Skip to main content
Monthly Archives

May 2021

||

Have Unpatched Systems Become the Biggest Security Liability?

By Patch ManagementNo Comments

Have Unpatched Systems Become the Biggest Security Liability?

Breaches caused by unpatched systems are becoming more common. This is often due to patch overwhelm and attackers are taking full advantage.

Have Unpatched Systems Become the Biggest Security Liability?

Breaches due to unpatched systems are big news these days. Six weeks after Microsoft issued a patch for Exchange server, almost 10% of enterprises had yet to install the patch – and hackers are taking advantage.

Even older patches are also being heavily exploited in high volume. A 2019 patch from Fortinet for Fortigate VPN servers continues to be a hot ticket for ransomware attacks. It seems there is no end to the number of ignored security patches wreaking havoc in enterprise IT.

Patch Overwhelm

How could it be that such obvious gaping holes are left unattended? Apart from negligence, one reason could be patch overwhelm. In the past week or so, three of the largest players in IT issued a slew of new patches.

Microsoft found a total of five zero-day vulnerabilities in one week. The patches that followed fixed 110 vulnerabilities, with as many as 19 classified as critical. Another 88 of the vulnerabilities were classified as important. These impacted a number of platforms including the Edge browser, Azure, Azure DevOps Server, Microsoft Office, SharePoint Server, Hyper-V, Team Foundation Server, Visual Studio, and Exchange Server. Perhaps the most critical flaw disclosed is one dealing with Win32k elevation of privilege that enables hacker to avoid sandboxes and gain system privileges. Meanwhile, the National Security Agency issued an alert about four more critical Exchange Server vulnerabilities.

Not to be outdone, Adobe provided patches for 10 security bugs, seven of which were considered critical. Google, too, just released the latest version of its Chrome browser. It contained seven security fixes, including one for a zero-day vulnerability.

Addressing Patch Overwhelm with Automation

Faced with this barrage of patches and updates (there are many more from a great many other sources), it is easy to see how IT could get behind. Patch backlogs can easily build up. IT may even be tempted to devalue their urgency if they see announcements about critical patches, yet no apparent damage appears to result. It sometimes takes the occurrence of a serious security breach before understanding prevails about the importance of patching.

By then, however, it’s too late. What is needed is a renewed emphasis on patch diligence and patch velocity. In many cases, that requires a complete overhaul of security and patching processes.

The time-worn habit of testing every patch and then installing each one manually is no longer workable. It is a rare organization that can note the presence of a new critical patch, review it, test it, and deploy it in a timely manner. Most organizations take several days to do this. Some take weeks. And as the Fortinet VPN and Microsoft Exchange Server exploits show, some never get around to it.

IT Automation with Syxsense

The best way to deal with this new era of patching volume is to automate the process. Trouble is inevitable unless the organization can provide an abundance of trained resource who meticulously review every patch announcement from every vendor, test them, and issue them immediately to all endpoints. The best approach is to outsource the function to a trusted vendor – one that has the manpower to corral all patches the moment they are issued, verify their authenticity, test them, and issue them.

Syxsense reviews, verifies, tests, and issues all patches within three hours of issuance. Its software can automatically deploy those patches to all users and devices. It also contains a patch rollback function in one of the rare instances when a problem arises due to a new patch. This represents the most efficient way to deal with the onslaught of new patches. It also frees up IT and security personnel to take care of other urgent areas of security for the enterprise.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: May 24, 2021

By NewsNo Comments

Linux Vulnerabilities of the Week: May 24, 2021

As we approach the end of May, see this week's top Linux issues and keep your IT environment protected from the latest vulnerabilities.

1. A heap-based buffer overflow in libxml2 (<9.11)

Severity: Important    CVSS Score: 8.6

There is a vulnerability in the XML entity encoding functionality of libxml2. which allows an attacker who supplied a crafted file to be processed by an application linked with the affected functionality of libxml2 to trigger an out-of-bounds read. Besides, if an attacker can use memory information to further exploit the application, this flaw may threaten not only application availability but also information confidentiality.

 Syxscore Risk Alert

This vulnerability has a high risk as it can be exposed over any network, with a low complexity attack, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3517

2. Possible privilege escalation flaw in Xorg-x11-server (<1.20.11) affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.8

This is a flaw in Xorg-x11-server because of which an integer underflow can result in a local privilege escalation.

The highest threat from this vulnerability is to data confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a high risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, low privileges and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3472

3. NET Core single-file application privilege escalation in DotNet

Severity: Important    CVSS Score: 7.8

This is a flaw in DotNet, which allows an attacker to gain elevated privileges through NET Core single-file application running with elevated permissions. The highest threat to this vulnerability is to confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a high risk as though this needs access to the same network as the device, it can be exposed with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-31204

4. Resource exhaustion because of receiving an invalid large TLS frame in Eclipse Jetty

Severity: Important    CVSS Score: 7.5

This is a vulnerability in Eclipse Jetty. When using SSL/TLS with Jetty, the server may receive an invalid large TLS frame that will be incorrectly handled, causing the situation that CPU usage reaches 100%.

The highest threat from this vulnerability is to service availability.

Syxscore Risk Alert

This vulnerability has a high risk as it can be exposed over any network, with a low complexity attack, no privileges, and without user interaction.

 

  • Attack Vector:             Network
  • Attack Complexity:     Low
  • Privileges Required:    None
  • User Interaction:         None
  • Scope (Jump Point):    Unchanged

 

CVE Reference(s): CVE-2021-28165

5. An Assertion Check Failure In Bind

Severity: Important    CVSS Score: 7.5

This is a flaw in Bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail.

The highest threat from this flaw is to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as it can be exposed over any network, with a low complexity attack, no privileges, and without user interaction.

  • Attack Vector:             Network
  • Attack Complexity:     Low
  • Privileges Required:    None
  • User Interaction:         None
  • Scope (Jump Point):    Unchanged

CVE Reference(s): CVE-2021-25215

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

What We Can Learn From the Colonial Pipeline Ransomware Attack

By BlogNo Comments

What We Can Learn From the Colonial Pipeline Ransomware Attack

The DarkSide hacking group infiltrated the systems of the Colonial Pipeline, locked IT out, and demanded ransom. What can we learn from this?

What We Can Learn from the Colonial Pipeline Ransomware Attack

The DarkSide hacking group successfully infiltrated the systems of the Colonial Pipeline, locked IT out, and demanded ransom. This shut down a major oil and gas pipeline that served the entire eastern U.S. corridor from Maine to Florida and even as far as Texas. Gas prices soared, long lines gathered as supplies ran out. The federal government came under criticism for its hands-off approach.

The word on the street is that the company paid around $5 million to restore access. This goes directly against FBI and Department of Homeland Security advice: These agencies constantly preach that paying off bad actors only encourages them to do it again (it’s a similar policy to “We don’t negotiate with terrorists”).

But they are still coming to terms with how hackers could bring to a standstill the systems that supply over 100 million gallons of fuel per day (almost half the East Coast’s needs). Investigators are figuring out whether the attack vector was an unpatched vulnerability, a phishing email, compromised access credentials, or some other method.

This attack may not be an isolated occurrence. The Cybersecurity and Infrastructure Security Agency (CISA) and FBI to issue an alert that DarkSide has, “recently been targeting organizations across various sectors including manufacturing, legal, insurance, healthcare, and energy.”

Criminality-as-a-Service

Who would have thought that an innocuous-sounding concept such as software-as-a-Service (SaaS) would eventually morph into Ransomware-as-a-Service (RaaS). Yet DarkSide is effectively a RaaS community offering its malware to criminals on a subscription basis (believed to be Russian-based or Russian-linked).

Once the RaaS software gets inside, it hijacks data, encrypts, and deletes volume shadow copies to thwart backup attempts. If you don’t pay up, confidential data is sometimes published on the web. The company’s business model even involves negotiating with competitors of the hacked firm as well as investors looking to make a quick buck by getting inside information about the publication of potentially damaging information. The company gives to charity as a ploy to improve its image – straight out of the playbook of Pablo Escobar who became a folk hero in his nation due to his cocaine-funded largess.

Weaknesses Everywhere

This breach serves notice of the unforeseen consequences of the ongoing effort to fully digitize systems and bring together the worlds of IT and operational technology (OT). The world of OT has been largely immune to cyberhacking as its systems were never networked. Now that they are, those industries that are digitally transforming are realizing they are wide open to attack.

When it comes to security, OT is the wild west. The country’s infrastructure is a labyrinth of remote sites, logins, and points of entry. But that is about to change. The federal government is beginning to enforce multi-factor authentication, and data encryption at rest and in transit, as well as the implementation of zero trust security, better endpoint protection and faster incident response.

CISA recently urged industry to immediately update antivirus signatures, deploy the latest OS and application patches, disable file and printer sharing services, institute least privilege access, and deploy multi-factor authentication on networks. Further recommendations are to use spam filters and network traffic filters, and establish employee training programs, and conduct security audits and risk assessments.

Patch, Patch, and Patch Again

Unpatched systems are a primary attack vector into organizations. Failure to patch systems can be taken as an invitation to hackers to come on in. In light of the Colonial Pipeline incident, stronger security legislation could be on the horizon. Executives failing to ensure timely patching of corporate networks could possibly be up for criminal charges.

The morale is clear: Centrally patch all systems and automate the process. Syxsense Secure provides automated patch management, vulnerability scanning, and IT management. It detects outdated patches and threats in real time and can be used to implement updates before bad actors can take advantage of exploits.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: May 17, 2021

By NewsNo Comments

Linux Vulnerabilities of the Week: May 17, 2021

Are you caught up on May's latest Linux vulnerabilities? See this week's top issues and keep your IT environment protected.

1. A Linux kernel (<11.9) use-after-free flaw in drivers/vhost/vdpa.c

Severity: Important    CVSS Score: 7.8

This is a vulnerability in the Linux kernel. An invalid value upon reopening a character device can cause use-after-free memory corruption. The highest threat from this vulnerability is to data confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a high risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, which needs low privileges, and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-29266

2. Single-file application privilege escalation in DotNet affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.3

Using this flaw in DotNet, an attacker can gain elevated privileges through a .NET Core single-file application running with elevated permissions.

The highest threat to this vulnerability is to confidentiality, and system availability.

Syxscore Risk Alert

This vulnerability has a high risk as although this needs access to the same network as the device and requires user interaction, it can be exposed with a low complexity attack with low privileges.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-31204

3. Oracle Java SE Libraries flaw

Severity: Medium       CVSS Score: 5.9

This flaw allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition, which will lead to unauthorized creation, deletion, or modification of access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.

Syxscore Risk Alert

This vulnerability has a moderate risk as, though it requires a high complexity attack to be exposed and user interaction,  it still can be exposed over any network, with no privileges

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-2161

4. MySQL Server vulnerability

Severity: Medium       CVSS Score: 4.9

Using this easily exploitable vulnerability, an attacker with high privileges and network access via multiple protocols can compromise MySQL Server and cause a hang or frequently repeatable crash (complete DOS) of it.

The highest threat to this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a moderate risk as although an attack requires high privileges, the flaw can be exposed over any network by a low complexity attack without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-2146

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Facebook Hack Makes Vulnerability Scanning More Important Than Ever

By BlogNo Comments

Facebook Hack Makes Vulnerability Scanning More Important Than Ever

Facebook's recent data breach shows the importance of having an automated and thorough security vulnerability scanning strategy.

Facebook Data Breach Impacts Billions of Users

A recent data breach compromised the data and personal information of more than half a billion Facebook users. If your name or your company Facebook page was included, then information such as phone numbers, Facebook IDs, names, dates of birth, and more have potentially been exposed.

Those luckless half-billion individuals had this personal data posted on the dark web. Many of them could experience hacking of their Facebook accounts. In some cases, it could open an attack vector into organizations due to Facebook links into other applications and website, as well as sloppy habits such as using the same password and user ID on multiple sites.

From a personal standpoint, changing Facebook password is a wise move. But on a broader scale, it emphasizes the need for comprehensive vulnerability scanning in the enterprise. This hack may well open side doors into systems that IT may not be aware of.

Any company with American or British employees should pay particular attention. More than 30 million U.S. accounts were exposed as well as more than 10 million in the UK, and hundreds of millions more all over the world. Anyone using offshore software development resources, therefore, should also be vigilant. If any of those users have compromised Facebook accounts, they could present a channel for hackers to utilize to burrow into enterprise systems, or worse, enter hidden code into applications under development.

Be Warned and Scan

Be warned that these lists of Facebook data are actively been sold on the dark web. Further, the exposed data is invaluable to criminals as they engineer strategies for ransomware and CEO fraud attacks. If a top exec or someone in the finance department has a hacked Facebook account, hackers have a goldmine of data from which to compose sophisticated phishing emails and other scams.

Case in point: If cybercriminals find out from Facebook that someone is overseas, email or Messenger traffic can be used to solicit emergency funds. Alternatively, if an exec is overseas on a business deal or has travelled to another country to secure a merger, data from Facebook could be used to convince the finance department to wire major sums into fake bank accounts. Such things can and do happen.

Why You Should Scan for Vulnerabilities

In uncertain security times such as these, vulnerability scanning becomes all the more important. Regular scanning inspects the points of potential exploit to detect security holes, classify system weaknesses, and offer suggested countermeasures.

Such scans are generally done against a database of information about known security holes in services and ports, as well as anomalies in packet construction, missing patches, and paths that may exist to exploitable programs or scripts. Strange traffic patterns, unusual spikes in activity at atypical times would also be detected.

Vulnerability scanning can either be performed by the IT department or via a managed service. However it is done, it must be automated and thorough.

How Syxsense Can Help

Syxsense Secure is a comprehensive vulnerability scanner that includes IT management and patch management in one console. Syxsense Active Secure is the managed service version. These tools only show you what’s wrong, but also deploy the solution.

Gain visibility into OS and third-party vulnerabilities like defects, errors, or misconfigurations of components, while increasing cyber resilience with automated patching and security scans.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Watch Out for Microsoft End-of-Life Announcements

By NewsNo Comments

Watch Out for Microsoft End-of-Life Announcements

Aging operating systems (OSes), browsers, and applications can bring plenty of trouble for the enterprise.

The Risks of Legacy OS

Aging operating systems (OSes), browsers, and applications can bring plenty of trouble for the enterprise. And with Microsoft providing so much software to the world, its end-of-life announcements can have far-reaching consequences. Hackers know about now-unsupported systems and salivate when they find them lurking in the dark recesses of the network.

It may be hard to believe, but there are still plenty of Windows XP systems out there. Windows 7, 8 and Vista systems, too, are not uncommon. The obsolete Internet Explorer (IE) browser also remains in widespread use, despite its support being phased out and it being replaced by Microsoft Edge.

Hackers are fully aware of this. The Angler exploit kit that delivers malware and ransomware favors IE and Flash as its main avenues of incursion. Its malicious scripts are smart enough to avoid virus scanners, target specific IP ranges, and go after certain configurations. It has compromised close to 100,000 websites to date.

Despite these statistics, some studies show that almost half of users run outdated versions of browsers, Flash and Java. IE remains on millions of systems worldwide despite it being a notorious security weak spot for many years. Failing to detect the presence of these systems and remove them exposes the organization to a Pandora’s Box of security threats.

Windows 10 Issues

But it isn’t only IE and older flavors of Windows. There is no room for complacency even if the enterprise has all PCs, laptops, and tablets running on Windows 10. Microsoft just released a major update to that OS. It includes several key security features such as removing Flash from the OS as part of the installation, improvements to Windows Defender Application Guard, and a Windows Management Instrumentation (WMI) Group Policy Service (GPSVC) update to support remote work.

To make matters worse, Microsoft is no longer providing security updates for older versions of Windows 10. Version 1909 has reached end of life for systems. This impacts editions such as Windows 10 Home, Pro, Pro for Workstations, and Pro for Education, and Windows Server 1909. Yet these versions are less than two years old – some users may have only been on them a few months. Earlier version 1809 and 1803 have been abandoned. All editions of this version have reached end of service and will no longer receive any patches.

The official announcement said:

“Windows Update will automatically initiate a feature update for Windows 10 consumer devices and non-managed business devices that are at, or within several months of reaching end of servicing. For these devices, you can choose a convenient time for your device to reboot and complete the update. This keeps your device supported and receiving the monthly updates that are critical to security and ecosystem health.”

Central IT Management and Automation

There is a lot going on in the security, vulnerability, and patch/update front. So much so that it has become difficult for IT administrators to stay on top of things.

In those cases where enterprise users have to manually install, or at least authorize updates, you can count on a large percentage failing to carry through vital updates to successful implementation. Many just don’t realize the potential danger of delaying these updates.

That’s why it’s vital to centrally manage, and fully automate system and device patching. Syxsense Secure reviews, verifies, tests, and issues all patches within three hours of issuance. Its software can automatically deploy those patches to all users and devices.

Syxsense also contains a patch rollback function in one of the rare instances when a problem arises due to a new patch. This represents the most efficient way to deal with the onslaught of new patches. It also frees up IT and security personnel to take care of other urgent areas of security for the enterprise.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Google Chrome Vulnerability Being Weaponized

By Patch ManagementNo Comments

Google Chrome Vulnerability Being Weaponized

A new Chrome use-after-free memory corruption flaw that affects Adobe Reader for Windows has been reported to be weaponized.

Chrome Zero-Day Is Currently Weaponized

Google has released Chrome_v9 90.0.4430.212 today to the Stable Channel and is impacting Windows, Linux and Mac OS, fixing a total of 43 vulnerabilities. So far this year, Google released at least one zero-day version of Chrome each month.

One of the bugs, tracked as CVE-2021-28550, is a use-after-free memory corruption flaw that affects Adobe Reader for Windows that has been reported to be weaponized.

Solution

Upgrade to the latest version of Chrome or later using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges.  The CVE carries a CVSS score of 7.8 (High Severity)  the vulnerability is being weaponized.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Watch the Webcast: May Patch Tuesday 2021

By Patch Tuesday, VideoNo Comments

Watch the Webcast: May Patch Tuesday 2021

Watch this week's webcast to hear IT industry experts discuss strategies for tackling Microsoft's Patch Tuesday updates.

Watch the May Patch Tuesday 2021 Webcast

Watch our webcast to hear industry experts discuss each of this month’s bulletins and show you strategies for tackling the most important updates.

Our team of IT management experts has deployed over 100 million patches. Sign up for our free webinar to receive the top patch strategies of the month.

View the Webcast

What You Need to Know: May Patch Tuesday 2021

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

May Patch Tuesday 2021 Fixes 55 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

May Patch Tuesday 2021 Fixes 55 Vulnerabilities

May Patch Tuesday 2021 has arrived. Tackle the latest Microsoft updates, critical patches, and vulnerabilities of the month.

Patch Tuesday Addresses 55 New Flaws, Including Public Aware Threats

There are 2 Critical, 50 Important and 1 Moderate fixes this month for Microsoft Windows, .NET Core and Visual Studio, Internet Explorer (IE), Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month, a shadow of what was released last month.

  1. Windows 7 – 1 Critical and 10 Important vulnerabilities fixed
  2. Windows 2008 R2 – 1 Critical and 9 Important vulnerabilities fixed

Robert Brown, Head of Customer Success for Syxsense said, “May sees almost half the updates fixed over April. This is great news as deployment payload could be as low as 1GB per device (or less). Adobe released just 10 fixes less than Microsoft this month, so this is the month to ensure you are prioritizing both Microsoft and Adobe to protect your devices. This month also sees the last supported patches for Feature Update 1809.”

Top May 2021 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability

The vulnerability exists due to improper input validation in HTTP Protocol Stack. A remote attacker can execute arbitrary code on the target system. Microsoft recommends prioritizing this patch because it could become wormable.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2021-28476: Hyper-V Remote Code Execution Vulnerability

The vulnerability exists due to improper input validation in the Hyper-V on most Microsoft operating systems. A remote authenticated attacker can execute arbitrary code on the target system. This is particularly dangerous as an exploit may compromise the entire system, and with a Scope (Jump Point) of yes, it is possible to jump from Hyper-V to another technology on the system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.9
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

3. CVE-2021-31204: .NET Core and Visual Studio Elevation of Privilege Vulnerability

With many staff around the world still working from home, it is likely they have a Visual Studio system on their home system. The vulnerability exists due to application does not properly impose security restrictions in .NET and Visual Studio, which leads to security restrictions bypass and privilege escalation.

Although this vulnerability requires local access and user interaction, a user can become a victim if they access a specially designed website which tricks the end user into clicking the link.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.3
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: Required
  • Scope (Jump Point): No

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

Reference Description Vendor Severity CVSS Score Publicly Aware Weaponised Countermeasure Syxsense Recommended
CVE-2021-31204 .NET Core and Visual Studio Elevation of Privilege Vulnerability Important 7.3 Yes No No Yes
CVE-2021-31200 Common Utilities Remote Code Execution Vulnerability Important 7.2 Yes No No Yes
CVE-2021-31207 Microsoft Exchange Server Security Feature Bypass Vulnerability Moderate 6.6 Yes No No Yes
CVE-2021-28476 Hyper-V Remote Code Execution Vulnerability Critical 9.9 No No No Yes
CVE-2021-31166 HTTP Protocol Stack Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-31194 OLE Automation Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-26419 Scripting Engine Memory Corruption Vulnerability Critical 6.4 No No No Yes
CVE-2021-28455 Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-31181 Microsoft SharePoint Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28474 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-27068 Visual Studio Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-31198 Microsoft Exchange Server Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31180 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31175 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31176 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31177 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31179 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31214 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31211 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31213 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28465 Web Media Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31190 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31165 Windows Container Manager Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31167 Windows Container Manager Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31168 Windows Container Manager Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31169 Windows Container Manager Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31208 Windows Container Manager Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31170 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31188 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31192 Windows Media Foundation Core Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31193 Windows SSDP Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31187 Windows WalletService Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28478 Microsoft SharePoint Spoofing Vulnerability Important 7.6 No No No
CVE-2021-31936 Microsoft Accessibility Insights for Web Information Disclosure Vulnerability Important 7.4 No No No
CVE-2021-31186 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 7.4 No No No
CVE-2021-26422 Skype for Business and Lync Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2021-31182 Microsoft Bluetooth Driver Spoofing Vulnerability Important 7.1 No No No
CVE-2021-31172 Microsoft SharePoint Spoofing Vulnerability Important 7.1 No No No
CVE-2021-31195 Microsoft Exchange Server Remote Code Execution Vulnerability Important 6.5 No No No
CVE-2021-31209 Microsoft Exchange Server Spoofing Vulnerability Important 6.5 No No No
CVE-2021-26421 Skype for Business and Lync Spoofing Vulnerability Important 6.5 No No No
CVE-2020-24587 Windows Wireless Networking Information Disclosure Vulnerability Important 6.5 No No No
CVE-2020-24588 Windows Wireless Networking Spoofing Vulnerability Important 6.5 No No No
CVE-2020-26144 Windows Wireless Networking Spoofing Vulnerability Important 6.5 No No No
CVE-2021-28461 Dynamics Finance and Operations Cross-site Scripting Vulnerability Important 6.1 No No No
CVE-2021-31174 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-31178 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-31184 Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-28479 Windows CSC Service Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-31185 Windows Desktop Bridge Denial of Service Vulnerability Important 5.5 No No No
CVE-2021-31191 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-31173 Microsoft SharePoint Server Information Disclosure Vulnerability Important 5.3 No No No
CVE-2021-26418 Microsoft SharePoint Spoofing Vulnerability Important 4.6 No No No
CVE-2021-31205 Windows SMB Client Security Feature Bypass Vulnerability Important 4.3 No No No
CVE-2021-31171 Microsoft SharePoint Information Disclosure Vulnerability Important 4.1 No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: May 10, 2021

By NewsNo Comments

Linux Vulnerabilities of the Week: May 10, 2021

Are you caught up on May's latest Linux vulnerabilities? See this week's top issues and keep your IT environment protected.

1. Resource exhaustion because of receiving an invalid large TLS frame in Eclipse Jetty

Severity: Important    CVSS Score: 7.5

This is a vulnerability in Eclipse Jetty. When using SSL/TLS with Jetty, the server may receive an invalid large TLS frame that will be incorrectly handled, causing the situation that CPU usage reaches 100%.

The highest threat from this vulnerability is to service availability.

Syxscore Risk Alert

This vulnerability has a high risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-28165

2. The Bind 9 vulnerability

Severity: Important    CVSS Score: 7.5

This is a flaw in Bind due to which an assertion check fails when answering queries for DNAME records that require the DNAME to be processed to resolve itself.

The highest threat from this flaw is to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-25215

3. A SMLLexer infinite loop flaw affecting Red Hat Enterprise Linux 8

Severity: Important  CVSS Score: 7.5

This is an infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 that may lead to denial of service when performing syntax highlighting of an SML source file, as demonstrated by the input that only contains the “exception” keyword.

The highest threat from this flaw is to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-20270

4. Unauthorized global ID reuse in Ceph (<2.20)

Severity: Important    CVSS Score: 7.2

This is an authentication flaw in ceph. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn’t sanitize other_keys, allowing key reuse.

As ceph does not force the reuse of old keys to generate new ones, when an attacker requests a global_id, they can exploit the ability of any user to request a global_id that was associated with another user before.

The highest threat from this vulnerability is to data confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a high risk as though its exploitation requires high privileges, this can be exposed over any network, with low complexity, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-20288

5. Possible request smuggling in HTTP/2 in Netty (<1.60.Final)

Severity: Medium       CVSS Score: 5.9

This is a vulnerability in Netty that allows an attacker to smuggle requests inside the application’s body as it gets downgraded from HTTP/2 to HTTP/1.1

Syxscore Risk Alert

This vulnerability has a moderate risk as though it requires a complex attack it can be exposed over any network with no privileges and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-21295

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo