Skip to main content
Monthly Archives

January 2023

Who is Being Victimized by Cyber – Crime? And Should You Be Worried?

By BlogNo Comments

There is so much news about cybercrime that you might get the idea that it is happening to everyone everywhere – to all organizations of all sizes and across all industries. Certainly, there is some truth to the statement that all are at risk. But it remains a generality.

Orange Cyberdefense’s Security Navigator 2023 report makes it clear that specific industries, company sizes, and architectures are far more likely to be targeted and breached than others. So, should you be worried? Let’s take a closer look at the areas that pose the most risk, and the targets cybercriminals are most likely to go after.

Most Likely to Be Victimized

The report delivered insights from around 100,000 incidents worldwide. Here are the major findings:

  • Asia and Europe are surging as hot cyber-extortion destinations, but North America remains a key target. From 2021 to 2022, an increase was observed in the number of victims from Europe (+18%) the UK (+21%), East Asia (+44), and especially the Nordic countries (+138%). North America, too, remains heavily attacked, but a little less so than before. 2022 showed the USA down by 8% and Canada by as much as 32%. 
  • Small businesses are under the gun. The study found that 4.5x more small businesses fell victim to cyber extortion than medium and large businesses combined. This indicates a clear shift in tactics by cybercriminals as they have noted the lax defenses that often exist in the SMB sector. That said, large businesses can’t rest easy. In terms of sheer volume of attacks, they suffered by far the most attacks, and were also the most heavily impacted when they did get breached.
  • The manufacturing sector is in danger. The report found that manufacturers were the most likely to fall victim to cyber-extortion. It attributed this fact to poor IT vulnerability management among large manufacturers and the fact that they often rely on legacy infrastructure. As a result, they possess a lot of non-IT operational technology (OT) systems that are rarely as well secured as IT infrastructure.
  • Malware was the most prominent attack vector, appearing in 40% of all incidents processed. Network and application anomalies were the second highest incident type but dropped in frequency from 22% down to 19%.
  • 47% of all security incidents detected originated from internal actors. Whether deliberate or accidental, insider threats are growing. As well as from sheer malice, this can be due to misconfiguration, unpatched systems, or other errors made within companies.
  • Criminal groups are evolving fast. From the top 20 actors list observed in 2021, 14 are no longer in the top 20 of 2022. After Conti disbanded in Q2 2022, Lockbit2 and Lockbit3 become the biggest cyber extortion actors in 2022 with over 900 victims combined.

How to Avoid Becoming a Victim

The report laid out a series of key steps that organizations can take to ensure they do not land on the naughty list (also known as the cybersecurity victims list):

  • Implement multifactor authentication (MFA) on authentication interfaces
  • Frequently backup business-critical assets and complement this with offline backups.
  • Test the integrity of these backups regularly by restoring critical functions.
  • Implement or upgrade endpoint protection and anti-malware systems.
  • Install defenses against Distributed Denial of Service (DDoS) attacks.
  • Configure firewalls and other perimeter equipment to allow only the minimum of outbound traffic to the internet.
  • Monitor outbound traffic closely for anomalies. 
  • Identify trust boundaries and implement tight controls for services and users that want to cross into those zones. Least privilege and Zero Trust concepts can also apply here as well as network segmentation. 
  • Identify and patch any internet-facing technologies, especially Remote Access like VNC and Microsoft RDP, Secure Remote Access like VPNs, and other security technologies like firewalls.
  • Continuous vulnerability management
  • Prioritize patches based on whether vulnerabilities have known working exploits. This is applicable to infrastructure as well as end-user software or devices. Internet-facing services with known vulnerabilities must be patched.

Syxsense Enterprise takes care of the last three points while providing a Zero Trust framework. It offers automated patch testing, deployment, and prioritization, as well as continuous vulnerability scanning, mobile device management (MDM), IT management, and automated remediation.

For more information, visit: www.Syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 31, 2023
Love0
Advancing zero trust priorities

Analyst Insights: Advancing Zero Trust Priorities

By Video, Webinars, Zero TrustNo Comments

Syxsense is proud to host Christopher M. Steffen in conversation with Graham Brooks on recent trends in information security, the state of the industry, and the future of Zero Trust initiatives in the new year.

In this session you’ll learn:

  1. The top information security challenges organizations report facing in 2023
  2. What’s driving successful Zero Trust projects
  3. Where organizations are falling short in implementation

To support Zero Trust projects, we’ve also created an eBook with actionable insights to develop and drive a successful Zero Trust initiative at your organization, which you can view here.

Watch the Webinar

January 30, 2023
Love0
Zero trust project

Driving a Successful Zero Trust Project

By Zero TrustNo Comments
What is the Zero Trust mindset, and what are the basics of implementing a Zero Trust framework for IT security?

Zero Trust is commonly misunderstood as a single framework that can be deployed as an out-of-the-box solution for all your cybersecurity needs. In fact,

Zero Trust is a comprehensive and flexible trust model that eliminates the principle of implicit trust from inside and outside your network perimeter.

Download the eBook

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 26, 2023
Love0

Sloppy CVE Handling Could Mean its Time to Update Your CV – Unless you Bring in an MSP

By BlogNo Comments

There are hundreds of Common Vulnerabilities and Exposures (CVEs) in existence, some more serious than others. All need attention, yet many organizations have gotten sloppy about how they take care of CVEs. Some take months to deploy urgent patches as covered in CVEs. Sometimes in can take years. In a few cases, there are CVEs unresolved in organizations that are more than a decade old.

Those in IT and cybersecurity that are guilty of ignoring or taking far too long to remediate CVEs are advised to either update their CVs and resumes and start sending them out – or bring in an MSP that can completely take care of patch management and vulnerability management. It’s the easy way to ensure no CVEs are unaddressed anywhere in IT systems.

CVEs in Neglect

Let’s take a look at some of the important CVEs that are largely neglected in many organizations. These are only a few examples out of many that could be lurking:

CVE-2018-13379 FortiGate VPNs: The CVE title includes the year of release. This one from 2018 is still being exploited despite regular alerts being issued about it.  Advanced Persistent Threat (APTs) groups continue to use it in attacks. It is such a severe risk that anyone using this VPN without the patch deployed should assume they are now compromised and to begin incident management procedures. Remediation steps include removing these VPNs from service, returning them to factory default settings, reconfiguring them, installing all patches, and once done, returning them to service. An upgrade to the latest FortiOS version is also recommended. Further action indicated is to scan all hosts and networks that are in any way connected to the VPN to look carefully for any signs of malicious activity.

There are also several high-priority patches from 2019 that are often unpatched in enterprise systems:

CVE-2019-19781 about Citrix NetScaler from 2019 has been used to compromise, among others, an Australian defense database.

CVE-2019-11510 relates to Pulse Secure Connect. It can result in arbitrary file disclosure and leaks of admin credentials. This one has been used in attacks via VPNs and by nation-state actors.

CVE-2019-3396 for Atlassian Confluence is a remote code execution bug.

CVE-2020-0688 for Microsoft Exchange. Dating back to early 2020, it leaves server data unencrypted and open to attack. Nearing its third anniversary, it remains a potent vulnerability for the bad guys to exploit.

This is just a partial list. Others that are deemed serious from 2019 include CVEs related to a Cisco router, Oracle WebLogic Server, Kibana, Zimbra software, the Exim Simple Mail Transfer Protocol. When you factor in the CVEs from 2020, 2021, and 2020, the list is very long indeed.

Watch Your Back

Anyone with vulnerabilities and CVEs unpatched dating back more than a couple of months in 2022 should watch their back as they are open to charge of neglecting their cybersecurity duties. Anyone with un-remediated CVEs from 2021, 2020, 2019, or even as far back as 2018 as in the case of FortiGate VPN, could well be soon looking for a new job. They better dig out their CV and get it updated fast.

Before the axe falls, a smart move would be to draft in help from an MSP to help eliminate these vulnerabilities, institute vulnerability management and attack readiness processes, and fully patch all applications, operating systems, and endpoints including mobile devices.

Syxsense offers managed security services for patch management, vulnerability management, and remediation. These services provide real-time, 24-hour security coverage. Syxsense also offers an MSP/MSSP program with a world-class platform. Both are built on the foundation of Syxsense Enterprise, an automated patch management, vulnerability scanning, mobile device management (MDM) and IT management platform. It detects outdated patches and threats in real time and can be used to implement updates before bad actors can take advantage of exploits. Syxsense Enterprise incorporates Zero Trust practices and includes features such as patch supersedence, patch roll back, and a wealth of automation and configuration features. In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

For more information, visit: www.Syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 26, 2023
Love0
Syxsense Blog

Long Patching Delays Haunt Enterprise Cybersecurity

By BlogNo Comments

Imagine a kingdom facing invasion from a hostile and determined foe. The citizens band together to build the highest and widest walls possible. They erect battlements, dig deep moats filled with water, forge mighty gates of the strongest metal, and spend countless thousands of hours making sure they are fully secure – only for all to be lost as someone forgot to lock the back gate being used to take out the garbage.

A similar situation is haunting modern enterprise “kingdoms.” Businesses are spending a fortune on cybersecurity – as much as 20% of the overall IT budget. They are deploying intrusion detection and remediation systems, endpoint management technology, Security Information and Event Management (SIEM), threat detection, ransomware prevention, next generation firewalls, Zero Trust Network Access (ZTNA), multifactor authentication (MFA), Secure Access Service Edge (SASE), and a host of other solutions to remain free of breaches. But the entire team is being let down by one little patch that was never deployed on a critical server. Result: the bad guys get in, hold the organization to ransom, extort millions, and live to wreak havoc another day.

This situation is far closer to reality than fairytale in many organizations. Orange Cyberdefense’s Security Navigator 2023 report revealed many startling findings. But by far the most shocking was the state of enterprise patching. Researchers found that businesses are taking an astonishing 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally still takes more than 6 months to deploy a patch.

Take the Log4j vulnerability. Originally discovered on 9 December 2021, that means that on average, most organizations hadn’t deployed the many patches released to counter Log4j until July of 2022. How could it be that this vulnerability was labeled by many as one of the most serious that had appeared in years, yet so many chose to ignore the warnings and left the patches gathering dust?

Why So Long to Patch?

What might be the reasons why it could possibly take so long for organizations to deploy urgent patches? Complacency and neglect are certainly factors to consider. Functions like patching and backup are often taken care of as routine and non-emergency duties. Perhaps initially, they are given importance.

New patch management software or services are obtained. Best practices are discussed and implemented. All is well for a while. But over time, these functions receive less and less attention. They are perhaps still done, but fewer eyes are on them, no one bothers to check whether patching was deployed correctly, whether new systems and devices were added to the patching schedule, how long patches took to deploy, or how many patches are currently backlogged.

Testing is another area where organizations can inadvertently cripple patching effectiveness. Once upon a time, they may have suffered some problems due to a glitchy patch that caused downtime. They institute a lengthy and laborious patch testing protocol which, in reality, means that every patch has to go through testing before being sent anywhere. As a result, some patches take an age to be deployed.

There is no time to lose in installing priority patches. Syxsense provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches rapidly across the wire once and then use peer-to-peer within the network for local distribution. This ensures there are no network bottlenecks blocking patch delivery. In the case of a patch or update that causes incompatibilities in other systems, patch roll back features allow you to return systems to the state that existed before the implementation of a new patch.

Lack of Automation in Patching

Lack of automation, too, can dead-end organizational patching. If it remains a manual process, it becomes all too easy for someone to forget to deploy patches or omit transmitting them to half the devices in the network. With hundreds or even thousands of endpoints to manage, lack of automation can delay the implementation of critical patches. Automation saves time as IT no longer has to formulate scripts, hop from one screen to another, or manually push out patches to various destinations.

Additionally, there are factors such as incomplete inventorying of devices and poor reporting. It is one thing to say all systems are patched and fully updated. But it is another to be able to prove it. Comprehensive inventorying and reporting are vital.

Syxsense lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features. In addition, it provides immediate turnaround for the testing and delivery of patches as well as peer-to-peer technology that delivers patches to all devices fast.

For more information, visit: www.Syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 24, 2023
Love0

January Patch Tuesday Updates | 2023

By Patch Tuesday, Video, WebinarsNo Comments

Watch February’s Microsoft Patch Tuesday Forecast On Demand

Watch the Replay

Join us as we dive into this month’s bulletins and show you strategies for tackling the latest and most important Patch Tuesday updates.  Our IT industry expert Rob Brown, Syxsense’s Chief Customer Success Officer, will be covering all of the latest updates live. Rob’s team of IT management experts has deployed over 100 million patches — be sure to register so you don’t miss out on the top patch strategies of the month!

Hosted by Rob Brown

During his 17 years at Syxsense, Rob’s role has evolved from onsite technical consultant through providing solutions around Patch Management, Vulnerability Management and Security Best Practices. His team have deployed over 100M patches to our global customers over the last decade.

January 20, 2023
Love0

Syxsense Predictions Critical Infrastructure Attacks, More Cyber-Regulation, Faster Zero-Day Exploitation, and Slow but Steady Growth of Zero Trust in 2023

By BlogNo Comments

Jonathan Cassell, Senior Solutions Architect at Syxsense, gazed into the cyber-crystal ball and came up with several predictions for 2023. These include more cyberattacks on critical infrastructure, increased cyber-regulation, faster zero-day exploits, and growing adoption of zero trust, though not at a pace necessary to significantly reduce the quantity of successful cyberattacks.

Here goes:     

Attacks on Critical Infrastructure

2021 and 2022 saw the appearance of serious attacks on critical infrastructure. The famous ones included: The Colonial Pipelines breach that took down east coast fuel supplies for a few days and sent gas prices soaring; and the largest meat processing firm in the world JBS suffering a ransomware attack that disabled beef and pork slaughterhouses and impacted facilities in the U.S. Canada, and Australia. Expect more of the same in 2023, and perhaps even bigger targets getting hit.

More Cyber-Regulation

The FBI’s Cybersecurity and Infrastructure Security Agency (CISA) has had quite a year. It was regularly in the news through issuance of alerts about Common Vulnerabilities and Exposures (CVEs), Shields-Up notifications to guard against Log4j and other threats, and actions taken on a bypass of many enterprises to fix vulnerabilities deemed to be a severe threat. Don’t think that the higher profile of the CISA isn’t going to ripple into other facets of government. Therefore, more cybersecurity legislation is probably on the cards. There is also talk about a potential federal-level privacy regulation similar to the EU’s GDPR.

Regardless of regulatory pressure, insurers are turning the screws on businesses, demanding that they institute stronger cybersecurity safeguards if they want to be given cyber-insurance. Some are being turned down, some given high premiums, and others given less than comprehensive coverage as they were not deemed to have sufficient layers of protection in place.

Faster Zero-Day Exploits

The term zero day relates to recently discovered security vulnerabilities that a vendor or developer has only just learned about. Hence the term – they have zero days left to remediate it. Zero-day attacks are particularly worrying as they can be exploited by cybercriminals before developers have addressed them by issuing patches and figuring out remediation steps. These exploits, therefore, can cause serious damage and data theft until fixed.

When Log4J was discovered, for example, it led to a scramble by a great many vendors and a rash of patches and remediation protocols.

The bad news is that 2023 will probably bring even quicker zero-day exploits leading to shorter time frames between attacks. It may even lead to manufacturers and other victims not discovering such vulnerabilities for longer periods, and not disclosing them promptly either.

Zero-Trust Grows, But Slowly

There is great hope in the cybersecurity community that zero-trust network access (ZTNA) will solve a lot of ongoing difficulties. Certainly, ZTNA is growing and should grow more in 2023. However, we don’t yet see the market traction for it to be deployed widely in enough businesses to make a serious dent in the number of cyberattacks and breaches.

ZTNA encompasses technologies that enable secure access to internal applications. It grants access on a least-privileged basis via granular policy management to give verified users secure connectivity to private applications while protecting the network and avoiding exposing apps to the internet. Thus, Zero Trust is all about securing IT infrastructure and data via a framework that can tackle safeguard remote workers, hybrid cloud environments, and IT in general. It works on the assumption that any network is always at risk of either internal or internal attacks. In essence, Zero Trust means an individual is not just trusted because they are on the network. They must prove who they are and are given only limited access to the systems they need. Beyond safeguarding and vetting individual identities, the next frontier is now verifying machine identities such as the specific device and browser being used for access.

The Syxsense Zero Trust module, part of Syxsense Enterprise, provides hundreds of parameters IT can use to report and act on device compliance. For example, it can determine if a is laptop accessing a NetSuite server after hours from an IP address in an unfamiliar location. If so, it blocks it. It also has the power to enforce compliance with Zero Trust policies prior to granting access on an asset-by-asset basis. And it includes automated remediation of non-compliant endpoints, which could include patching the system, enabling an antivirus tool, and making sure it is up to date on patterns, emailing IT about unauthorized access, and more.

For more information, visit: www.Syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 19, 2023
Love0
IT managers device management

How System Administrators and IT Managers Can Get More Sleep

By BlogNo Comments

Those working in IT grow accustomed to pagers or smart phones going off in the middle of the night. That means they must get dressed, grab a quick coffee, and head into the office to resolve the latest security alerts, server outages, or network glitch. It can happen on weekends, too. Instead of a relaxing lie in bed for some much-needed hours of extra slumber, an alert comes in – or it happens during precious leisure hours with family and friends. The IT staffer must pack up the beach towels or turn off the barbeque or the game, kick off the flipflops, and take that long commute the work.

By deploying Syxsense for automated patch management, mobile device management (MDM), vulnerability scanning, IT management, and remediation, IT personnel can greatly increase their number of hours of undisturbed sleep AND feel far less resistance about meeting each new day. Here’s how:

Morning Slumbers

A fascinating study by Best Mattress Brand revealed that the job one does and the industry worked in have a definite influence on the number of minutes people lie in bed after the alarm sounds. Regardless of the time you need to be at work, you’re going to set an alarm depending on how long it takes you to get up, get ready, and get to your workplace. These times are often influenced by factors such as the stress one has to endure, the type of responsibility each person has, and the way each one of us decides to face the day ahead.

Those who stay in bed the least seems to be working in transportation and warehousing (8 minutes), homemaker (8 minutes), construction (7 minutes) and manufacturing (7 minutes). Medical and healthcare, finance and insurance and IT all stand at an average of 11 minutes of lying in bed after the alarm, while government and public administration, education and wholesale and retail workers take in average 10 minutes.

The study found that job satisfaction was somewhat correlated to the length to time people want to linger in bed. Those the least happy at work tended to lie in bed for around 11 minutes – the same as IT.

Certainly, there may be other factors. Nevertheless, all those late night and weekend alerts, and the intense stress of working in a stressful malware-saturated environment seem to be taking their toll on system administrators and IT managers. They either want to remain in bed a few extra minutes to make up for lack of sleep, or they stay under the covers longer as they try to muster the courage to face another hectic day of ransomware threats, phishing alerts, and data breaches.

Syxsense Can Help You Get More Sleep

Experts say sleep is as important for good health as diet and exercise. A good night’s sleep improves brain performance, mood, and health. Not getting enough quality sleep regularly raises the risk of many diseases and disorders.

Syxsense is a sure way for system administrators, IT managers, and cybersecurity personnel to get more sleep, improve their mood, and improve productivity. It automates the entire process of patch management, vulnerability scanning, and mobile device management (MDM). As it protects organizations from breaches by blocking users on untrusted devices, it helps organizations create a security posture that encompasses the various criteria necessary to be granted trusted access. It can also automatically apply fixes and remediate issues in real time to enable proper access. Remediation actions might include deploying an urgently needed security patch, updating the anti-virus signature database, and alerting IT about unauthorized access attempts.

By deploying Syxsense Enterprise, IT personnel gain peace of mind. They get go to bed at night confident that they are extremely unlikely to be distributed by the strident sound of a pager. They can engage in activities with family and friends at the weekend without the specter of yet another interruption due to the latest emergency. By sleeping better, they can wake up refreshed and increase their level of happiness and job satisfaction.

For more information, visit: www.Syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 17, 2023
Love0

January 2023 3rd Party Roundup Webinar

By Patch Tuesday, Video, WebinarsNo Comments

In this video, we have our industry expert, Jon Cassel here to give us an inside look at the newest third-party patch releases. And with that, Jon Cassel. Syxsense is the leading provider of innovative, intuitive technology that sees all and knows everything about every endpoint, in every location, everywhere inside and outside the network, as well as in the cloud. It combines the power of artificial intelligence with industry expertise to manage and secure endpoints by stopping threats before they occur and neutralizing threats when they happen.

The Syxsense Endpoint Security Cloud always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm.

Watch the Webinar

January 15, 2023
Love0

December Patch Tuesday Update 2022

By Patch Management, Patch Tuesday, WebinarsNo Comments

Watch our December Patch Tuesday 2022 webcast for all the details on the most important vulnerabilities of the month.

Play Video

Microsoft releases 98 fixes this month including 11 Critical, one Public Aware and one Weaponised Threat

There are 11 Rated Critical and 87 are rated Important. Microsoft Windows, Office, NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows Defender, Windows Print Spooler Components and Microsoft Exchange Server have all received fixes this month.

Robert Brown, Head of Customer Success for Syxsense said, “We are starting the year with almost 100 bugs being fixed. Last month in December there were no Preview updates available, which means Microsoft would not have had the same level of testing they would usually would have liked, so we recommend taking the first deployment of this year as carefully as possible — additional internal testing should be conducted to ensure your end users do not suffer. You will also notice 14 (fourteen) 3D Builder Remote Code Execution Vulnerability fixes have been added to the release notes; however, Microsoft has yet to release the fixes for them so keep an eye on these, as they could indicate problems with testing.”

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.

CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

This vulnerability has a large coverage of the Microsoft operating system estate from Windows 8.1 to Windows 11 on workstations and Windows 2012 R2 to 2022 20H2 on servers. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges. Combined with both being actively exploited and having a Jump Point, this should be your number 1 priority.

Note: The vulnerability is Weaponised and has a Jump Point

Syxscore
Vendor Severity: Important
CVSS: 8.8
Weaponised: Yes
Public Aware: No
Countermeasure: No

Syxscore Risk
Attack Vector: Network
Attack Complexity: Low
Privileges: None
User Interaction: Required
Scope (Jump Point): Changed / Yes

CVE-2023-21549 Windows SMB Witness Service Elevation of Privilege Vulnerability

Although Microsoft states this vulnerability is less likely to be used in an attack, the exact steps to follow to exploit this vulnerability can be found on the internet. If that could happen, an attacker could execute RPC functions that are restricted to privileged accounts only hence the CVSS score of 8.8.

Note: The vulnerability is Public Aware

Syxscore
Vendor Severity: Important
CVSS: 8.8
Weaponised: No
Public Aware: Yes
Countermeasure: No

Syxscore Risk
Attack Vector: Network
Attack Complexity: Low
Privileges: Low
User Interaction: None
Scope (Jump Point): Unchanged / No

CVE-2023-21561 Microsoft Cryptographic Services Elevation of Privilege Vulnerability

A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM. The AppContainer environment is considered a defensible security boundary therefore any process that can bypass the boundary is considered a change in Scope (what we call a Jump Point). The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

Note: The vulnerability has a Jump Point

Syxscore
Vendor Severity: Critical
CVSS: 8.8
Weaponised: No
Public Aware: No
Countermeasure: No

Syxscore Risk
Attack Vector: Local
Attack Complexity: Low
Privileges: Low
User Interaction: None
Scope (Jump Point): Changed / Yes

Syxsense Cortex Workflows are being set up to remediate all of January’s patches with the click of a button.

If you would like to see how Syxsense can help you automate your patch remediation process, click to schedule a customized demo.

Microsoft’s January Patch Tuesday Fixes

Reference Description Vendor Severity CVSS Score Publicly Aware Weaponised Countermeasure Additional Information
CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Important 8.8 No Yes No Scope = Changed / Jump Point = True
A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
CVE-2023-21549 Windows Workstation Service Elevation of Privilege Vulnerability Important 8.8 Yes No No An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only.
CVE-2023-21561 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical 8.8 No No No Scope = Changed / Jump Point = True
CVE-2023-21732 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2023-21744 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No In a network-based attack an attacker would need to have the privileges to create a page on a vulnerable SharePoint server. By creating a site using specific code, the attacker could execute code remotely on the target server.
CVE-2023-21742 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No In a network-based attack, an authenticated attacker as at least a Site Member could execute code remotely on the SharePoint Server.
CVE-2023-21681 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2023-21676 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2023-21543 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21546 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21555 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21556 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21679 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21535 Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21548 Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21762 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No No This vulnerability’s attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment.
CVE-2023-21745 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No No
CVE-2023-21551 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Identified by Microsoft Offensive Research and Security Engineering (MORSE).
CVE-2023-21730 Windows Cryptographic Services Remote Code Execution Vulnerability Critical 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21780 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21781 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21782 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21784 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21786 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21791 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21793 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21783 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21785 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21787 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21788 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21789 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21790 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21792 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21724 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21764 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21763 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21537 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21734 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21735 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21736 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21737 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21768 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21726 Windows Credential Manager User Interface Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21558 Windows Error Reporting Service Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.
CVE-2023-21552 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Exploitation More Likely
CVE-2023-21755 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21754 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21747 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21748 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21749 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21772 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21773 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21774 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21675 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21524 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21746 Windows NTLM Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21767 Windows Overlay Filter Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21765 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21678 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21541 Windows Task Scheduler Elevation of Privilege Vulnerability Important 7.8 No No No Exploitation More Likely
CVE-2023-21680 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21538 .NET Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21547 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21761 Microsoft Exchange Server Information Disclosure Vulnerability Important 7.5 No No No
CVE-2023-21539 Windows Authentication Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2023-21683 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21677 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21758 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21527 Windows iSCSI Service Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21757 Windows Layer 2 Tunnelling Protocol (L2TP) Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21557 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21728 Windows Net logon Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21779 Visual Studio Code Remote Code Execution Vulnerability Important 7.3 No No No
CVE-2023-21741 Microsoft Office Visio Information Disclosure Vulnerability Important 7.1 No No No
CVE-2023-21738 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.1 No No No
CVE-2023-21752 Windows Backup Service Elevation of Privilege Vulnerability Important 7.1 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21750 Windows Kernel Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2023-21760 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.1 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21531 Azure Service Fabric Container Elevation of Privilege Vulnerability Important 7 No No No An attacker who successfully exploited this vulnerability could elevate their privileges and gain control over the Service Fabric cluster. This vulnerability does not allow the attacker to elevate privileges outside of the compromised cluster.
CVE-2023-21733 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2023-21739 Windows Bluetooth Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2023-21532 Windows GDI Elevation of Privilege Vulnerability Important 7 No No No Exploitation More Likely
CVE-2023-21542 Windows Installer Elevation of Privilege Vulnerability Important 7 No No No
CVE-2023-21771 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Important 7 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21563 BitLocker Security Feature Bypass Vulnerability Important 6.8 No No No A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.
CVE-2023-21560 Windows Boot Manager Security Feature Bypass Vulnerability Important 6.6 No No No A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.
CVE-2023-21725 Microsoft Windows Defender Elevation of Privilege Vulnerability Important 6.3 No No No
CVE-2023-21559 Windows Cryptographic Services Information Disclosure Vulnerability Important 6.2 No No No
CVE-2023-21753 Event Tracing for Windows Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21540 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21550 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21776 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21743 Microsoft SharePoint Server Security Feature Bypass Vulnerability Critical 5.3 No No No Exploitation More Likely
CVE-2023-21525 Windows Encrypting File System (EFS) Denial of Service Vulnerability Important 5.3 No No No
CVE-2023-21682 Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability Important 5.3 No No No
CVE-2023-21536 Event Tracing for Windows Information Disclosure Vulnerability Important 4.7 No No No
CVE-2023-21766 Windows Overlay Filter Information Disclosure Vulnerability Important 4.7 No No No
CVE-2023-21759 Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Important 3.3 No No No An attacker who successfully exploited this vulnerability could gain access to data related to FIDO keys managed on a vulnerable system.

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Start a Free Trial
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 15, 2023
Love0