Skip to main content
Monthly Archives

July 2021

||

Microsoft Issues Urgent Fix for PetitPotam

By BlogNo Comments

Microsoft Issues Urgent Fix for PetitPotam

Microsoft has reclassified the vulnerability known as “PetitPotam” as an official Security Advisory as attacks continue to rise.

New PetitPotam Attack Lets Cybercriminals Take Over Windows Domains

On July 28, Microsoft have reclassified the vulnerability known as “PetitPotam” as an official Security Advisory, and have marked this as Public Aware.

This means the precise method to expose this vulnerability is available to find on the internet, and there may attempts right now trying to take advantage of the bug effecting all versions of Windows Server.

What is PetitPotam?

PetitPotam is a classic NTLM Relay Attack, and such attacks have been previously documented by Microsoft along with numerous mitigation options to protect customers.

To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authentication make use of protections such as Extended Protection for Authentication (EPA) or signing features such as SMB signing. PetitPotam takes advantage of servers where Active Directory Certificate Services (AD CS) is not configured with protections for NTLM Relay Attacks.

Rob Brown, Head of Customer Success said, “If an attacker was able to expose this bug, this will give the attacker an authentication certificate that can be used to access domain services and compromise the entire Active Directory domain. This includes the creation / deletion of user accounts, or the changing of passwords.”

You are potentially vulnerable to this attack if you are using Active Directory Certificate Services (AD CS) with any of the following services:

  1. Certificate Authority Web Enrollment
  2. Certificate Enrollment Web Service

On any of the following operating systems:

  1. Windows Server 2008 R2
  2. Windows Server 2012 R2
  3. Windows Server 2016
  4. Windows Server 2019
  5. Windows Server 2004
  6. Windows Server 20H2

Solutions and Mitigations

  1. Disable NTLM Authentication on your Windows domain controller.
  2. Disable NTLM on any AD CS Servers in your domain using the group policy Network security: Restrict NTLM: Incoming NTLM traffic. To configure this GPO, open Group Policy and go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options and set Network security: Restrict NTLM: Incoming NTLM traffic to Deny All Accounts or Deny All domain accounts. If needed, you can add exceptions as necessary using the setting Network security: Restrict NTLM: Add server exceptions in this domain.
  3. Disable NTLM for Internet Information Services (IIS) on AD CS Servers in your domain running the “Certificate Authority Web Enrollment” or “Certificate Enrollment Web Service” services.

How Syxsense Can Help

Customers using Syxsense Secure can detect this vulnerability by scanning our security script called “LanMan authentication level is not NTLMv2”.

Syxsense provides that first line of defense against vulnerabilities by automating the patching of all systems. Experience the power of IT managementpatch management, and security vulnerability scanning in one powerful solution.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: July 26, 2021

By NewsNo Comments

Linux Vulnerabilities of the Week: July 26, 2021

See this week's top Linux issues and keep your IT environment protected from the latest July Linux vulnerabilities.

1. Out-of-bounds write in ANGLE in Google Chrome (< 91.0.4472.101)

Severity: Important    CVSS Score: 8.8

This is a flaw in ANGLE. Exploiting this vulnerability, a remote attacker can potentially perform out-of-bounds memory access via a crafted HTML page.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

 Syxscore Risk Alert

This vulnerability has a major risk as though it requires user interaction to be exploited, this can be exposed over any network, with a low complexity attack and no privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-30547

2. An out-of-bounds memory write flaw in the Linux kernel affecting Red Hat Enterprise Linux 7 and 8

Severity: Important    CVSS Score: 7.8

This is a flaw in the Linux kernel’s joystick devices subsystem before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. A local attacker can use this flaw to crash the system or escalate their privileges on the system.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exploited with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3612

3. Incorrect comparison during range check elimination in OpenJDK

Severity: Important    CVSS Score: 7.5

This is a flaw in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). The vulnerability is difficult to exploit as attacks require human interaction from a person other than the attacker.

Using this vulnerability, an unauthenticated attacker with network access via multiple protocols can compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires user interaction and a complex attack to be exploited, it can be exposed over any network with no privileges.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-2388

4. Out-of-bounds write in the Linux kernel’s fs/seq_file.c

Severity: Important    CVSS Score: 7.0

Exploiting this flaw, a local attacker with a user privilege can escalate their privileges to root gaining access to out-of-bound memory, which can result in a system crash or a leak of internal kernel information.

The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device and the complexity of an attack is high, it requires low privileges and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33909

5. race condition for removal of the HCI controller in the kernel affecting Red Hat Enterprise Linux 7

Severity: Important    CVSS Score: 7.0

This is a flaw in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. It allows a local attacker to exploit a race condition, leading to corrupted memory and possible privilege escalation.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device and requires a complex attack to be exploited, it needs low privileges and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-32399

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

3 Reasons Why Patching is the Weakest Link in Organizational Security

By Blog, Patch ManagementNo Comments

3 Reasons Why Patching is the Weakest Link in Organizational Security

What is the weakest link in the organizational security arsenal? A strong argument could be put forward that patching is the clear winner.

What’s the weakest link in your organization?

It’s been said many times that people are the weakest link in the security arsenal. Phishing scams enjoy success primarily due to the gullibility or inattention of people. All it takes is one clueless employee clicking on a malicious link or attachment and the entire network can be compromised.

But whether it is a virtual environment like a computer network or a physical environment like defending a castle, people have always been the weak link. In the old days, all it took was one person selling out to the enemy for a few coins. Later that night, the gate is left unlocked and the portcullis isn’t dropped.

Therefore, let’s take people out of the discussion, recognizing that there will always be a human element to address. What, then, is the weakest link among the many components of the organizational security arsenal? A strong argument could be put forward that patching is the clear winner. Here are three reasons why.

1. Vital Patches Don’t Get Deployed

Think about some of the recent breaches impacting the enterprise such as Microsoft Exchange Server, Adobe Flash Player, the Fortinet VPN, and VMware vSphere. Serious security holes were discovered. Urgent patches were issued, news stories abounded about the need to deploy these patches at once, otherwise ransomware and other cyber-scourges lurked.

Yet systems are still being discovered almost five months later that have yet to shore up their Exchange Servers. The FBI even got in on the act, breaking into corporate systems to remove malware. To make matters worse, critical security patches from May of 2019 such as those fixing the Fortinet VPN hole have been found undeployed.

2. The Bad Guys Search Out Unpatched Systems

Yes, there are a few criminal hacking geniuses out there who devise new and ingenious ways of breaking into systems or who can find a hole no one else ever spotted. But that accounts for a minuscule number of actual hacks. Almost all take advantage of known security issues, most of them having patches readily available.

Talk about making it easy for the criminal! The bad guys scan for instances of obsolete OSes, or insecure applications. Where they find Windows XP, Windows 7, Internet Explorer, or Adobe Flash Player, for example, they rub their hands in glee. Similarly, they search around for systems that haven’t deployed patches such as Exchange, VMware, or Fortinet. When they find one, they know they are onto a sure thing. From that point, they can infiltrate confidential data or initiative a ransomware attack.

3. Manual Patching Leads to Backlogs

Many organizations still take care of patching manually. They evaluate each patch and determine if and when it is to be installed. This inevitably leads to errors, delays, and heightened risk.

Another area where manual processes tend to bog down patch deployment is testing. Organizations want to verify that a patch won’t break other systems. They establish procedures to test patches before deployment. Unfortunately, many patches stack up in backlogs. Urgent patches go undeployed while someone in IT tests low-priority patches to verify their integrity.

How Syxsense Can Help

Syxsense eliminates the many reasons why patches don’t get deployed. It lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features.

In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution. Don’t tempt fate by relying on manual patching processes.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Watch the Webcast: July Patch Tuesday 2021

By Patch Tuesday, VideoNo Comments

Watch the Webcast: July Patch Tuesday 2021

Watch this week's webcast to hear IT industry experts discuss strategies for tackling Microsoft's Patch Tuesday updates.

Watch the July Patch Tuesday 2021 Webcast

Watch our webcast to hear industry experts discuss each of this month’s bulletins and show you strategies for tackling the most important updates.

Our team of IT management experts has deployed over 100 million patches. Sign up for our free webinar to receive the top patch strategies of the month.

View the Webcast

What You Need to Know: July Patch Tuesday 2021

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

July Patch Tuesday 2021 Fixes Massive 117 Vulnerabilities

By Patch ManagementNo Comments

July Patch Tuesday 2021 Fixes Massive 117 Vulnerabilities

July Patch Tuesday 2021 is officially here. See the latest Microsoft updates, vulnerabilities, and critical patches of the month.

Microsoft Releases Huge July Patch Tuesday Update

There are  13 Critical, 103 Important and 1 Moderate fixes this month for Microsoft Windows, Dynamics, Exchange Server, Microsoft Office, Windows Storage Spaces Controller, Bing, SharePoint Server, Internet Explorer (IE), Visual Studio, and Open Enclave.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month, with one currently Weaponized.

  1. Windows 7 – 3 Critical and 27 Important vulnerabilities fixed
  2. Windows 2008 R2 – 3 Critical and 27 Important vulnerabilities fixed

Robert Brown, Head of Customer Success for Syxsense said, “The vulnerability known as PrintNightmare is causing a lot of confusion and anxiety as patch deployment is needed urgently, but also some registry keys need to be verified also. If those keys exist then you are not safe.

There are also Weaponized vulnerabilities for Windows Kernel which need addressing urgently.”

Top July 2021 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible. 

1. CVE-2021-34527: Windows Print Spooler Remote Code Execution Vulnerability

The vulnerability exists due to improper input validation within the RpcAddPrinterDriverEx() function. A remote user can send a specially crafted request to the Windows Print Spooler and execute arbitrary code with SYSTEM privileges.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.5 / 8.8
  • Weaponiz
  • ed: Yes
  • Public Aware: Yes
  • Countermeasure: Yes 

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

2. CVE-2021-31979 & CVE-2021-33771: Windows Kernel Elevation of Privilege Vulnerability

A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8 / 8.4
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: Yes 

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

3. CVE-2021-34458: Windows Kernel Remote Code Execution Vulnerability

This bug impacts systems hosting virtual machines with single root input/output virtualization (SR-IOV) devices. If you have virtual machines in your environment, test and patch quickly.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8 / 8.4
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: Yes 

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

Reference Description Vendor Severity CVSS Score Countermeasure Public Weaponised Syxsense Recommended
CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability Critical 8.8 Yes Yes Yes Yes
CVE-2021-31979 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No Yes Yes
CVE-2021-33771 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No Yes Yes
CVE-2021-34448 Scripting Engine Memory Corruption Vulnerability Critical 6.8 No No Yes Yes
CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9.1 No Yes No Yes
CVE-2021-34523 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 9 No Yes No Yes
CVE-2021-33781 Active Directory Security Feature Bypass Vulnerability Important 8.1 No Yes No Yes
CVE-2021-33779 Windows ADFS Security Feature Bypass Vulnerability Important 8.1 No Yes No Yes
CVE-2021-34492 Windows Certificate Spoofing Vulnerability Important 8.1 No Yes No Yes
CVE-2021-34458 Windows Kernel Remote Code Execution Vulnerability Critical 9.9 No No No Yes
CVE-2021-34494 Windows DNS Server Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-33780 Windows DNS Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-34525 Windows DNS Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-33749 Windows DNS Snap-in Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-33750 Windows DNS Snap-in Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-33752 Windows DNS Snap-in Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-33756 Windows DNS Snap-in Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-34450 Windows Hyper-V Remote Code Execution Vulnerability Critical 8.5 No No No Yes
CVE-2021-34469 Microsoft Office Security Feature Bypass Vulnerability Important 8.2 No No No Yes
CVE-2021-33767 Open Enclave SDK Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2021-34520 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.1 No No No Yes
CVE-2021-33786 Windows LSA Security Feature Bypass Vulnerability Important 8.1 No No No Yes
CVE-2021-34474 Dynamics Business Central Remote Code Execution Vulnerability Critical 8 No No No Yes
CVE-2021-33768 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8 No No No Yes
CVE-2021-34470 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8 No No No Yes
CVE-2021-33746 Windows DNS Server Remote Code Execution Vulnerability Important 8 No No No Yes
CVE-2021-33754 Windows DNS Server Remote Code Execution Vulnerability Important 8 No No No Yes
CVE-2021-34446 Windows HTML Platform Security Feature Bypass Vulnerability Important 8 No No No Yes
CVE-2021-34464 Microsoft Defender Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-34522 Microsoft Defender Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-34439 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-34503 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-33740 Windows Media Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-34497 Windows MSHTML Platform Remote Code Execution Vulnerability Critical 6.8 No No No Yes
CVE-2021-34489 DirectWrite Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31947 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-33775 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-33776 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-33777 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-33778 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34501 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34518 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34479 Microsoft Visual Studio Spoofing Vulnerability Important 7.8 No No No
CVE-2021-34441 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34452 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34521 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34460 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34510 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34512 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34513 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34477 Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34528 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34529 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34516 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34504 Windows Address Book Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34459 Windows App Container Elevation Of Privilege Vulnerability Important 7.8 No No No
CVE-2021-33784 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34488 Windows Console Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34461 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-33759 Windows Desktop Bridge Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34455 Windows File History Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34438 Windows Font Driver Host Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34498 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34511 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34514 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34508 Windows Kernel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-33743 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-33761 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-33773 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34445 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34456 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-33758 Windows Hyper-V Denial of Service Vulnerability Important 7.7 No No No
CVE-2021-31206 Microsoft Exchange Server Remote Code Execution Vulnerability Important 7.6 No No No
CVE-2021-31984 Power BI Remote Code Execution Vulnerability Important 7.6 No No No
CVE-2021-34476 Bowser.sys Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-33785 Windows AF_UNIX Socket Provider Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-34442 Windows DNS Server Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-33788 Windows LSA Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-31183 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-33772 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-34490 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-33766 Microsoft Exchange Information Disclosure Vulnerability Important 7.3 No No No
CVE-2021-31196 Microsoft Exchange Server Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2021-34467 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.1 No No No
CVE-2021-34468 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.1 No No No
CVE-2021-33751 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-34449 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-34462 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-33774 Windows Event Tracing Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-34447 Windows MSHTML Platform Remote Code Execution Vulnerability Important 6.8 No No No
CVE-2021-34493 Windows Partition Management Driver Elevation of Privilege Vulnerability Important 6.7 No No No
CVE-2021-33745 Windows DNS Server Denial of Service Vulnerability Important 6.5 No No No
CVE-2021-34444 Windows DNS Server Denial of Service Vulnerability Important 6.5 No No No
CVE-2021-34499 Windows DNS Server Denial of Service Vulnerability Important 6.5 No No No
CVE-2021-34507 Windows Remote Assistance Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-33755 Windows Hyper-V Denial of Service Vulnerability Important 6.3 No No No
CVE-2021-34500 Windows Kernel Memory Information Disclosure Vulnerability Important 6.3 No No No
CVE-2021-33765 Windows Installer Spoofing Vulnerability Important 6.2 No No No
CVE-2021-31961 Windows Install Service Elevation of Privilege Vulnerability Important 6.1 No No No
CVE-2021-33764 Windows Key Distribution Center Information Disclosure Vulnerability Important 5.9 No No No
CVE-2021-34466 Windows Hello Security Feature Bypass Vulnerability
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Top Linux Vulnerabilities for July 2021

By NewsNo Comments

Top Linux Vulnerabilities for July 2021

Explore the top Linux vulnerabilities for July 2021 and find out the best solution for managing these threats.

1. Apache httpd mod_session heap overflow affecting Red Hat Enterprise Linux 8

Severity: Critical         CVSS Score: 9.8

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow. The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-26691

2. The libX11 (<1.7.1) missing validation flaw affecting Red Hat Enterprise Linux 7 and 8

Severity: Critical         CVSS Score: 9.8

Exploiting this vulnerability, an attacker can inject X11 protocol commands on X clients, and potentially execute arbitrary code with permissions of the application compiled with libX11.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-31535

3. A use-after-free in Libxml2 (< 2.9.11)

Severity: Important    CVSS Score: 8.8

There’s a flaw in libxml2. An attacker can submit a crafted file to be processed by an application linked with libxml2 to trigger a use-after-free. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although it requires user interaction, it can be exposed over any network, with a low complexity attack, and without privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3518

4. Buffer overrun flaw in PostgreSQL

Severity: Important    CVSS Score: 8.8

This is a vulnerability in PostgreSQL in versions before 13.3, before 12.7, before 11.12, before 10.17, and before 9.6.22.

Due to missing bound checks during an SQL array modification process, authenticated database users can write arbitrary bytes to a wide area of server memory.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires some privileges, it can be exposed over any network with a low complexity attack, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-32027

5. A missing length check of forwarded messages in Linux PTP

Severity: Important    CVSS Score: 8.8

This is a flaw in the PTP4l program of the Linux PTP package.

A remote attacker that can connect to the `ptp4l` service, can use a missing length check when forwarding a PTP message between ports to cause an information leak, crash, or execute remote code.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this can be exposed over any network, with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3570

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Are Cybercriminals After You?

By BlogNo Comments

Are Cybercriminals After You?

Cybercriminals target many industries and achieve success in most areas. How do you know if your organization is vulnerable?

Are the Bad Guys After You?

Paranoia leads individuals to believe that everyone is against them, that the FBI are chasing them, or some other menace stalks their every move. So, how about your industry? Are cybercriminals after you?

Lists of the most targeted industries tend to vary depending on the study. But the common denominators tend to be healthcare & pharmaceuticals, government, education, manufacturing, construction, business services and IT.

Results also vary depending on the size of the organization. According to a study by KnowBe4, the most phishing-prone verticals in firms with less than 250 employees are healthcare & pharmaceutical organizations then education and manufacturing. This represents a change from the previous year when construction was by far the most attacked area of small business.

Targeted by Cybercriminals

This could perhaps be a natural occurrence of success. Cybercriminals find a niche such as construction to be poorly protected. They devise attacks, achieve some success, word gets around and the entire cybercrime world goes all out attacking these easy pickings. But a series of successful hacks against construction makes that field realize it needs to invest in IT security. Phishing results diminish, and the bad guys move onto to richer pastures.

But another reason could be moving up the food chain. The survey showed that among mid-sized organizations (250 to 1000 employees), construction holds the top spot. Perhaps the bad guys used smaller fry to learn the ropes and are now plying their skills with bigger fish. Other phish-prone verticals in the mid-sized category are healthcare & pharmaceuticals and business services.

Things change when you get into large organizations of 1,000 or more employees. In this sector, IT companies are top followed by hospitality and manufacturing. It is quite shocking that the IT sector should be such an easy target for phishing. That might explain why there are so many data breaches of late.

Who came out best in terms of being the least phish-prone? Surprise, surprise – it’s large government organizations. As government size dwindles, phishing success rates increase. That said, the scores in government were not that good. They were just better than the others.

Cyberattackers Never Stop

These results clearly demonstrate that the bad guys are indeed after you. They are targeting a great many industries and achieve success in most areas. They can always find some gullible users who can be tricked into clicking when they should be thinking. They want you to open a malicious attachment, click on an infected link, or be hoodwinked into thinking a phishing email really is from someone desperate to give you money.

Smart companies educate users so they form a human firewall, are alert for the latest phishing scam, and tell their peers about a new variant of malicious traffic. Smart companies also deploy vulnerability scanners so they find out about new attack vectors and exploits before they can cause much damage. And they ensure that they always deploy critical patches in a timely manner.

How Syxsense Can Help

Syxsense provides that first line of defense against cyberattack by automating the patching of all systems. Systems are continually breached due to well-publicized patches not having been deployed across the network.

Syxsense combines IT managementpatch management, and security vulnerability scanning in one powerful solution.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Windows Out-of-Band Update Released to Fix PrintNightmare Vulnerability

By Blog, Patch ManagementNo Comments

Windows Out-of-Band Update Released to Fix PrintNightmare Vulnerability

Microsoft released an emergency update to fix the Weaponized PrintNightmare zero-day vulnerability in the Windows Print Spooler service.

Microsoft Releases Emergency Patch for PrintNightmare Flaw

Microsoft has released an emergency security update to fix the Weaponized PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all versions of Windows, including Windows 7 and Windows Server 2008 R2.

Improper input validation within the RpcAddPrinterDriverEx() function allows this vulnerability to be weaponized, as has been confirmed by Microsoft. A remote user can send a specially-crafted request to the Windows Print Spooler and execute arbitrary code with SYSTEM privileges.

Syxscore Risk Alert

  1. Vendor Severity: Critical
  2. CVSS Severity: 9.9 (Critical)
  3. Attack Vector: Network
  4. Attack Complexity: Low
  5. Privileges Required: Low
  6. User Interaction: None
  7. Scope (Jump Point): Yes

“This is one of the highest priorities of the year to date,” said Rob Brown, Head of Customer Success for Syxsense. “Not only does this impact almost every single operating system by Microsoft, if this is weaponized within your environment, there is the real possibility of those hackers jumping into another technology or applications within your network. Microsoft have also taken the rare step of releasing this update for Windows 7 even if you do not have an ESU extended license.”

How Syxsense Can Help

As always, we recommend full testing be performed prior to live deployment to your device. These are now available within the Syxsense Console.

Syxsense provides that first line of defense against vulnerabilities by automating the patching of all systems. Experience the power of IT managementpatch management, and security vulnerability scanning in one powerful solution.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Phishing Research Reveals Concerning Statistics

By BlogNo Comments

Phishing Research Reveals Concerning Statistics

A recent study by Tessian showcased some scary numbers about the frequency of phishing. Should you be concerned?

Frightening Phishing Frequency Findings

A recent study by Tessian showcased some scary numbers about the frequency of phishing.

Only 9% of organizations report never having been attacked by phishing. 10% say they have had to deal with anywhere from 1 to 10 attacks in one year. 37% have suffered up to 50 phishing attacks, 28% 50 to 100 attacks, and 12% more than 100 in a twelve-month period.

The best subject lines for business email compromise were found to be:

  1. Fw: Urgent Invoice
  2. Important: Please read
  3. Payment is Urgent Do Not Ignore!
  4. Re: Finance Request for CEO of …
  5. Attention: Credentials needed for login to secure mainframe.

Other studies have extended the list of email subject lines to watch for as potential alerts for phishing. These include: Annual Inventory, Changes to your health benefits, security alert: new or unusual Twitter login, Your Amazon Prime Membership has been declined, Zoom: Scheduled Meeting Error, Google Pay: Payment sent, and Stimulus Cancellation Request Approved.

Those falling victim to phishing suffered a variety of woes. 60% lost data, 52% had credentials or accounts compromised, 47% had to deal with a ransomware outbreak, 29% were infected with other forms of malware, and 18% incurred financial losses. According to the report, the average cost per compromised record was $150 with $3.92 million being the average cost of a data breach.

Brand Impersonation

A common ploy in phishing is to pretend to be from a well-known or respected company. Hackers make their email addresses appear to be from major vendors. Logos are liberally applied to make the scam look realistic. The most commonly impersonated brands are Microsoft, DHL, LinkedIn, Amazon, Rakuten, Ikea, Google, PayPal, and Chase.

It is no wonder the FBI regards phishing at the most common type of cybercrime. Phishing incidents doubled in 2020 with almost a quarter of a million reported. The agency received 11 times more complaints about phishing in 2020 compared to 2016.

Phishing Delivery Strategies

The delivery mechanisms for malware via phishing are also well known. Malicious URLs in emails are one ploy. But the most successful approaches make use of infected PDFs and Microsoft Office files. Other attachments that achieve some success are script files, compressed archives, Java files, and batch files.

But the tactics employed in phishing are many, varied, and ever changing. Although the minds that device phishing emails may be warped and represent the dregs of humanity, nevertheless they can be clever. The constant evolution of phishing tactics demonstrates this. But regardless of the approach, the goals are simple:

  1. Credentials
  2. Personal data
  3. Medical data

They want such information so they can gain money or access to higher value targets.

Beyond monetary losses, impacted businesses suffer due to lost hours of productivity, time spent in remediation and incident response, damaged repute, and loss of intellectual property.

How Syxsense Can Help

No one wants to experience any of these consequences. That is why it is so important to scan constantly for vulnerabilities and keep patches up to date.

Syxsense is the only product that combines automated patching, vulnerability scanning, and IT management. Manage and secure your IT environment with ease and get started for free.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: July 5, 2021

By NewsNo Comments

Linux Vulnerabilities of the Week: July 5, 2021

See this week's top Linux issues and keep your IT environment protected from the latest July Linux vulnerabilities.

1. Apache httpd mod_session heap overflow affecting Red Hat Enterprise Linux 8

Severity: Critical         CVSS Score: 9.8

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow. The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-26691

  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-26691

2. A use-after-free in Libxml2 (< 2.9.11)

Severity: Important    CVSS Score: 8.8

There’s a flaw in libxml2. An attacker can submit a crafted file to be processed by an application linked with libxml2 to trigger a use-after-free. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although it requires user interaction, it can be exposed over any network, with a low complexity attack, and without privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3518

3. Apache Tomcat vulnerability (incomplete fix for CVE-2020-9484)

Severity: Important  CVSS Score: 7.0

This is a flaw in Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103. When using Apache Tomcat with a configuration edge case that was highly unlikely to be used, and creating a specifically crafted request, the attacker can  trigger remote code execution via deserialization of the file under their control. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a high risk as though it needs access to the same network as the device, requires some privileges, and a complex attack to be exploited, it can be exposed without user interaction.

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-25329

4. Mozilla OpenPGP secret keys flaw

Severity: Medium       CVSS Score: 4.3

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user’s local disk. The master password protection was inactive for those keys. This vulnerability affects Thunderbird < 78.10.2. The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a moderate risk as although it requires user interaction, it can be exposed over any network, with a low complexity attack, and without privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-29956

5. TELNET stack contents disclosure in curl affecting Red Hat Enterprise Linux 8

Severity: Low  CVSS Score: 3.1

This is a flaw in curl. The vulnerability in the option parser for sending NEW_ENV variables libcurl can pass uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol. The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a low risk as though it can be exposed over any network with no privileges, it requires a complex attack and user interaction to be exploited.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-22898

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo