Skip to main content
Monthly Archives

August 2021

||

Syxsense Featured as Innovative Company at Black Hat 2021

By News

Syxsense Featured as Innovative Company at Black Hat 2021

Syxsense was recently highlighted for innovation and growth at Black Hat 2021 — see what Cyber Defense Magazine had to say.

Headquartered in southern California, Syxsense is a software as a service endpoint management and security software company. Syxsense specializes in combining IT and patch management with security vulnerability scanning, and now a full remediation capability using Syxsense Cortex, the company’s workflow builder.

Syxsense’s cloud-based platform allows clients to manage all of their endpoints and devices through drag-and-drop (DnD) workflow technology. Example actions include almost everything: patches, asset management, vulnerability scanning, software installations, and more. Clients can use and edit pre-built blocks and create new ones. Furthermore, clients can deploy actions to individual devices, sets of devices, or all devices. For example, a client could update all of the odd-numbered computers on their network or change the background to display a cat for all employees named “John.”

Syxsense Cortex is a drag-and-drop workflow builder for building remediations to configuration errors and security vulnerabilities. Used with permission from Syxsense.

As a WordPress blogger, Syxsense’s product resonated with me because of its simplistic workflow and customization. Its DnD security workflow reminds me of how bloggers use DnD blocks to create a website or post. Furthermore, Syxsense’s ability to support any skill level is similar to how WordPress sicks with bloggers throughout their careers.

For example, new WordPress bloggers almost exclusively use DnD blocks. Over time, they learn how to customize blocks and how parts of the website interact (i.e., CSS and hosting configurations). Eventually, bloggers can create new blocks, build websites, fix bugs, and teach others. Skilled bloggers often publish custom blocks as code, add-ons, and templates, which creates an app-store atmosphere in WordPress.

Syxsense demonstrates similar possibilities in the security industry. Using Syxsense Cortex, clients can implement Syxsense’s platform using premade blocks. Once employees learn how each block’s settings interact with the network, they can customize blocks to fit their exact needs. Moreover, the transferring of skills from senior techies to new employees is seamless in this environment. I would not be surprised if its clients use its platform to teach security skills to employees or if security professionals make tutorials on custom blocks.

Watch Syxsense’s demo on Vimeo.

Lastly, Syxsense scans clients’ networks, proposes solutions, and displays potential exploit outcomes. In other words, Syxsense can fix vulnerabilities its platform detects, and best of all, clients can use DnD to resolve each issue.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: August 31, 2021

By News

Linux Vulnerabilities of the Week: August 31, 2021

See this week's top Linux issues and keep your IT environment protected from the latest August Linux vulnerabilities.

1. Improper Input Validation in Node.js (<16.6.0, 14.17.4, and 12.22.4) affecting Red Hat Enterprise Linux 8

Severity: Critical         CVSS Score: 9.8

Node. js is vulnerable to remote code execution, Cross-site scripting (XSS), application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library, which can lead to the output of wrong hostnames (leading to Domain hijacking) and injection vulnerabilities in applications using the library.

The highest threat from this vulnerability is to data confidentiality, and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-22931

2. Mozilla Thunderbird and Firefox vulnerability

Severity: Important    CVSS Score: 8.8

Uninitialized memory in a canvas object in Mozilla Thunderbird and Mozilla Firefox (< 78.13 and < 91) could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a high risk as though it requires user interaction, it can be exposed over any network, with low complexity, and no privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-29980

3. An out-of-bounds memory read vulnerability in Envoy Proxy/Envoy

Severity: Important   CVSS Score: 8.6

When using one of the mentioned envoy extensions, it is possible to modify and increase the request or response body size of the decompressor, JSON-transcoder, grpc-web, or other proprietary extensions. Exploiting this flaw, an attacker can read invalid memory and cause Envoy to crash, resulting in a denial of service.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this can be exposed over any network, with  a low complexity attack, no privileges, and without user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-32781

4. An out-of-bounds write flaw in the Linux kernel’s Filesystem layer

Severity: Important    CVSS Score: 7.8

Exploiting this flaw, a local attacker with a user privilege can gain access to out-of-bound memory, which will result in a system crash or a leak of internal kernel information. The issue results from not validating the size_t-to-int conversion before performing operations.

The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exploited with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33909

5. A RubyGem-Puma vulnerability incomplete fix

Severity: Important    CVSS Score: 7.5

Exploiting CVE-2019-16770, a poorly-behaved client could have used keepalive requests to monopolize Puma’s reactor and create a denial of service attack. The fix for CVE-2019-16770 was incomplete.

The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server that received more concurrent ‘keep-alive’ connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-29509

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||

Syxsense Workflows Automate Response to Critical IT Infrastructure Disruptions

By Press Release

Syxsense Workflows Automate Response to Critical IT Infrastructure Disruptions

Syxsense announced the ability to automatically respond to critical IT infrastructure disruptions with customizable workflow status checks.

Syxsense Now Offers Powerful Remediation with Automated Workflows

Syxsense, a global leader in IT and security management solutionsa leader in managing and securing endpoints, announced today the ability to automatically respond to critical IT infrastructure disruptions. Syxsense adds customizable workflow status checks and controls for services, databases, websites, events, and servers. Within the workflow, monitor that there are no data disruptions, alert that your website is non-responsive, restart and repair windows services and events.  

Use the web monitor action to watch for and respond to website outages to help guarantee that a customer’s experience, from first click to purchase, is a positive one. Set downtime checks as frequently as every 30 seconds, if your site is non-responsive you will immediately receive notification. Completely customizable, workflows can automate the restart of necessary services, responding and fixing the problem with no manual intervention and limited downtime. With a variety of web action checks (delete, get, head, post, put, trace), interact with any web service or web API for transaction monitoring and avoid technical outages at the point of purchase. Checks run from any number of locations for worldwide redundancy, know that customers from Asia to Europe are getting similar response times. 

Syxsense also extends its’ automation workflow library with logic action pairs to verify uptime and reboot servers; check the state of windows events and services then start or stop them, and finally monitor the responsiveness of SQL databases to initiate repair. 

In the instance of PrintNightmare, the patch Microsoft released only fixed half of the problem. IT admins still had to disable the print spooler service by hand. The Syxsense Cortext workflow is able to disable or enable a specific windows feature, saving time and securing the environment. 

Syxsense Cortex is a visual drag and drop designer that easily automates complex actions directly on the endpoint, only available in Syxsense Secure.

“With this release, customers are to detect and resolve critical infrastructure disruptions in live-time,” emphasized Ashley Leonard, CEO of Syxsense. “Syxsense Secure fits seamlessly into the existing infrastructure and routines for automated security and patch remediation.”

Syxsense Cortex is included with Syxsense Secure at no additional cost. Syxsense is offering free, fully-featured trials for up to 100 devices for 14 days. More information on the software and trial can be found here.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

10 Vulnerabilities You Should Be Scanning For

By Patch Management

10 Vulnerabilities You Should Be Scanning with Syxsense

Are you scanning for these vulnerabilities in your environment? We have selected the most urgent security gaps that you should remediate.

Vulnerabilities Have Rapidly Increased in 2021

The latest intelligence confirms ransomware attacks are on the rise. Not only are attacks getting more sophisticated, the ransom demands are constantly growing.

One third of all incidents this year are attributed to ransomware attacks or attempts to gain access to a network or intellectual property. In order to stop attackers from demanding payment for an encryption key, it’s never been more important to start scanning for security gaps.

Top 10 Vulnerabilities

These 10 security vulnerabilities should be scanned for within your environment.

These are based on the current threats we see being exposed and what has been weaponized or used to gain entry over the past year.

[vc_single_image image=”84930″ img_size=”full” css_animation=”fadeIn” css=”.vc_custom_1602218454042{padding-right: 20px !important;padding-left: 20px !important;}”]

Additionally, we have also recommended some of our scripts to run on your devices using Syxsense Secure to see if any of these have been found, and if so we recommend remediating these as soon as possible.

1. Autoplay

Some of the worst types of attack were transported using the simplest form of delivery: USB, mapped drive, or CD/DVD drive. One such virus known as Down ‘n Up or Conficker would infect a mapped drive and every user who logged on would automatically become infected and pass on the virus.

With many users still working from home, it is entirely possible the micro SD from the camera, or the USB drive used for school work could easily infect your system.

We recommend the following scripts be scanned on every device, and the features disabled where found:

  • Autoplay enabled for non-volume devices
  • Autoplay feature enabled for all drives
  • Autorun enabled

2. Simple Passwords

One of the trickiest issues to identify is the vast number of local accounts on your devices which are not using hardened passwords, or local accounts which do not require the password to be changed regularly.

We recommend the following scripts be scanned on every device in order to improve your local user hygiene:

  • Password complexity requirements is disabled
  • User password never expires
  • User password not required

We also know users like to keep the same password for everything, and unless you protect those local accounts with a minimum password age, nothing stops the users from cycling through to their favorite password.

  • Minimum password age less than 1 day

3. Peer-to-Peer Software

Although owning peer-to-peer sharing is not illegal, it can be used to download illegal software, music and videos. You never can tell what you are downloading, especially since a lot of software downloaded from peer-to-peer sites are actually counterfeit, or worse, obfuscated rootkits and viruses.

We recommend the following scripts be scanned on every device to identify where peer-to-peer software or peer-to-peer binaries are installed which could act as a gateway to downloading ransomware:

  • Peer-to-peer application detected
  • Peer-to-peer binary detected

4. Windows Firewall

The basic Windows Firewall, if implemented correctly, can protect a system from many forms of attack, especially ransomware. The firewall comes with the operating system and should be enabled and configured if you have no other firewall in place.

We recommend the following scripts be scanned on every device:

  • Firewall Disabled (Windows)
  • Firewall Disabled (non-Windows)

5. Windows File Extensions

Your users build habits when running their applications and saving documents to their drives. Would your users know the difference between an icon logo which looks like Outlook, Word, Excel, and the one they use every day if it was located on the user’s desktop?

We recommend the following scripts be scanned on every device to help your users avoid opening suspicious files and applications that are in fact ransomware in disguise:

  • File Extensions Hidden

6. Browser Extensions

A recent announcement by Google suggested they had detected 295 browser extensions on their platform which were caught collecting user keystrokes, clipboard content, cookies, and more. Browser extensions have become extremely popular recently with many offering monetary benefits like voucher codes. These browser extensions run within the browser, and simply await the user to run their payload.

We recommend the following scripts be scanned on every device to protect your browser from these kinds of attacks:

  • Malicious Chrome Extension (Google)
  • Malicious Chrome Extension (Edge)
  • Malicious Chrome Extension (Opera)

7. Remote Desktop Services

Remote Desktop and Remote Access is one the favorite avenues to attack for many hackers. Often devices are visible from the internet and are not sufficiently protected that over a single weekend, those devices are identified and by Monday, your network is under siege.

We recommend the following scripts to be run to ensure these are protected:

  • RDC use 3389 default port for connections
  • RDP connection encryption not set to High

We would also recommend scanning the following security vulnerability for all internet facing devices after every weekend to see if any attempts have been made:

  • Account Locked
  • Multiple Logins Attempted

8. Antivirus

Ensuring your Antivirus is running should be simple, however there are also known issues with the antivirus software itself that are often overlooked (such as memory leaks). Your antivirus is the last line of defense against the most sophisticated of ransomware attacks, so ensuring it is healthy should be one of your top priorities.

We recommend the following scripts be scanned on every device to verify your antivirus is trustworthy to protect your devices:

  • Antivirus Not Detected
  • Antivirus Definition over 21 Days
  • AV Disabled
  • AV Engine Not Up-to-Date

9. SMB

The US National Cybersecurity & Communications Integrations Center (NCCIC) recently issued advice that all organizations should block outbound Server Message Block (SMB) traffic at the perimeter firewall: Ports 137/139/445. If you are not able to block this traffic for whatever reason, you should at least ensure the protocol is using the highest level of security algorithm.

We recommend the following scripts be scanned on every internet facing device to verify the safety of SMB:

  • SMB v1 protocol enabled

10. Legacy / Obsolete / Out of Support Software

Our number one vulnerability is obsolete operating systems and software. It is widely recommended by both Syxsense and other security advisories such as US Homeland Security and the UK National Cyber Security Centre to ensure all software used is up to date, that includes operating systems.

Any software which is obsolete, and therefore no longer supported by the vendor, should be upgraded or uninstalled. Infection from ransomware is much easier if the vendor is no longer fixing security bugs which are publicly aware.

We recommend the following scripts be scanned on every device to identify legacy software:

  • Legacy Software Found

How Syxsense Can Help

Syxsense lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features.

In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Watch the Webcast: August Patch Tuesday 2021

By Patch Tuesday, Video

Watch the Webcast: August Patch Tuesday 2021

Watch this week's webcast to hear IT industry experts discuss strategies for tackling Microsoft's Patch Tuesday updates.

Watch the August Patch Tuesday 2021 Webcast

Watch our webcast to hear industry experts discuss each of this month’s bulletins and show you strategies for tackling the most important updates.

Our team of IT management experts has deployed over 100 million patches. Sign up for our free webinar to receive the top patch strategies of the month.

View the Webcast

What You Need to Know: August Patch Tuesday 2021

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Top Linux Vulnerabilities for August 2021

By News

Top Linux Vulnerabilities for August 2021

Explore the top Linux vulnerabilities for August 2021 and find out the best solution for managing these threats.

1. Apache httpd mod_session heap overflow affecting Red Hat Enterprise Linux 8

Severity: Critical CVSS Score: 9.8  In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow. The highest threat from this vulnerability is to system availability.   Syxscore Risk Alert  This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction. 

  • Attack Vector: Network 
  • Attack Complexity: Low 
  • Privileges Required: None 
  • User Interaction: None 
  • Scope (Jump Point): Unchanged 

CVE Reference(s): CVE-2021-26691 

2. A use-after-free in Libxml2 (< 2.9.11)

Severity: Important CVSS Score: 8.8  There’s a flaw in libxml2. An attacker can submit a crafted file to be processed by an application linked with libxml2 to trigger a use-after-free. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.   Syxscore Risk Alert  This vulnerability has a major risk as although it requires user interaction, it can be exposed over any network, with a low complexity attack, and without privileges. 

  • Attack Vector: Network 
  • Attack Complexity: Low 
  • Privileges Required: None 
  • User Interaction: Required 
  • Scope (Jump Point): Unchanged 

CVE Reference(s): CVE-2021-3518    [dt_divider style=”thin” /]

3. A missing length check of forwarded messages in Linux PTP

Severity: Important CVSS Score: 8.8  This is a flaw in the PTP4l program of the Linux PTP package.   A remote attacker that can connect to the `ptp4l` service, can use a missing length check when forwarding a PTP message between ports to cause an information leak, crash, or execute remote code.   The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.  Syxscore Risk Alert  This vulnerability has a high risk as this can be exposed over any network, with a low complexity attack, low privileges, and without user interaction. 

  • Attack Vector: Network 
  • Attack Complexity: Low 
  • Privileges Required: Low 
  • User Interaction: None 
  • Scope (Jump Point): Unchanged 

CVE Reference(s): CVE-2021-3570

4. Out-of-bounds write in ANGLE in Google Chrome (< 91.0.4472.101)

 Severity: Important CVSS Score: 8.8  This is a flaw in ANGLE. Exploiting this vulnerability, a remote attacker can potentially perform out-of-bounds memory access via a crafted HTML page.  The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.   Syxscore Risk Alert  This vulnerability has a major risk as though it requires user interaction to be exploited, this can be exposed over any network, with a low complexity attack and no privileges. 

  • Attack Vector: Network 
  • Attack Complexity: Low 
  • Privileges Required: None 
  • User Interaction: Required 
  • Scope (Jump Point): Unchanged 

CVE Reference(s): CVE-2021-30547    [dt_divider style=”thin” /]

5. A heap buffer overflow in libsndfile 1.0.30 affecting Red Hat Enterprise Linux 7 and 8

Severity: Important CVSS Score: 8.8  This is a heap buffer overflow in libsndfile, exploiting which an attacker can execute arbitrary code via a crafted WAV file.   The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.  Syxscore Risk Alert  This vulnerability has a major risk as though it requires user interaction to be exploited, this can be exposed over any network, with a low complexity attack and no privileges. 

  • Attack Vector: Network 
  • Attack Complexity: Low 
  • Privileges Required: None 
  • User Interaction: Required 
  • Scope (Jump Point): Unchanged 

CVE Reference(s): CVE-2021-3246 

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

August Patch Tuesday 2021 Fixes 44 Vulnerabilities

By Patch Management, Patch Tuesday

August Patch Tuesday 2021 Fixes 44 Vulnerabilities Including Weaponized Threat

August Patch Tuesday 2021 is officially here. See the latest Microsoft updates, vulnerabilities, and critical patches of the month.

Microsoft Releases August 2021 Patch Tuesday Fixes

There are 7 Critical and 37 Important fixes in this August Patch Tuesday for Microsoft Windows and Windows components, Office, .NET Core and Visual Studio, Windows Defender, Windows Update and Update Assistant, Azure, and Microsoft Dynamics.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month, with one currently Weaponized.

  1. Windows 7 – 4 Critical and 8 Important vulnerabilities fixed
  2. Windows 2008 R2 – 4 Critical and 9 Important vulnerabilities fixed

Robert Brown, Head of Customer Success for Syxsense said, “There are a number of extremely serious threats to deal with this month, and although there are less than half the number we have been facing just a couple months ago, it has never been more important to deploy these update to protect your environment.”

Top August 2021 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible. 

1. CVE-2021-36948: Windows Update Medic Service Elevation of Privilege Vulnerability

The vulnerability allows a local user to escalate privileges on the system, due to a boundary error within the Windows Update Medic Service. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

We are also extremely concerned as this was discovered by Microsoft Security Response Center (MSRC) / Microsoft Threat Intelligence Center which could indicate this would be turned into a ransomware attack.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: Yes
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2021-34535: Remote Desktop Client Remote Code Execution Vulnerability

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

In the case of Hyper-V, a malicious program running in a guest VM could trigger guest-to-host RCE by exploiting this vulnerability in the Hyper-V Viewer when a victim running on the host connects to the attacking Hyper-V guest.

Microsoft advise this exploit is more likely.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): No

3. CVE-2021-36936: Windows Print Spooler Remote Code Execution Vulnerability

The vulnerability allows a remote attacker to execute arbitrary code on the target system and successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Microsoft advise this exploit is more likely.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 8.8
  • Weaponised: No
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

CVE Reference Description Vendor Severity CVSS Score Weaponized Public Aware Countermeasure Syxsense Recommended
CVE-2021-36948 Windows Update Medic Service Elevation of Privilege Vulnerability Important 7.8 Yes No No Yes
CVE-2021-36936 Windows Print Spooler Remote Code Execution Vulnerability Critical 8.8 No Yes No Yes
CVE-2021-36942 Windows LSA Spoofing Vulnerability Important 7.5 No Yes No Yes
CVE-2021-34535 Remote Desktop Client Remote Code Execution Vulnerability Critical 9.9 No No No Yes
CVE-2021-34480 Scripting Engine Memory Corruption Vulnerability Critical 6.8 No No No Yes
CVE-2021-34530 Windows Graphics Component Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-34534 Windows MSHTML Platform Remote Code Execution Vulnerability Critical 6.8 No No No Yes
CVE-2021-26432 Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-26424 Windows TCP/IP Remote Code Execution Vulnerability Critical 9.9 No No No Yes
CVE-2021-34524 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Important 8.1 No No No Yes
CVE-2021-34537 Windows Bluetooth Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-36947 Windows Print Spooler Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-26423 .NET Core and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-34485 .NET Core and Visual Studio Information Disclosure Vulnerability Important 5 No No No
CVE-2021-34532 ASP.NET Core and Visual Studio Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-33762 Azure Cycle Cloud Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-36943 Azure Cycle Cloud Elevation of Privilege Vulnerability Important 4 No No No
CVE-2021-26430 Azure Sphere Denial of Service Vulnerability Important 6 No No No
CVE-2021-26429 Azure Sphere Elevation of Privilege Vulnerability Important 7.7 No No No
CVE-2021-26428 Azure Sphere Information Disclosure Vulnerability Important 4.4 No No No
CVE-2021-36949 Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability Important 7.1 No No No
CVE-2021-36950 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 5.4 No No No
CVE-2021-36946 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability Important 5.4 No No No
CVE-2021-34478 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-36940 Microsoft SharePoint Server Spoofing Vulnerability Important 7.6 No No No
CVE-2021-34471 Microsoft Windows Defender Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2021-36941 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34536 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-36945 Windows 10 Update Assistant Elevation of Privilege Vulnerability Important 7.3 No No No
CVE-2021-36938 Windows Cryptographic Primitives Library Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-36927 Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26425 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34486 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34487 Windows Event Tracing Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-34533 Windows Graphics Component Font Parsing Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-36937 Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34483 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26431 Windows Recovery Environment Agent Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26433 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-36926 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-36932 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-36933 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-26426 Windows User Account Profile Picture Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-34484 Windows User Profile Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-30590 Chromium: CVE-2021-30590 Heap buffer overflow in Bookmarks High N/A No No No
CVE-2021-30591 Chromium: CVE-2021-30591 Use after free in File System API High N/A No No No
CVE-2021-30592 Chromium: CVE-2021-30592 Out of bounds write in Tab Groups High N/A No No No
CVE-2021-30593 Chromium: CVE-2021-30593 Out of bounds read in Tab Strip High N/A No No No
CVE-2021-30594 Chromium: CVE-2021-30594 Use after free in Page Info UI High N/A No No No
CVE-2021-30596 Chromium: CVE-2021-30596 Incorrect security UI in Navigation Medium N/A No No No
CVE-2021-30597 Chromium: CVE-2021-30597 Use after free in Browser UI Medium N/A No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: August 9, 2021

By News

Linux Vulnerabilities of the Week: August 9, 2021

See this week's top Linux issues and keep your IT environment protected from the latest August Linux vulnerabilities.

1. Command injection vulnerability in RDoc 3.11 affecting Red Hat Enterprise Linux 8

Severity: Critical         CVSS Score: 9.8

This is an operating system command injection in RDoc.

A remote unprivileged attacker can use the RDoc command to generate documentation for a malicious Ruby source code, and this can result in arbitrary commands execution with the privileges of the user running RDoc.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-31799

2. A use-after-free vulnerability in WebKitGTK 2.30.4

Severity: Important    CVSS Score: 8.8

Due to this flaw, if a remote attacker tricks a local user into visiting a specially crafted malicious webpage, it can result in a potential data leak and further memory corruption.

The highest threat from this vulnerability is to data confidentiality and integrity.

Syxscore Risk Alert

This vulnerability has a major risk as though it requires user interaction to be exploited, this can be exposed over any network, with a low complexity attack, and without privileges.

  • Attack Vector:             Network
  • Attack Complexity:     Low
  • Privileges Required:    None
  • User Interaction:         Required
  • Scope (Jump Point):    Unchanged

CVE Reference(s): CVE-2021-21775

3. A heap out-of-bounds write in net/netfilter/x_tables.c affecting Red Hat Enterprise Linux 7 and 8

Severity: Important   CVSS Score: 7.8

This is a flaw in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32-bit processes on 64-bit systems.

Exploiting this flaw, a local user can gain privileges or cause a DoS through username space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a high risk as though it needs access to the same network as the device, and requires some privileges to be exploited, it can be exposed with a low complexity attack and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-22555

4. An out-of-bounds memory write flaw in the Linux kernel’s joystick devices subsystem

Severity: Important    CVSS Score: 7.8

Exploiting this flaw, a local user can crash the system or escalate their privileges on the system.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a high risk as though it needs access to the same network as the device, and requires some privileges to be exploited, it can be exposed with a low complexity attack and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3612

5. An infinite loop in apache-commons-compress affecting Red Hat Enterprise Linux 7 and 8

Severity: Important    CVSS Score: 7.5

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This flaw allows the mounting of a denial-of-service attack against services that use Compress’ SevenZ package.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-35515

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Syxsense Releases Two New Solutions

By Press Release

Syxsense Releases Two New Solutions for Remediating Endpoint Security Vulnerabilities

Syxsense announced two new solutions built to facilitate the remediation of the current rash of malware at the Black Hat 2021 conference.

Syxsense Now Offers Powerful Remediation with Automated Workflows

Syxsense, a global leader in IT and security management solutions, announced today at the Black Hat conference the release of two new solutions built to facilitate the remediation of the current rash of malware.

Syxsense Secure now includes the ability to scan, report and remediate security vulnerabilities with a single workflow. Traditional security scanners identify possible attack surfaces, but rarely offer a solution to immediately close the threat vector. Patch Management solutions resolve OS vulnerabilities but leave the more complex security vulnerabilities untouched. Using either solution alone blindly completes only half the job and leaves businesses open to a breach.

“While threat and misconfiguration detection is critical in today’s IT environment, on their own they’re no better than watching the approach of a speeding train,” said Ashley Leonard, Syxsense founder and CEO.  “With Syxsense Secure you can immediately remediate the threat, in essence, avoiding the train’s path entirely.”

Syxsense Secure leverages the drag-and-drop workflow capability of Syxsense Cortex v2, also announced and available today. Syxsense Cortex v2 is a visual drag and drop designer that easily automates complex actions directly on the endpoint. Cortex-enabled “intelligent endpoints” respond in real time when changes or missing configurations are detected. Among thousands of uses, existing Syxsense Secure customers use Syxsense Cortex to easily solve previously complex routines like VM Host Patching, multistage server patching and device monitoring.

Syxsense’s intelligent tools detect and report vulnerabilities in a full spectrum of security families including Crypto Mining, Firewalls, Antivirus, Backdoors, Port Scanners, PTP, Social Networking, Windows Policies and more.

“With these releases, Syxsense Cortex and Syxsense Secure work together as a powerful one-two combo to detect and resolve security issues in live-time,” emphasized Leonard. “The two fit seamlessly into the existing infrastructure and routines for automated security and patch remediation.”

Syxsense Cortex is included with Syxsense Secure at no additional cost. Syxsense is offering free, fully-featured trials for up to 100 devices for 14 days. More information on the software and trial can be found here.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Will There Be an End to the Ransomware Pandemic?

By Blog

Will There Be an End to the Ransomware Pandemic?

Ransomware is the biggest pandemic for IT professionals. It remains the most common type of malware, accounting for nearly 2/3 of malware attacks.

Is There No End to the Ransomware Pandemic?

Pandemics are receiving a lot of media coverage right now. But the one most on the radar of those in IT and security is ransomware. According to the Positive Technologies Q1 2021 Cybersecurity Threatscape report, ransomware remains the most common type of malware, accounting for nearly 2/3 of all malware attacks.

It is easy to see why 2020 was a banner year for ransomware. But the research shows an increase in ransomware in Q1 of 2021 of 17% compared to Q1 of 2020. 77% of the malware consists of targeted attacks against government, industrial, scientific, and educational organizations. The bad guys are after personal data and credentials, as well as stealing commercial secrets.

When IT gets a handle on one type of malware, another strain emerges rapidly. Thus, new pieces of ransomware have emerged of late such as Cring, Humble, and Vovalex. Despite all the new strains, it is sometimes the golden oldies that reap the best rewards. That’s why new variants of WannaCry are causing havoc once again, reprising their heyday back in 2017.

Another successful tactic is to harness rarely used programming languages in order to escape the attention of security scanners and avoid threat prevention technology. To make matters worse, some attackers make use of features that can successfully erase any traces of malicious activity.

Success Breeds Larger Ransoms

In sport, a good season with high numbers often leads to a lucrative contract. It’s the same with ransomware. Following the high-profile attacks on SolarWinds, Kaseya, and the Colonial Pipeline, cybercriminals are now demanding far more in exchange for a return of files, or services. Those who refuse to pay are often subjected to threats to expose the attack and the extent of the data theft to the press, or reveal the hack to the customer base. Alternatively, they find sensitive data and release it to the public, threatening to do more of the same if a ransom is not paid.

While government, education, healthcare, and industry may be in the crosshairs, IT organizations aren’t off the hook. Attacks of IT companies remain high for the second quarter in a row, according to the report. Cybercriminals have also turned their hand to developing malware that infiltrates virtualization environments and virtual infrastructure. This is rich pickings at the moment due to the number of companies that continue to operate remotely.

But perhaps the most lucrative area for attackers is the exploitation of known vulnerabilities. It isn’t hard to imagine cybercriminals sharing tales by the water cooler about being able to infiltrate yet another organization via a well-publicized vulnerability that has had a patch available for two months. A colleague no doubt interrupts to say, he got one where the patch was six months old but had never been installed. And then another one pipes up with his tale of an uninstalled two-year old patch that enabled him to hold an organization to ransom.

Shocking as that may sound, it is commonplace for attackers to find a way in by exploiting unpatched systems. It may seem hard to believe, but it’s now more than a year since the SolarWinds attack first made headlines. Yet new victims of this exploit continue to be reported.

How Syxsense Can Help

The first line of defense against ransomware, therefore, is patching. Syxsense lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features.

In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo