Skip to main content
Monthly Archives

March 2022

||||||

Syxsense Changes Game with Introduction of New Mobile Device Management Solution

By News, Patch TuesdayNo Comments

Syxsense Changes Game with Introduction of New Mobile Device Management Solution

Syxsense's MDM solution broadens the reach of IT managers to mobile devices running iOS, iPadOS, and Android.

Mobile Device Management Added to Syxsense

ALISO VIEJO, Calif., March 29, 2022 /PRNewswire/ –– Syxsense, a global leader in IT and security management solutions, announced today the availability of their solution for Mobile Device Management (MDM).

Available immediately, the MDM solution from Syxsense is the first solution on the market that broadens the reach of IT managers to now include mobile devices running iOS, iPadOS, and Android, in addition to previously supported Windows, Linux and Mac environments.

The ongoing trend of remote and hybrid work models has increased the criticality of bringing mobile devices under the umbrella of IT managed security, both company issued as well as BYOD (bring your own device.) MDM is now recognized by analyst firm Gartner as a key requirement of an effective Unified Endpoint Management (UEM) strategy, which has seen a surge in investment recently. Gartner writes “UEM investment has grown in response to the greater acceptance of remote working and the requirement to manage, patch and support Windows 10 and macOS PCs as well as mobile devices, regardless of location.”

Syxsense’ MDM offering includes all the tools necessary to apply effective management to mobile endpoints, including Device Enrollment, Inventory and Configuration Management, Application Deployment and Rollback, Data Containerization, and Remote Device Lock/Reset/Wipe, making it possible for IT to wipe sensitive data from lost or stolen devices.

“The Syxsense approach of unifying management of all IT devices into a single console that spans device management, device security and vulnerability remediation, has resonated with our customers, and is the catalyst for our recent explosive growth,” explains Ashley Leonard, founder and CEO of Syxsense. “This industry-first ability to now manage mobile devices within the same platform and methodology as other IT assets has been hugely popular with our early adopters.”

Syxsense Mobile Device Management is available as an add-on module to Syxsense Secure, which already includes management and security tools for servers, desktops, laptops, and virtual machines. It will also be included in an upcoming release of a bundled offering targeted at enterprise customers who wish to manage the broad scope of their IT devices from within a single console.

Other Included Features

Syxsense has also released updates to their existing offerings to now provide integration with Active Directory (AD) allowing IT managers to manage on-premise AD devices from the cloud. Syxsense discovers devices as they are added to OUs (organizational units) and automatically applies the appropriate policies.

This union of Syxsense Cortex™ and AD enables cradle to grave lifecycle management based on OU membership, rather than having to manually apply tasks to new devices and is a huge time saver to the IT team.

Newly updated Syxsense Manage is now also the first patch management product on the market that offers active Patch Tuesday scheduling for phased deployments. The recurring windows are set relative to the moving target of the second Tuesday, making it easy to deploy new content automatically. Missing a deployment of Microsoft’s recommended patches is a major factor in unprotected or under-protected environments and leaves the door open for attack.

Syxsense products support iOS, iPadOS, Android, Windows Servers, Windows Desktop, MacOS devices, and a variety of Linux distributions, now also including the enterprise-friendly Rocky Linux.

Information and pricing on these new Syxsense products is available on the Syxsense website. Qualified customers are also able to schedule a personalized demo of the existing products and the new MDM module, and receive a $100 gift card in return, by registering here.

More Information

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||

Watch the Webcast: March Linux Updates 2022

By News, VideoNo Comments

Watch the Webcast: March Linux Updates 2022

Watch this week's webcast to hear IT industry experts discuss strategies for tackling the latest in Linux.

View the Webcast

What You Need to Know: March Linux Updates

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

WhisperGate and HermeticWiper: Critical Public Aware Vulnerabilities

By BlogNo Comments

WhisperGate and HermeticWiper: Critical Public Aware Vulnerabilities

WhisperGate, a new malware, is being used to target organizations in Ukraine and companies with connections to the country.

WhisperGate Malware Is Targeting Ukraine

The Microsoft Threat Intelligence Center (MSTIC) has disclosed that malware known as WhisperGate is being used to target organizations in Ukraine and companies with connections to the country. According to Microsoft, WhisperGate is intended to be destructive and designed to render targeted devices inoperable.

Additionally, several cybersecurity researchers disclosed that malware known as HermeticWiper was being used against organizations in Ukraine. According to SentinelLabs, the malware targets Windows devices only by manipulating the master boot record resulting in subsequent boot failure.

These attacks are not intended to be used to extract a ransom, but to cause the maximum IT outage possible in an organization, by turning all devices into expensive door stops.

The National Cyber Security Centre in the UK are not aware of any current specific threats to UK organizations in relation to events in and around Ukraine, but there has been a historical pattern of cyberattacks on Ukraine with international consequences.

Threat actors have deployed destructive malware, including both WhisperGate and HermeticWiper against organizations in Ukraine to destroy computer systems and render them inoperable.

A joint Cybersecurity Advisory (CSA) between the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) provided information on WhisperGate and HermeticWiper malware as well as open-source indicators of compromise (IOCs) for organizations to detect and prevent the malware.

This data has been provided to help secure the maximum number of organizations around the world.

Identifying WhisperGate

The following payloads are used to both infect and launch the WhisperGate attack. These are files which have known file hashes.

Even if the file name has changed, Syxsense can still detect this threat and keep your endpoints secure. The infection comes in 2 parts, first a stage file is copied to the PC which then launched stage 2 which causes the end result.

Name File Category File Hash
WhisperGate stage1.exe a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92
WhisperGate stage2.exe dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78

Identifying HermeticWiper

Any of the following payloads could be used to both infect and launch the HermeticWiper attack. These are files which have known file hashes, even if the file name has changed Syxsense can still detect this threat.

Similar to WhisperGate, these are files delivered initially as a Trojan, and from there it downloads and launches the sophisticated attack.

Name File Category File Hash
Win32/KillDisk.NCV Trojan 912342F1C840A42F6B74132F8A7C4FFE7D40FB77
61B25D11392172E587D8DA3045812A66C3385451
HermeticWiper Win32 EXE 912342f1c840a42f6b74132f8a7c4ffe7d40fb77
HermeticWiper Win32 EXE 61b25d11392172e587d8da3045812a66c3385451
RCDATA_DRV_X64 ms-compressed a952e288a1ead66490b3275a807f52e5
RCDATA_DRV_X86 ms-compressed 231b3385ac17e41c5bb1b1fcb59599c4
RCDATA_DRV_XP_X64 ms-compressed 095a1678021b034903c85dd5acb447ad
RCDATA_DRV_XP_X86 ms-compressed eb845b7a16ed82bd248e395d9852f467
Trojan.Killdisk Trojan.Killdisk 1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591
Trojan.Killdisk Trojan.Killdisk 0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da
Trojan.Killdisk Trojan.Killdisk a64c3e0522fad787b95bfb6a30c3aed1b5786e69e88e023c062ec7e5cebf4d3e
Ransomware Trojan.Killdisk 4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

Increase Your Endpoint Security with Syxsense

Using the power and intelligence of the vulnerability scanning engine within Syxsense Cortex, you can detect these malicious threats before it damages your devices.

You may configure the actions to keep your environment safe, such as simply deleting the file or to completely isolate the device from the network — this can stop a widespread attack in its tracks.  You decide on the risk you are prepared to take!

These can be found within the extensive library of security scripts under “WhisperGate” and “HermeticWiper.”

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

March Patch Tuesday 2022 Resolves 71 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

March Patch Tuesday 2022 Resolves 71 Vulnerabilities

March Patch Tuesday 2022 has officially arrived — tackle the latest Microsoft updates and vulnerabilities for this month.

Microsoft Releases 71 Fixes This Month Including 3 Public Aware Threats

There are 3 patches rated Critical and 68 are rated Important.  Microsoft Windows and Windows Components, Azure Site Recovery, Microsoft Defender for Endpoint and IoT, Intune, Edge (Chromium-based), Windows HTML Platforms, Office and Office Components, Skype for Chrome, .NET and Visual Studio, Windows RDP and SMB Server have all been updated.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “Public Aware threats do not often go to Weaponized, but do you want to be the IT Manager who didn’t prioritize these updates? There are very few Critical severity patches this month for the release, but that doesn’t mean some of the Important updates should be ignored.  Your patching strategy should be based on the risk you are prepared to take, and if the risk if too high then deploy those patches.”

 

Top March 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend our customers enter the CVE numbers below into your patch management solution and deploy as soon as possible.

1. CVE-2022-21990: Remote Desktop Client Remote Code Execution Vulnerability

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

This vulnerability is ‘More Likely’ to be used as an entry point as suggested by Microsoft.  Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-24459: Windows Fax and Scan Service Elevation of Privilege Vulnerability

Vulnerabilities details are unknown at this time but an attacker who successfully exploited the vulnerability could run arbitrary code. Keep an eye on this for changes in severity or priority.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

3. CVE-2022-24508: Windows SMBv3 Client/Server Remote Code Execution Vulnerability

The vulnerability allows a remote attacker to execute arbitrary code on the target system and is ‘More Likely’ to be used as an entry point as suggested by Microsoft.  Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Syxscore

  • Vendor Severity: Network
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes – see here

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Countermeasure Syxsense Recommended
CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-21990 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No Yes No Yes
CVE-2022-24459 Windows Fax and Scan Service Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2022-24512 .NET and Visual Studio Remote Code Execution Vulnerability Important 6.3 No Yes No Yes
CVE-2022-24508 Windows SMBv3 Client/Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-23285 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-23294 Windows Event Tracing Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-24469 Azure Site Recovery Elevation of Privilege Vulnerability Important 8.1 No No No Yes
CVE-2022-22006 HEVC Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-24501 VP9 Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-24457 HEIF Image Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-22007 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23301 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24452 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24453 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24456 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23266 Microsoft Defender for IoT Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24461 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24509 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24510 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23282 Paint 3D Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23295 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23300 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24451 VP9 Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24507 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24455 Windows CD-ROM Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23291 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23293 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23290 Windows Inking COM Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23296 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23299 Windows PDEV Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24454 Windows Security Support Provider Interface Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24464 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-24522 Skype Extension for Chrome Information Disclosure Vulnerability Important 7.5 No No No
CVE-2022-24467 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24468 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24470 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24471 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24517 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24520 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-23265 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-23284 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.2 No No No
CVE-2022-21967 Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24460 Tablet Windows User Interface Application Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23283 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23287 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24505 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23286 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23288 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23298 Windows NT OS Kernel Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24525 Windows Update Stack Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24506 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2022-24515 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2022-24518 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2022-24519 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2020-8927 Brotli Library Buffer Overflow Vulnerability Important 6.5 No No No
CVE-2022-24463 Microsoft Exchange Server Spoofing Vulnerability Important 6.5 No No No
CVE-2022-23253 Point-to-Point Tunnelling Protocol Denial of Service Vulnerability Important 6.5 No No No
CVE-2022-24526 Visual Studio Code Spoofing Vulnerability Important 6.1 No No No
CVE-2022-23278 Microsoft Defender for Endpoint Spoofing Vulnerability Important 5.9 No No No
CVE-2022-24511 Microsoft Office Word Tampering Vulnerability Important 5.5 No No No
CVE-2022-24462 Microsoft Word Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2022-23281 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-21973 Windows Media Center Update Denial of Service Vulnerability Important 5.5 No No No
CVE-2022-23297 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-24503 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 5.4 No No No
CVE-2022-21975 Windows Hyper-V Denial of Service Vulnerability Important 4.7 No No No
CVE-2022-22010 Media Foundation Information Disclosure Vulnerability Important 4.4 No No No
CVE-2022-24502 Windows HTML Platforms Security Feature Bypass Vulnerability Important 4.3 No No No
CVE-2022-21977 Media Foundation Information Disclosure Vulnerability Important 3.3 No No No
CVE-2022-24465 Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability Important 3.3 No No No
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: March 7, 2022

By NewsNo Comments

Linux Vulnerabilities of the Week: March 7, 2022

See this week's top Linux issues and keep your IT environment protected from the latest March 2022 Linux vulnerabilities.

1. Failure to properly escape SQL input in Cyrus SASL affecting Red Hat Enterprise Linux 6

Severity: Critical         CVSS Score: 9.1

This is a flaw in the SQL plugin shipped with Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28. A remote attacker can execute arbitrary SQL commands due to the failure to properly escape the SQL input. This issue can lead to the escalation of privileges.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk although it requires high privileges to be exploited, this can be exposed over any network, with low complexity, and without user interaction. Besides, this flaw allows a lateral attack to be carried out.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2022-24407

2. Out-of-bounds heap read/write vulnerability in Samba

Severity: Important    CVSS Score: 8.8

Samba versions before 4.13.17, 4.14.12, and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. Due to a boundary error when processing EA metadata while opening files in smbd within the VFS Samba module, a remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-44142

3. Double-free of the virtual attribute context in persistent search in ds-base affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.5

This is double-free in the way 389-ds-base handles virtual attributes context in persistent searches, which an attacker could use to send a series of search requests, forcing the server to behave unexpectedly, and crash.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-4091

4. Special character breaks path in XML parsing in PHP

Severity: Medium       CVSS Score: 5.3

This is a flaw in PHP. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup Language(XML) entity. A special character could allow an attacker to traverse directories.

The highest threat from this vulnerability is to confidentiality and integrity.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-21707

5. RPM’s signature vulnerability

Severity: Low  CVSS Score: 4.4

There is a flaw in RPM’s signature functionality. OpenPGP subkeys are associated with a primary key via a “binding signature. RPM does not check the binding signature of subkeys before importing them. If an attacker can add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature.

The highest threat from this vulnerability is to data integrity.

Syxscore Risk Alert

This vulnerability has a low risk as although this requires access to the same network as the device, complex attack and user interaction to be exploited, it can be exposed with low privileges.

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3521

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo