weeks. Over the course of six months, that’s a lot of patches.

Some tools scan systems and report that all these patches are points of potential exposure and must be remedied immediately. Yet quite often, vendors bundle older patches into new releases. The new patch supersedes the older ones.

There are many tools around that don’t take patch supersedence into account. They unnecessarily alarm IT managers with long lists of vulnerabilities when in fact there are only a few patches to take care of. Inexperienced personnel may even waste time addressing the most outdated patches first.

Recommendation: Only use patch management products that recognize supersedence.

2. No Patch Roll Back

The last thing you want is for an update to cause incompatibilities in other system. That’s why software vendors and IT departments conduct testing to ensure patches are benign. But despite the precautions, faulty patches can occasionally happen.

The solution is a patch roll back feature that allows you to return your systems to the state that existed before the implementation of the new patch. Some tools support this feature, others don’t. In product selection, narrow the candidates down to those that do.

3. Slow Motion Patching

Hackers and cybercriminals move fast. When a new weakness is discovered, word spreads rapidly around the dark web — there is no time to lose in installing patches.

Yet delays in testing and distributing patches are not uncommon. The vendor may have gotten behind in reviewing a surge of patches from a great many application providers responding to the latest attack vector. Whatever the reason, it is the responsibility of the provider to make patches available rapidly. Demand that patches be tested and distributed within a few hours of their release.

4. Lack of Automation

With hundreds or even thousands of endpoints to manage, lack of automation can delay the implementation of a critical patch. It saves time if IT does not have to formulate scripts, hop from one screen to another, or manually push out patches to various destinations.

The best patch management solutions provide drag-and-drop features, as well as automation of processes and multistage tasks: for example, automating a sequence such as patching VM guests and rebooting them, then patching their host, and performing a separate reboot.

5. Hogging Bandwidth

Some patch management tools include features to push out software to users as well as the latest patches. This can pose problems by tying up bandwidth. Imagine pushing Microsoft Office out to hundreds of endpoints – that amounts to TBs of data. What is needed is software that intelligently distributes applications and patches without tying up bandwidth across the enterprise.

6. Poor Reporting

It is one thing to say all systems are patched and fully updated. But it is another to be able to prove it.

Reporting, therefore, is a vital element of compliance. Yet some patch management tools lack reporting features. Others provide reports that may not be good enough for compliance purposes or security audits. Insist upon enough reporting to satisfy your compliance and management requirements.

Simple and Powerful Patch Management

Syxsense lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features.

In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 19, 2021
Love0
||

Microsoft Recalls Another Windows SSU In February

By Patch ManagementNo Comments

Microsoft Recalls Another Windows SSU In February

Microsoft recalled another Windows SSU update — the second time in a week. Manual intervention was required to restore full OS functionality.

Microsoft Recalls Windows SSU Twice

For the second time in a week, Microsoft recalled another Windows SSU update. Earlier this week Microsoft released KB5001078 as a replacement for KB4601392.

Now Microsoft have recalled yet another Windows SSU update KB4601390 replacing it with KB5001079. The two replacements appear to have the same symptoms where Windows 10 security updates would effectively hang during the installation before reaching 30%, meaning a manual intervention was needed to restore operating system functionality.

Robert Brown, Chief Customer Success Officer said, “For anyone deploying these updates remotely, the problem could have been exasperated further as users working from home would have to intervene in restoring full functionality of their Windows 10 operating system. We were aware very quickly of the issues and recalled this content from the Syxsense patch management content.”

For Syxsense users, the replacement updates are available to deploy to your devices.

What are Servicing Stack Updates?

Servicing stack updates provide fixes to the Windows servicing stack — the fundamental component that installs Windows updates. It also contains the “component-based servicing stack” (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components.

Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don’t install the latest servicing stack update, there’s a risk that your device can’t be updated with the latest Microsoft security fixes.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 18, 2021
Love0
||

How Syxsense Would Respond to the Florida Water Poisoning Attack

By BlogNo Comments

How Syxsense Would Respond to the Florida Water Poisoning Attack

After the attempted water poisoning cyberattack in Florida, cybersecurity experts are advising IT departments to take action.

Hackers Attempt Poisoning in Florida

Last week an unidentified attacker gained access to a water treatment plant’s network and modified chemical dosages to dangerous levels.

The FBI has issued an alert on Tuesday, raising attention to three security issues that have been seen on the plant’s network following last week’s hack. In these cases, the FBI recommends a series of basic security best practices as an intermediary way to mitigate threats.

Using Syxsense Secure, you can verify your governance against these FBI recommendations, along with resolving any issues discovered as part of this vulnerability scanning exercise.

Rob Brown, Chief Customer Success Officer at Syxsense said, “Obsolete software or unpatched devices provide one of the most serious concerns to the Security Chiefs of companies worldwide. Many of our customers are saying the unpatched laptop may become the next big weaponized threat. They are using Syxsense Secure with the hyper-automation of Syxsense Cortex to return their users safely to the office or isolate those devices if they are unsafe.”

The FBI Recommendations

1. Use multi-factor authentication

Syxsense Manage and Syxsense Secure can be enabled with multi-factor (two-factor) authentication. Syxsense supports both email and an Authenticator app, such as Google and DUO.

In addition, other security settings are enabled by default such as email notifications upon login to the console and auto logout following a period of inactivity. Whitelisting is an option for anyone using static IP address, and geographical protection can be enabled to restrict access to your Syxsense console based on country.

2. Use strong passwords to protect Remote Desktop Protocol (RDP) credentials

With Syxsense Cortex, you can discover all systems with Remote Desktop Protocol enabled without the required “strong passwords”. Syxsense Cortex can detect and notify through email any systems which do not meet this requirement.

3. Ensure anti-virus, spam filters, and firewalls are up to date, properly configured, and secure

The Syxsense Secure vulnerability scanner can provide an independent audit to the health and status of the most popular anti-virus and anti-spyware programs, and where needed, update those system automatically to protect the devices.

4. Audit network configurations and isolate computer systems that cannot be updated

Based on the detected vulnerable status of devices, Syxsense Cortex can automatically quarantine the device, isolating it from the network and preventing the device from being a threat.

The device can still be managed using Syxsense Secure, meaning you can still perform software deployment, patch management, vulnerability management or remote access whilst isolated.

5. Audit your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts

There are many types of ports scanned using Syxsense Secure. Based on those detected, you can report on the devices or take action such as enabling local firewalls or reconfiguring the operating system using Windows Powershell.

6. Audit logs for all remote connection protocols

Syxsense Secure provides real-time access to the Windows Application, Event, System and Security event logs.

7. Train users to identify and report attempts at social engineering

From customizing different computer desktop backgrounds, to customizable end user message prompts; Syxsense Secure and Syxsense Cortex can help users thwart mistakes made at the endpoint. All tasks performed by Syxsense can use a corporate logo and custom messages.

8. Identify and suspend access of users exhibiting unusual activity

Untrusted applications, processes, or multiple login attempts can disable local accounts automatically and provide email alerts to automated helpdesk systems. Syxsense Secure comes with a built-in alerting system so that you can never miss them.

9. Keep software updated

Syxsense boasts to support both Windows, Mac OS, Linux and the most common third party applications.

Whether your devices are local, remote, or at home, you can trust Syxsense to update your software or notify you when obsolete software has been found.

Experience the power of Syxsense Cortex, free for 14 days.

Syxsense Cortex is included with Syxsense Secure. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 12, 2021
Love0

Watch the Webcast: February Patch Tuesday

By News, Patch TuesdayNo Comments

Watch the Webcast: February Patch Tuesday

Watch this week's webcast to hear IT industry experts discuss strategies for tackling Microsoft's February Patch Tuesday updates.

Watch the February Patch Tuesday 2021 Webcast

Watch our webcast to hear industry experts discuss each of this month’s bulletins and show you strategies for tackling the most important updates.

Our team of IT management experts has deployed over 100 million patches. Sign up for our free webinar to receive the top patch strategies of the month.

View the Webcast

What You Need to Know: February Patch Tuesday

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 10, 2021
Love0
February Patch Tuesday 2021

February Patch Tuesday 2021 Fixes 56 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

February Patch Tuesday 2021 Fixes 56 Flaws and Windows Zero-Day

The second Patch Tuesday of 2021 has arrived — tackle the latest Microsoft updates and vulnerabilities for the month of February.

Microsoft February 2021 Patch Tuesday Resolves 56 Vulnerabilities

Microsoft fixed 56 bugs this month — the first time this number has dropped under 60 in over a year.

There are 11 Critical, 43 Important, and 2 Moderate patches. Fixes this month are for:

  • .NET Framework
  • Azure IoT
  • Azure Kubernetes Service
  • Microsoft Edge for Android
  • Exchange Server
  • Office and Office Services and Web Apps
  • Skype for Business and Lync
  • Windows Defender

Second Year of Extended Support Starts

Windows 7 and Windows Server 2008 (including R2) have 2 Critical and 3 Important vulnerabilities fixed.

Robert Brown, Head of Customer Success for Syxsense said, “With a release of 59 fixes, a total of 10 of these are either Weaponized, Public Aware, or have an extremely high CVSS score rating, which some experts, including our own, would rank as Zero Day status. Never have we seen Microsoft release almost 20% of their fixes to tackle such high-severity vulnerabilities. If you expected an easy Patch Tuesday, think again — these must be deployed urgently.”

Top February Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend our customers enter the CVE numbers below into your patch management solution and deploy as soon as possible.

1. CVE-2021-1732: Windows Win32k Elevation of Privilege Vulnerability

The bug was exploited after attackers gained access to a Windows system in order to obtain SYSTEM-level access. This vulnerability has already been Weaponized and is being recommended as a high priority deployment by CISA Cybersecurity & Infrastructure Security Agency.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: Yes
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2021-26701: Multiple Vulnerabilities in Microsoft .NET Core and Visual Studio

The vulnerability exists due to insufficient validation of user-supplied input in .NET Core. A remote attacker can pass specially-crafted input to the application and execute arbitrary code on the target system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 8.1
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

3. CVE-2021-24078 Windows DNS Server Remote Code Execution Vulnerability

This patch fixes a bug in the Windows DNS Server that could allow remote code execution on affected systems. This is also potentially wormable, although only between DNS servers. The vulnerability exists due to insufficient validation of user-supplied input in Windows DNS Server.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Reference Description Vendor Severity CVSS Score Countermeasure Publicly Aware Weaponized Syxsense Recommended
CVE-2021-1732 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No Yes Yes
CVE-2021-26701 .NET Core and Visual Studio Remote Code Execution Vulnerability Critical 8.1 No Yes No Yes
CVE-2021-1733 Sysinternals PsExec Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-1727 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-1721 .NET Core and Visual Studio Denial of Service Vulnerability Important 6.5 No Yes No Yes
CVE-2021-24098 Windows Console Driver Denial of Service Vulnerability Important 5.5 No Yes No Yes
CVE-2021-24106 Windows DirectX Information Disclosure Vulnerability Important 5.5 No Yes No Yes
CVE-2021-24078 Windows DNS Server Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-24077 Windows Fax Service Remote Code Execution Vulnerability Critical 9.8 Yes No No Yes
CVE-2021-24074 Windows TCP/IP Remote Code Execution Vulnerability Critical 9.8 Yes No No Yes
CVE-2021-24094 Windows TCP/IP Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-24093 Windows Graphics Component Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-24088 Windows Local Spooler Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-24066 Microsoft SharePoint Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2021-24072 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2021-1728 System Center Operations Manager Elevation of Privilege Vulnerability Important 8.8 No No No
CVE-2021-24105 Package Managers Configurations Remote Code Execution Vulnerability Important 8.4 No No No
CVE-2021-24112 .NET Core for Linux Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2021-1722 Windows Fax Service Remote Code Execution Vulnerability Critical 8.1 Yes No No
CVE-2021-1726 Microsoft SharePoint Spoofing Vulnerability Important 8 No No No
CVE-2021-24081 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Critical 7.8 No No No
CVE-2021-24091 Windows Camera Codec Pack Remote Code Execution Vulnerability Critical 7.8 No No No
CVE-2021-24092 Microsoft Defender Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-24067 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-24068 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-24069 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-24070 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-26700 Visual Studio Code npm-script Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-24083 Windows Address Book Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-24102 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-24103 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-24096 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-25195 Windows PKU2U Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1698 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-24111 .NET Framework Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-1734 Windows Remote Procedure Call Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-24086 Windows TCP/IP Denial of Service Vulnerability Important 7.5 Yes No No
CVE-2021-24087 Azure IoT CLI extension Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-1639 Visual Studio Code Remote Code Execution Vulnerability Important 7 No No No
CVE-2021-24075 Windows Network File System Denial of Service Vulnerability Important 6.8 No No No
CVE-2021-24109 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability Moderate 6.8 No No No
CVE-2021-24101 Microsoft Dataverse Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-24085 Microsoft Exchange Server Spoofing Vulnerability Important 6.5 No No No
CVE-2021-24099 Skype for Business and Lync Denial of Service Vulnerability Important 6.5 No No No
CVE-2021-24073 Skype for Business and Lync Spoofing Vulnerability Important 6.5 No No No
CVE-2021-24080 Windows Trust Verification API Denial of Service Vulnerability Moderate 6.5 No No No
CVE-2021-1724 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability Important 6.1 No No No
CVE-2021-24114 Microsoft Teams iOS Information Disclosure Vulnerability Important 5.7 No No No
CVE-2021-24076 Microsoft Windows VMSwitch Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1731 PFX Encryption Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2021-24079 Windows Backup Engine Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-24084 Windows Mobile Device Management Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1730 Microsoft Exchange Server Spoofing Vulnerability Important 5.4 No No No
CVE-2021-24071 Microsoft SharePoint Information Disclosure Vulnerability Important 5.3 No No No
CVE-2021-24100 Microsoft Edge for Android Information Disclosure Vulnerability Important 5 No No No
CVE-2021-24082 Microsoft PowerShell Utility Module WDAC Security Feature Bypass Vulnerability

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 9, 2021
Love0
||

Top Linux Vulnerabilities For February 2021

By Patch ManagementNo Comments

Top Linux Vulnerabilities for February 2021

Explore the top Linux threats for February 2021 and find out the best solution for managing these vulnerabilities.

1. Linux AMI Security Advisory for samba “Netlogon” on Amazon Linux and RedHat

Vendor Severity: Critical
Score: 10

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318)

A null pointer dereference flaw was found in Samba’s winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-14323)

A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-1472)

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity and privileges without user interaction. This vulnerability could be used as a jump point – which means once they expose the environment using this bug, they can move to other technology. This is the equivalent of a Zero Day vulnerability.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Requires: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

CVE Reference(s): CVE-2020-14318, CVE-2020-14323, CVE-2020-1472

2. Hawk2 Security Update for SUSE Enterprise 15, 15-SP1 & 15-SP2

Vendor Severity: Critical
CVSS Score: 9.8

This update for hawk2 fixes the following issues:

  • Hawk2 was updated to version 2.4.0+git.1611141202.2fe6369e.
  • Possible code execution vulnerability in the controller code (bsc#1179998).

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity, no privileges required and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Requires: None
  • User Interaction: None
  • Scope (Jump Point): No

CVE Reference(s): CVE-2020-35458

3. Slurm Security Update for SUSE Enterprise 15-SP1

Vendor Severity: Medium
CVSS Score: 9.8

Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity, no privileges required and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Requires: None
  • User Interaction: None
  • Scope (Jump Point): No

CVE Reference(s): CVE-2020-27745, CVE-2020-27746

4. Apache Log4net Security Update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10.

Vendor Severity: Important
CVSS Score: 9.8

This is a republished vulnerability from 2018 by NVD as it was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose sensitive information.

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity, no privileges required and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Requires: Low
  • User Interaction: None
  • Scope (Jump Point): No

CVE Reference(s): CVE-2018-1285

5. Flatpak security update for Oracle Linux 7

Vendor Severity: Important
CVSS Score: 8.8

This is a republished vulnerability from 2018 by NVD as it was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose sensitive information.

Syxscore Risk Alert

This vulnerability has a major risk, though an attacker will need local access to the device. Low complexity, low privileges, no user interaction, but can be used as a jump point, the risk for this vulnerability should be higher than the severity.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Requires: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

CVE Reference(s): CVE-2021-21261

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 8, 2021
Love0
||

Google Chrome Zero-Day Being Weaponized

By NewsNo Comments

Google Chrome Zero-Day Being Weaponized

Google has released Chrome 88.0.4324.150 today, however a zero-day vulnerability has been weaponized with active exploits taking place.

New Chrome Vulnerability Exploited

Google has released Chrome 88.0.4324.150 to the Stable Channel and is impacting Windows, Linux and Mac OS. CVE-2021-21148 has been marked as weaponized with active exploits taking place.

What’s Been Resolved?

CVE-2021-21148: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a boundary error within the V8 engine in Google Chrome.

A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger heap-based buffer overflow, and execute arbitrary code on the target system.

What’s the Solution?

Upgrade to the latest version of Chrome (88.0.4324.150 or later) using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges. Although the latest CVE carries a CVSS score of 8.8 (High Severity) the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 5, 2021
Love0