Skip to main content
Monthly Archives

April 2021

||||Microsoft WSUS is Not Enough||||

Why Microsoft WSUS is Not Enough In 2022

By Patch Management

Why Microsoft WSUS is Not Enough In 2022

With just Microsoft WSUS, can you keep your network and IT infrastructure protected from unpatched software vulnerabilities?

What’s Better than WSUS?

You may already have Microsoft Windows Server Update Services (WSUS) in your IT environment for deploying Microsoft product updates to your Windows workstations. However, have you thought about patching non-Microsoft software that you run on your enterprise computers?

These non-Microsoft software products, such as Oracle, Java, and Adobe Reader, may expose your corporate environment to vulnerability exploits when left unpatched.

Manage Microsoft, Linux, Mac, and Third-Party Applications

Syxsense is a powerful solution for deploying, managing, and reporting on MicrosoftMacLinux and third-party patches on tens of thousands of workstations and servers across your enterprise.

# Features Microsoft WSUS Syxsense
1 Patching Microsoft Software Updates Yes Yes
2 Patching Non-Microsoft third-party Software Updates No Yes – See an industry-leading library of supported third-party products.
3 Visibility into Application Inventory Limited Hardware Inventory; No Software Inventory Yes – Microsoft & other third-party applications, hardware inventory, disk space & other metrics. Inventory history to compare devices state change within time.
4 On-Demand Patching No Yes
5 Reporting Visibility into Patched and Unpatched Systems and Software Limited Yes – HIPAA, SOX, & PCI Reports offer both executive summary and detailed information about the vulnerability status of your environment. No programming necessary.
6 Filtered Views No Yes
7 Scheduled Approvals No Yes
8 Notification of Failed Updates Limited – Does not provide information on why the update failed Yes – Provides information in both reports, dashboards offering a quick path to redeploy.
9 Patch Scheduling Limited – Basic patch scheduling such as choosing a particular hour of the day, and optionally a single day of the week, with the hope the target machine is actually powered on at that time Yes – Push patches at discrete times to accommodate different time zones and network impacts of patching large numbers of endpoints.  Set maintenance windows to automatically maintain a fully patched, secure status.
10 Wake-on LAN for booting target systems for patch management No Yes
11 Third-Party Pre-Built & Tested Packages No Yes – For many common applications
12 Custom Package Creation No Wizard-driven – Package Creation Wizard for complex before and after deployment scenarios
13 Client Health Diagnosis & Remediation No Yes – Device Health
14 Device Quarantine No Yes – It allows isolating potentially vulnerable devices from the network to check and remediate any issues without creating a threat for other endpoints
18 Device Discovery Yes. Yet, discovery takes a lot of time, as endpoint check-in to the WSUS server after a defined interval. Yes – Syxsense shows the system state in real-time, so new devices are discovered immediately.
21 Remote Control Yes – However, the process defers depending on the Windows version, so you have to figure out how to organize remote control every time Yes – And the process is simple and intuitive
23 Detection Logic and Default Patch Supersedence No. WSUS does not automatically decline superseded updates in favor of the new, superseding update. Yes. Patch supersedence is completed by default, so you don’t have to research which updates are required.
25 Software Distribution No Yes
26 Visual Drag-and-Drop Interface For Complex IT Workflows Automation No Yes – An intuitive no-code interface allows you to create and schedule complex workflows in just a few minutes

 

Why Syxsense?

Syxsense maximizes your investment in security and allows you to patch all endpoints with more visibility, control, and reporting from the simplicity of a single, centralized, intuitive interface.

Syxsense gives you key management capabilities that help you simplify the entire patch management process from patch notification, to import/synchronization, publishing, approvals, deployment, scheduling, reboots, and more.

Patch Management

WSUS lacks the ability to patch applications outside of Microsoft products. It also struggles to effectively schedule patches and report on patch status, superseding patches, inventory, and its history.

Additionally, WSUS leverages stale data. With the time between the discovery of a vulnerability and the emergence of an exploit decreasing, threats require immediate responses. Besides, with WSUS, it’s impossible to quarantine the device until the problems with it are solved.

The Syxsense Advantage

Syxsense allows you to:

  • See your full inventory and vulnerability status
  • Prioritize and deploy patches based upon severity, and manage superseding patches effectively
  • Start patching endpoints within minutes
  • Automate complex IT workflows with intuitive no-code interface
  • Discover new devices entering your network in real-time
  • Quarantine the devices that pose a threat to the entire network
  • Distribute software across all the endpoints within maintenance windows

Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across your entire environment. Find peace of mind by trusting your Syxsense and set up a free trial today.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Syxsense Releases White-Label Branding for MSPs, MSSPs and Large Enterprises

By Press Release

Syxsense Announces White Label Branding for MSPs, MSSPs and Large Enterprises

Syxsense has announced the official release of white-label console branding for MSP, MSSPs and large enterprises.

Syxsense Further Enhances Support for MSP, MSSP and Large Enterprises

Syxsense, a global leader in the intelligent automation of IT, patch management, security vulnerability scanning and remediation, today announced the release of White Label console branding for MSP, MSSPs and large enterprises.

Building and maintaining brand identity increases revenue and customer awareness. Syxsense now offers the ability to replace and customize logos, labels, and website links in the Syxsense console.

Experience the Benefits

MSP and MSSPs looking to augment their managed service with new functionality can do so without incurring the cost of building a solution from scratch, all while presenting the functionality as a natural extension of their existing offerings. Syxsense increases recurring revenue by automating IT, offering comprehensive patch management, and full security vulnerability scanning and remediation.

In addition to consistent corporate branding and logos, white label users can easily customize the Syxsense reusable dashboards to present exactly the information and results most important to clients or employees. Built on a native cloud infrastructure, the new customizations to the browser-based UI easily integrate into corporate workflows. Reusable elements like reoccurring patching maintenance windows and Syxsense Cortex Workflows quickly empower MSPs and MSSPs to deliver on the promise of a secure, well managed IT environment.

The White Label option is included with Syxsense Manage and Syxsense Secure at no additional cost. Syxsense is offering free, fully-featured trials for up to 100 devices for 14 days. More information on the software and trial can be found here.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Apple Patches MacOS Zero-Day Exploit

By Blog, News, Patch Management

Apple Patches MacOS Zero-Day Exploit

A new MacOS exploit pushes unchecked payloads to devices by bypassing Apple’s security tools when users attempt to use an infected installation package.

Apple Patches MacOS Bug

On Monday, April 26th Apple released MacOS 11.3, a security rollup patch which remediates multiple known attack vectors. Among these vectors is CVE-2021-30657, an exploit which has been used since January to push unchecked payloads to user computers by bypassing Apple’s security tools when a user attempts to use an infected installation package.

Under the Hood

Under normal circumstances, when a MacOS user opens an application installer, the installer is first put through Apple’s anti-malware detection suite. This process contains a multi-functional mesh of security checks and scans.

The first layer of the anti-malware mesh is the File Quarantine tag. Apple first started securing users against tainted downloads in OSX Leopard by implementing file quarantining. This security attribute marks un-identified files as unsafe by applying a quarantine tag to the file’s attributes. When opening files with the quarantine tag, access will either be prompted or denied, depending on the policies applied to the computer.

Iterating on the File Quarantine tags, Apple introduced an additional layer of security in OSX Lion named Gatekeeper. The macOS Gatekeeper checks code-signing information on all new files accessed by the system to ensure that the file conforms to system policies. If the file does not meet the system policy requirement, the access is either revoked or prompted depending on applied policies.

More recently, Apple introduced new functionality in macOS Catalina which requires pre-authorization by Apple before an application is released to the public with a process titled Notarization. With this new tool, software authors provide their software to Apple prior to public release for an automated security scan.

Once the scan completes, Apple provides an attribute tag for the software which verifies its authenticity and safety. If a user attempts to install software without this attribute, the software is flagged by the anti-malware suite and access is either denied or prompted based on computer policy.

Below is the prompt generated by the Notarization, Gatekeeper, and Quarantine processes working in concert to defend against a potentially dangerous executable.

How It Works

CVE-2021-30657 manages to bypass all layers of macOS’s anti-malware suite by re-building it’s payload bundles with specifically mischaracterized property files. When a re-bundled payload is passed through the detection suite, the file contents are not recognized by the File Quarantine and Notarization processes and are default allowed by the anti-malware tools.

Because payloads using the CVE-2021-30657 exploit are default allowed, the Gatekeeper process never gets activated and the user is never given a security prompt. Instead, the payload is quietly executed, and the computer becomes compromised. In its current iteration, the well-known malware suite Shlayer is known to use CVE-2021-30657 to silently push payloads to endpoints while masquerading as an Adobe Flash Player update.

The Take-Away

There are two major takeaways from CVE-2021-30657.

First, never download applications from untrusted or third-party sites. Where possible, always install applications from the Mac App store or directly from well-known publishers like Microsoft or Adobe. When installing software not found on the Mac App store, make sure you are on the publishers’ website, and not a third-party website. These unsecure sites may contain reuploads of authentic software packages which contain software exploits similar to CVE-2021-30657.

Second, make sure that you keep your operating system up to date. MacOS 11.3 introduces patches which safeguard against CVE-2021-30657 and ensures that users are correctly prompted or denied before executing potentially dangerous executables.

How Syxsense Secure Can Help

Syxsense Secure provides automated patch management, vulnerability scanning, and IT management. It can detect if an endpoint is vulnerable to CVE-2021-30657 and deploy the corresponding security update efficiently, before any damage is done.

Syxsense Secure also provides the ability to push software to endpoint devices, limiting the attack surface of your company and providing your end users with safe access to the tools they need. Syxsense Secure also includes advanced features such as patch supersedence, patch roll back, and a wealth of automation and configuration features.

Further, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: April 26, 2021

By News

Linux Vulnerabilities of the Week: April 26, 2021

Are you caught up on April's latest Linux vulnerabilities? See this week's top issues and keep your IT environment protected.

1. Mariadb vulnerability

Severity: Important    CVSS Score: 7.2

This is a remote code execution issue in some versions of MariaDB; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. A database user that has the SUPER privilege can execute arbitrary code as the system MySQL user after modifying wsrep_provider and wsrep_notify_cmd.

 Syxscore Risk Alert

This vulnerability has a high risk as though it requires high privileges, this can be exposed over any network, with low complexity attack, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-27928

2. Apache Tomcat deserialization flaw incomplete fix affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.0

When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, an attacker creating a specially crafted request can trigger remote code execution through deserialization of the file under their control.

The highest threat from the vulnerability is to data confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a high risk as although this needs access to the same network as the device and requires an attack of high complexity, it requires low privileges and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-25329

3. Buffer overflow in the RPA PCI Hotplug driver affecting Red Hat Enterprise Linux 7 and 8

Severity: Medium       CVSS Score: 6.7

This is a vulnerability in the Linux kernel’s implementation of the RPA PCI Hotplug driver for power-pc. The driver has a user-tolerable buffer overflow which allows a privileged user to write to the sysfs settings for this driver.

It can result in a buffer overflow when writing a new device name to the driver from userspace, and data in the kernel’s stack can be overwritten.

Syxscore Risk Alert

This vulnerability has a moderate risk as this needs access to the same network as the device and requires high privileges. However, it can be exposed with the low complexity attack, and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-28972

  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-29154

4. GitHub containers/storage (< 1.28.1) vulnerability

Severity: Medium       CVSS Score: 6.5

This is a deadlock flaw in `github.com/containers/storage`. During container image processing, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive, it can result in a situation when the code indefinitely waits for the “tar” unpacked stream, which never finishes.

This allows an attacker to craft a malicious image which after its download and storage using containers/storage would cause a deadlock that may lead to a Denial of Service (DoS).

Syxscore Risk Alert

This vulnerability has a moderate risk as though it requires user interaction, it can be exposed over any network by an attack of low complexity, with no privileges.

  • Attack Vector:             Network
  • Attack Complexity:     Low
  • Privileges Required:    None
  • User Interaction:         Required
  • Scope (Jump Point):    Unchanged

CVE Reference(s): CVE-2021-20291

5. Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition vulnerability

Severity: Medium       CVSS Score: 5.3

This is a vulnerability in the Java SE, Java SE Embedded, and Oracle GraalVM Enterprise Edition product of Oracle Java SE.

Exploiting this flaw an unauthenticated attacker with network access via multiple protocols can compromise the above-mentioned components. Attacks require a network user interaction to be successful. But if attackers do succeed, they can create, delete, or modify access to critical data contained in the vulnerable software.

Syxscore Risk Alert

This vulnerability has a moderate risk as though it requires user interaction, it can be exposed over any network by a complex attack, with no privileges.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-2163

  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3449

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Google Fixes Exploited Chrome Zero-Day Flaw

By Patch Management

Google Fixes Exploited Chrome Zero-Day Flaw

A new Chrome zero-day vulnerability is being exploited due to a type confusion error within the V8 browser engine.

Google Warns of Newly Exploited Zero-Day Flaw

Google has released Chrome_v90.0.4430.85 today to the Stable Channel and is impacting Windows, Linux and Mac OS, fixing a total of 7 vulnerabilities. This year, Google has released at least one zero-day version of Chrome each month.

The vulnerability exists due to a type confusion error within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to Resolve the Chrome Zero-Day

Upgrade to the latest version of Chrome or later using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges.  The CVE carries a CVSS score of 8.8 (High Severity)  the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

Reducing the Vulnerability Threshold in Financial Services

By Blog

Reducing the Vulnerability Threshold in Financial Services

Over the past year, attacks have soared in the financial industry. What's the best IT management strategy to defend your business?

Attacks on the Rise

Since COVID-19 appeared, the number of ransomware and phishing attacks has soared. The FBI reports that such attacks spiked by 300% since the pandemic began.

Tens of thousands of new malware threats are being unleashed every day. This is currently costing more than $3 trillion a year and that amount is expected to double in 2021, according to the Cybercrime Report published by Cybersecurity Ventures. The biggest haul comes from the financial services sector.

Here are the primary vulnerabilities and attack vectors that are impacting financial services.

1. Ransomware

The Securities and Exchange Commission issued a warning in the summer of 2020 about a rise in ransomware attacks on financial firms. Once the bad guys gain entry to the network, they unleash ransomware that shut down access to financial records and other systems. As well as large banks, such attacks have enjoyed success with broker-dealers, investment companies, and ATM manufacturers.

If a recent, uncompromised backup (one that has been verified as not containing ransomware) is available, it is possible to avoid paying the ransom by painstakingly recovering all systems and data. But with huge amounts of revenue at stake every hour, some may find it expedient to pay the ransom. The risk, of course, is that the criminals may retain some means of backdoor into the system or want more money once the initial payment is made. That’s why the FBI advises non-payment.

2. Phishing

Phishing plays into the gullibility of users. One common tactic is to latch onto topical items and current news. Phishing emails related to COVID-19 and stimulus checks have enjoyed some success over the past year.

In financial services, cybercriminals hijack corporate logos and use email addresses almost identical to those used by major firms. By changing one letter or number in an address, users can be fooled into clicking on a malicious link or attachment. All it takes is one foolish or inattentive person and the system is compromised.

According to Statistica, financial services accounts for about 20% of all phishing traffic. The lure of money and investments makes it an ideal target for scammers. The solution is for IT to be vigilant for new phishing scams, provide users with alerts, constantly educate users on social engineering tactics and scams, and provide good vulnerability scanning to detect unusual traffic, strange behavior at certain ports, and other signs of a breach.

3. Unpatched Vulnerabilities

As shocking as it may seem, most breaches take advantage of known vulnerabilities. In many cases, the patch has been available for months but never implemented. Unpatched systems are an open invitation to cybercriminals to come on inside and wreak havoc.

Recently unearthed vulnerabilities such as those impacting SolarWinds and Microsoft Exchange generate all the headlines. Yet despite the publicity, many companies fail to patch these known security holes in a timely manner. Sometimes months can go by – or even years.

Case in point. A memory corruption vulnerability in Microsoft Office had an approved patch issued in 2017 yet it is still exploited by cybercriminals. The Department of Homeland Security listed it as one of the three most commonly used vectors by nation-state hackers.

How to Step Up Your Patching Strategy

Clearly, IT departments need to up their game on patch management. Long delays in testing patches must be eliminated. There is no longer any time to manually implement patches, and, in general, regard patching as a chore rather than an integral component of the security perimeter. The solution is intelligent automation built into patch management to eliminate the drudgery.

Syxsense Secure is a patch management platform that includes IT management and vulnerability scanning in one console. It not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities like defects, errors, or misconfigurations of components, while increasing cyber resilience with automated patching and security scans.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: April 19, 2021

By News

Linux Vulnerabilities of the Week: April 19, 2021

Are you caught up on April's latest Linux vulnerabilities? See this week's top issues and keep your IT environment protected.

1. Nettle (<3.7.2. version) signature verification vulnerability affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 8.1

Exploiting this vulnerability, an attacker can force an invalid signature and cause an assertion failure or possible validation.

The highest threat from this vulnerability is to confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as though it requires an attack of high complexity, this can be exposed over any network, with no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-20305

2. An out-of-bounds access flaw in the Linux kernel’s implementation of the eBPF code verifier

Severity: Important    CVSS Score: 7.8

When the source register was known to be 0, the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation.

This vulnerability allows a privileged local user with CAP_SYS_ADMIN or non-standard configuration for running BPF script to crash the system. The highest threat from this vulnerability is to confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, requires low privileges, and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3444

3. Local privilege escalation due to incorrect BPF JIT branch displacement computation

Severity: Important    CVSS Score: 7.8

BPF JIT compilers in the Linux kernel through 5.11.12 have the wrong computation of branch displacements. It allows them to execute arbitrary code within the kernel context.

Exploiting this flaw, a local user with the ability to insert eBPF instructions can abuse a flaw in eBPF and corrupt memory. The highest threat from this vulnerability is to confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, the attack is of low complexity, needs low privileges, and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-29154

4. OpenSSL(>1.1.1h) vulnerability

Severity: Important    CVSS Score: 7.4

Starting from OpenSSL version 1.1.1, the flag that enables additional security checks of certificates present in a certificate chain was added as an additional strict check. An error in its implementation meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten.

To be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose.

Syxscore Risk Alert

This vulnerability has a major risk as it can be exposed over any network by a complex attack, with no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3450

5. NULL pointer vulnerability in OpenSSL 1.1.1

Severity: Medium       CVSS Score: 5.9

If a client sends a maliciously crafted renegotiation ClientHello message, omitting the signature_algorithms extension (where it was present in the initial ClientHello) but includes a signature_algorithms_cert extension, then a NULL pointer dereference can lead to a crash and a denial-of-service attack. Only servers with TLSv1.2 and renegotiation enabled (which is the default configuration) are vulnerable. Besides, this issue doesn’t have an impact on the OpenSSL TLS clients.

Syxscore Risk Alert

This vulnerability has a moderate risk as it can be exposed over any network by a complex attack, with no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3449

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Watch the Webcast: April Patch Tuesday 2021

By Patch Tuesday, Video

Watch the Webcast: April Patch Tuesday 2021

Watch this week's webcast to hear IT industry experts discuss strategies for tackling Microsoft's Patch Tuesday updates.

Watch the April Patch Tuesday 2021 Webcast

Watch our webcast to hear industry experts discuss each of this month’s bulletins and show you strategies for tackling the most important updates.

Our team of IT management experts has deployed over 100 million patches. Sign up for our free webinar to receive the top patch strategies of the month.

View the Webcast

What You Need to Know: April Patch Tuesday 2021

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

April Patch Tuesday 2021 Addresses Over 100 Security Fixes

By Patch Management, Patch Tuesday

April Patch Tuesday 2021 Addresses Over 100 Security Fixes

April Patch Tuesday 2021 has arrived. Tackle the latest Microsoft updates, critical patches, and vulnerabilities of the month.

Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats

There are 19 Critical, 88 Important and 1 Moderate — fixes this month are for Microsoft Windows, Edge, Azure and Azure DevOps Server, Microsoft Office, SharePoint Server, Hyper-V, Team Foundation Server, Visual Studio, and Exchange Server.

Year 2 Extended Support: Windows 7 and Windows Server 2008 (including R2) have received substantial updates this month surpassing all records since Windows 7 and 2008 ending their mainstream support.

  1. Windows 7 – 14 Critical and 36 Important vulnerabilities fixed
  2. Windows 2008 R2 – 14 Critical and 33 Important vulnerabilities fixed

Robert Brown, Head of Customer Success for Syxsense said, “We have the largest Patch Tuesday release of the year and there are many very serious issues being addressed. We understand a lot of our customers will be concerned because of the reported Blue Screen / Stop Screens caused by the March Patch Tuesday, but we implore our customers to plan the remediation of these latest threats. Your patching strategy should include testing to provide the confidence of side wide remediation.”

Top April Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2021-28310 Win32k Elevation of Privilege Vulnerability

The vulnerability exists due to a boundary error within win32k.sys driver in Microsoft Windows. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: Yes
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2021-28480 Microsoft Exchange Server Remote Code Execution

The vulnerability exists due to improper input validation in the Microsoft Exchange Server. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

3. CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability

The vulnerability exists due to application does not properly impose security restrictions in the RPC Endpoint Mapper Service, which leads to security restrictions bypass and privilege escalation.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

CVE Title Vendor Severity CVSS Score Publicly Aware Weaponised Countermeasure Syxsense Recommended
CVE-2021-28310 Win32k Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-28458 Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability Important 7.8 Yes No No Yes
CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability Important 7.8 Yes No No Yes
CVE-2021-28437 Windows Installer Information Disclosure Vulnerability Important 5.5 Yes No No Yes
CVE-2021-28312 Windows NTFS Denial of Service Vulnerability Moderate 3.3 Yes No No Yes
CVE-2021-28480 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-28481 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-28483 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9 No No No Yes
CVE-2021-28482 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28329 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28330 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28331 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28332 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28333 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28334 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28335 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28336 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28337 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28338 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28339 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28343 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28327 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28340 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28341 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28342 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28344 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28345 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28346 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28352 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28353 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28354 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28355 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28356 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28357 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28358 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28434 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28460 Azure Sphere Unsigned Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2021-28445 Windows Network File System Remote Code Execution Vulnerability Important 8.1 No No No Yes
CVE-2021-27095 Windows Media Video Decoder Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-28315 Windows Media Video Decoder Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-28313 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28321 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28322 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28451 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28454 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27089 Microsoft Internet Messaging API Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28449 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28453 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27096 NTFS Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28466 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28468 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28471 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28470 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28448 Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28472 Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28457 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28469 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28473 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28475 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27064 Visual Studio Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28464 VP9 Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27088 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28348 Windows GDI+ Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28349 Windows GDI+ Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28350 Windows GDI+ Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28314 Windows Hyper-V Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26415 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28320 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-27090 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-27086 Windows Services and Controller App Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28347 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28351 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28436 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26416 Windows Hyper-V Denial of Service Vulnerability Important 7.7 No No No
CVE-2021-28324 Windows SMB Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-28319 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-28439 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-28452 Microsoft Outlook Memory Corruption Vulnerability Important 7.1 No No No
CVE-2021-28446 Windows Port mapping Information Disclosure Vulnerability Important 7.1 No No No
CVE-2021-28477 Visual Studio Code Remote Code Execution Vulnerability Important 7 No No No
CVE-2021-27072 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-28440 Windows Installer Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-27067 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-28311 Windows Application Compatibility Cache Denial of Service Vulnerability Important 6.5 No No No
CVE-2021-28323 Windows DNS Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-28328 Windows DNS Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-28441 Windows Hyper-V Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-28325 Windows SMB Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-28442 Windows TCP/IP Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-26413 Windows Installer Spoofing Vulnerability Important 6.2 No No No
CVE-2021-28459 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability Important 6.1 No No No
CVE-2021-28444 Windows Hyper-V Security Feature Bypass Vulnerability Important 5.7 No No No
CVE-2021-27079 Windows Media Photo Codec Information Disclosure Vulnerability Important 5.7 No No No
CVE-2021-28456 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-28317 Microsoft Windows Codecs Library Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-28326 Windows AppX Deployment Server Denial of Service Vulnerability Important 5.5 No No No
CVE-2021-28438 Windows Console Driver Denial of Service Vulnerability Important 5.5 No No No
CVE-2021-28443 Windows Console Driver Denial of Service Vulnerability Important 5.5 No No No
||

Beware of Unpatched Fortinet VPN Devices

By Blog, News, Patch Management

Beware of Unpatched Fortinet VPN Devices

The UK’s National Cyber Security Centre (NCSC) has issued an advisory about the dangers of unpatched Fortinet VPNs.

Do You Have an Unpatched Fortinet VPN?

The UK’s National Cyber Security Centre (NCSC) has issued an advisory about the dangers of unpatched Fortinet VPNs. The agency found that many British organizations have neglected to patch the Fortinet VPN vulnerability CVE-2018-13379 released almost two years ago. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued similar alerts about the danger to U.S. networks.

Advanced Persistent Threat groups (APTs) and cyber criminals are very aware of this gaping security hole. And they are actively exploiting it. To make matters worse, a second incident related to Fortinet security occurred late in 2020. Credentials were stolen for tens of thousands of Fortinet VPNs as well as a great many related session IPs.

This is regarded as such a severe risk that the NCSC advises anyone using this VPN without the patch “to assume they are now compromised and to begin incident management procedures.”

The advisory listed a series of mitigation measures. To summarize, IT is advised to remove these VPN devices from service, return them to their factory default settings, reconfigure them, install all patches and only then return them to service. An upgrade to the latest FortiOS version is also recommended. Further action indicated is to scan all hosts and networks that are in any way connected to the VPN to look carefully for any signs of malicious activity.

Ransomware Implications

The bad guys are using the exploit for a variety of nefarious purposes. Chief among them is ransomware. One facility in Europe, for example, had its industrial control servers compromised with a new ransomware variant known as Cring.

The unpatched VPNs allow attackers to remotely burrow into the system, gain access to usernames and passwords, and manually login to the network. A domino effect then plays out. Once inside, hackers use malware to obtain more authentication credentials to gain control of larger segments of the network and encrypt even more files. Users are locked out and ransom notices appear.

The harsh reality is that all of this could have been avoided. Such events are preventable if patching best practices are rigorously followed. It would seem to be an obvious aspect of security that critical updates and patches are implemented rapidly – yet cases like the Fortinet VPN exploit are not uncommon.

So why would so many organizations fail to patch a VPN with an update that has been available since May of 2019? The answer lies in poor patch management tool selection and lack of automation.

How Syxsense Secure Can Help

Syxsense Secure provides automated patch management, vulnerability scanning, and IT management. It detects outdated patches and threats in real time and can be used to implement updates before bad actors can take advantage of exploits.

Syxsense Secure includes advanced features such as patch supersedence, patch roll back, and a wealth of automation and configuration features.In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution. For more information, visit www.Syxsense.com

Syxscore Risk Alert

CVE-2020-12812

  • CVSS Score: 9.8 Critical
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): No

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo