Skip to main content
Monthly Archives

April 2023

2023_Infosec_awards_winner

Syxsense Wins Three Cyber Defense Magazine Global InfoSec Awards at 2023 RSA Conference

By Awards, Cybersecurity, News, Press Release

Company recognized for Best Next Gen Endpoint Security, Hot Company in Zero Trust, and named Publisher’s Choice Security Company

SAN FRANCISCO, Calif. – RSA Conference – APRIL 24, 2023Syxsense, a global leader in Unified Security and Endpoint Management (USEM) solutions, today announced that Cyber Defense Magazine, the organization responsible for hosting the 11th Annual Global InfoSec Awards at the 2023 RSA Conference, has named Syxsense as category winners for Next Gen Endpoint Security (for Syxsense Enterprise), Hot Company in Zero Trust (for Syxsense Zero Trust), and Publisher’s Choice Security Company.

Syxsense helps organizations reduce the complexity of endpoint management and security with USEM solutions that include Syxsense Manage, Syxsense Secure, and Syxsense Enterprise. These solutions enable customers to simplify endpoint management within an IT environment, ensure comprehensive vulnerability detection and remediation, achieve real-time visibility into endpoints, and conduct crucial activities such as patch management, device quarantine, policy-based compliance reporting, zero-trust endpoint evaluation, and more. It then layers on critical workflow protections that allow IT and security teams to automate the entire endpoint security process from beginning to end with a powerful, no-code workflow automation technology called Syxsense Cortex.

“We’re very excited to be at RSA showcasing our unique approach to simplifying IT and security complexity with a unified security and endpoint management platform. Being recognized by the Global InfoSec Awards for not only our product innovation with Syxsense Enterprise and our Zero Trust module, but also as a growing security company is further validation that we are helping customers meet their challenging and ever-changing IT and security needs,” said Ashley Leonard, Founder and CEO at Syxsense. “From our comprehensive vulnerability scanning and pre-built remediations to our powerful automation engine that helps teams easily build complex workflows with just a few clicks of a button, Syxsense is leading the charge to help organizations see, manage, and secure every endpoint, no matter where it is.”

“Syxsense embodies three major features we judges look for to become winners: understanding tomorrow’s threats, today, providing a cost-effective solution and innovating in unexpected ways that can help mitigate cyber risk and get one step ahead of the next breach,” said Gary S. Miliefsky, Publisher of Cyber Defense Magazine.

To see the entire list of Global InfoSec Award winners, go to www.cyberdefenseawards.com.

Interested in a demo of Syxsense’s solutions? Come by the company booth (#4339) at the RSA Conference in the Moscone South Expo Hall, or schedule a demo online at https://hubs.la/Q01Lr0nf0.

About Syxsense

Syxsense is a leading software vendor providing endpoint security and IT operations management solutions to Managed Service Providers (MSPs), enterprises, and government organizations. Its solutions provide real-time visibility and control over endpoint devices, networks, and cloud infrastructure, helping organizations to protect against cyber threats, improve IT operations, and reduce risk. Syxsense is the first Unified Security and Endpoint Management (USEM) platform that centralizes the three key elements of endpoint security management: security and patch vulnerability management, remediation, and compliance controlled by a powerful drag-and-drop workflow automation technology called Syxsense Cortex™. Syxsense is a single cloud-based platform supporting Windows, Linux, Mac, and mobile devices on-premises and in the cloud. For more information, visit www.syxsense.com.

About CDM InfoSec Awards

This is Cyber Defense Magazine’s eleventh year of honoring InfoSec innovators from around the Globe. Our submission requirements are for any startup, early stage, later stage, or public companies in the INFORMATION SECURITY (INFOSEC) space who believe they have a unique and compelling value proposition for their product or service. Learn more at www.cyberdefenseawards.com.

Syxsense Media Inquires:

Contact: Raymond Fenton, Voxus PR

Email: rfenton@voxuspr.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

April Spotlight Webinar: Vulnerability Management

By Spotlight Webinar, Video, Webinars

The Syxsense Spotlight Webinar Series is dedicated to teaching the fundamentals of cybersecurity.

In April’s class Syxsense’s Pre-Sales Manager, Graham Brooks, demonstrates how Syxsense eliminates “all those red lines” with real-time alerting, immediate device quarantining, automated remediation, and compliance reporting.

Webinar on Demand

Graham Brooks

Hosted by: Graham Brooks, Syxsense Pre-Sales Manager

Graham is currently a Pre-Sales Manager at Syxsense and has been working in the IT and Security industries for the last 7 years. Before working at Syxsense he was an IT Analyst for a major DOE and DOD Security manufacturing company. He currently holds the RHCSA and Security Plus certifications.

April-3rd-Party-Roundup-Webinar

April 2023 3rd Party Roundup Webinar

By Patch Management, Patch Tuesday, Video, Webinars

Don’t miss out on April’s powerful Patch Management Update.

Fill out the form to the right to watch as we dive into April’s bulletins and show you strategies for tackling the latest and most important Patch updates. Our IT industry expert, Jon Cassell, Syxsense’s Senior Solutions Architect, covers all of the latest updates.

Syxsense spots critical threats early and deploys instantly, with curated patch content that includes risk assessment, patch prioritization, and dedicated Patch scheduling for simple deployment every month.

Our experts have deployed over 100 million patches. Join us as we tackle this month’s updates and then get your own customized demo to see how Syxsense can help you manage Patch vulnerabilities and more.

Watch the Webinar

Jon_Cassell

Hosted By: Jon Cassell, Syxsense Senior Solutions Architect

Jon is currently Senior Solutions Architect at Syxsense and has been working in the IT and Infrastructure industries for the last 15 years. Before working at Syxsense, he was an IT Manager for a large financial services firm and has a background in Accounting and Tax consultation. He currently holds an MCSA in Server Infrastructure, A+, Network+, Security+, and Server+ certifications.

GigaOm Key Criteria for Evaluating Patch Management: An Evaluation Guide for Technology Decision Makers

GigaOm Key Criteria for Evaluating Patch Management

By News, Patch Management

Download the Report

An Evaluation Guide for Technology Decision Makers

Key Criteria for Evaluating Patch Management

Software is rarely immutable. It often needs to be modified — patched — to fix a bug or vulnerability, add security, or update a feature. In today’s systems, patch management is critical for ensuring that the appropriate patches are acquired and installed for all applications and tools.

ransomware

Beyond the British Monarchy: Ransomware Goes Royal

By Blog

The trials and tribulations of the British royal family are not the only royalty making headlines these days. The Royal ransomware group, believed to have evolved from the notorious and now defunct Conti ransomware group, is making waves across the U.S. and the United Kingdom.

In its heyday, Conti claimed responsibility for multiple high-profile cyber-attacks, including the Costa Rican and Peruvian government systems, several well-known retailers, and the Irish healthcare service. However, Conti saw its operations effectively shut down over the summer of 2022 for a variety of reasons, including receiving too much government attention which had put a target on the group’s back. Many of the group’s members, though, remained at large. And many believe some of those members have formed the Royal group.

Royal started small and focused their attention on attacking the healthcare sector. But more recently, the Royal gang has risen to prominence. So much so that it is being labeled as one of the most active and dangerous ransomware gangs in the world today. To elevate the seriousness of the Royal gang, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory alerting critical infrastructure providers to review their ransomware prevention and detection strategies and providing insight into the technical details of how Royal members gain access and execute their attacks.

One reason for Royal’s success is the evolution of new techniques and ransomware variants. This makes it much easier for them to infiltrate and infect Linux hosts and VMware ESXi servers, for example. Hence the latest #StopRansomware advisory from CISA that lays out their tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs).

How the Royal Gang Gets Access to Your Enterprise

Some facets of the Royal ransomware variant are unique. But the tactics used to gain initial access to an enterprise are unsurprising. According to CISA, Royal used phishing attacks on two-thirds of its recent victims to gain entry. While there are some technical approaches that can remove phishing emails from the inbox, security awareness training is critical.

Another major attack vector for the Royal gang is to exploit the Remote Desktop Protocol (RDP). CISA found that 13.3% of Royal incidents used RDP for initial access. Other vectors of initial entry include exploitation of public-facing applications (such as a customer or client portal) and harvesting virtual private network (VPN) credentials from stealer logs or using brokers for initial access.

What Happens Under Royal’s Rule

Once Royal gains access to your enterprise, they launch a custom-made file encryption program. The malware disables antivirus software and exfiltrates large amounts of data before deploying ransomware, encrypting systems, and demanding funds. Ransom demands have ranged from $1 million to $11 million.

The most significant tactical shift in Royal ransomware is how files are encrypted to evade detection. Instead of encrypting all the data in all files, which can set off alarms with anomalous traffic patterns, files are only partially encrypted. Current ransomware protection defenses are not architected to spot partial encryption of files. CISA also noted that Royal utilizes double extortion – both demanding a ransom and threatening to publicly release sensitive data if the ransom is not paid.

After gang members have gained a beachhead in the enterprise, they use command and control (C2) infrastructure to download various tools to strengthen their foothold in the victim’s network. They can also take over remote monitoring and management software to move laterally across a network. Further, they can even harness legitimate pen testing tools like Cobalt Strike for data exfiltration.

Protecting Your Organization Against Royal Ransomware Gang

As part of the advisory, CISA issued several recommendations to mitigate cyber threats from ransomware in general, such as enabling and enforcing multifactor authentication, reviewing security awareness training on phishing emails, and more.

With the Royal gang, in particular, organizations should:

  • Keep all operating systems, software, and firmware up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats.
  • Prioritize remediating known exploited vulnerabilities.
  • Review, monitor, and if possible, disable protocol and port usage.

Royal has proven that they can exploit RDP to gain initial access to enterprises and to infect out-of-date Linux devices to exploit ESXi virtual machines. Because of this, ensuring your endpoints and devices are up to date with the latest patches is critical. Patching can be cumbersome, but it doesn’t have to be difficult. Some patch management solutions provide a three-hour turnaround for the testing and delivery of new patches – and come equipped with technology to send software and patches across the wire once.

Taking your security processes a step further to monitor risky services or ports across your endpoints will only strengthen your security posture. Enterprises with a unified security and endpoint management (USEM) solution can implement these preventive measures quickly. USEM solutions easily discover all devices across your network and enable you to manage and patch any endpoints that are out of date – regardless of whether those devices are running Windows, Linux, or Mac. And, within the same product, you can run a vulnerability scan to identify risky services and ports that may be vulnerable to exploitation. For example, you can see a snapshot below from the Syxsense platform of devices that are running RDP without robust security controls in place.

If your organization is still struggling to manage endpoints, prioritize patching, and unsure if you have weak points that threat actors are looking to exploit, let’s have a conversation. You can schedule a one-on-one demo to find out how to improve your chances against a sophisticated ransomware group like Royal.

April 2023 Patch Tuesday Update with Syxsense

Microsoft Patch Tuesday Update | April 2023

By Patch Management, Patch Tuesday, Video, Webinars

Watch April’s Microsoft Patch Tuesday Forecast On Demand

Fill out the form to the right to view as we dive into this month’s bulletins and show you strategies for tackling the latest and most important Patch Tuesday updates.  Our IT industry expert Rob Brown, Syxsense’s Chief Customer Success Officer, will be covering all of the latest updates live. Rob’s team of IT management experts has deployed over 100 million patches — be sure to register so you don’t miss out on the top patch strategies of the month!

syxsense - patch management, cybersecurity, mobile device management, security scanning, remediation

Hosted by Rob Brown

During his 17 years at Syxsense, Rob’s role has evolved from onsite technical consultant through providing solutions around Patch Management, Vulnerability Management and Security Best Practices. His team have deployed over 100M patches to our global customers over the last decade.

April 2023 Patch Tuesday Update with Syxsense

April Patch Tuesday 2023 Addresses 8 Critical and 90 Important Issues

By Blog, Patch Management, Patch Tuesday

Don’t miss our April 2023 Patch Tuesday webcast for all the details on the most important vulnerabilities of the month.

Microsoft releases 98 fixes this month including 8 Critical and 1 Weaponised Threats

There are 8 Critical and 90 Important fixes for Patch Tuesday, April 2023.  Microsoft Windows, Windows Components, Office and Office Components, Windows Defender, SharePoint Server, Windows Hyper-V, PostScript Printer and Microsoft Dynamics have all received fixes this month.

Robert Brown, Head of Customer Success for Syxsense said, “We have a Weaponised vulnerability to fix this month and we also have a second month with a very large number of fixes impacting PostScript and PCL6 Class Printer Drivers.  Careful testing must be done to ensure no printing issues are experienced following patching.  We also have 2 patches that resolve vulnerabilities which have a CVSS score of more than 9 (Critical) and if you count all the individual CVSS scores together, April has a combined CVSS score of 722.4 up from 529.6 last month.”

Top April 2023 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability

This vulnerability has been fixed several times this month, and has been Exploited at least twice before, which indicates to us that they have not fixed the issue yet.  An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Note:  The vulnerability is being actively exploited.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponised: Yes
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

2. CVE-2023-21554 Microsoft Message Queuing Remote Code Execution Vulnerability

According to Microsoft, this vulnerability is More Likely to be Exploited.  The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability.  This feature can be added via the Control Panel.  You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

3. CVE-2023-28250 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

According to Microsoft, this vulnerability is More Likely to be Exploited.  The vulnerability exists due to insufficient validation of user-supplied input in the Windows Pragmatic General Multicast (PGM).  A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

April 2023 CVE Overview

Additional newly identified CVEs and corresponding information can be found below.

Reference Description Vulnerability Impact Vendor Severity CVSS Score Weaponized Publicly Aware Exploitability Assessment Additional Details
CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 Yes No Exploitation Detected An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21554 Microsoft Message Queuing Remote Code Execution Vulnerability Remote Code Execution Critical 9.8 No No Exploitation More Likely
CVE-2023-28250 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Remote Code Execution Critical 9.8 No No Exploitation Less Likely Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:

The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.

You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine.

CVE-2023-28231 DHCP Server Service Remote Code Execution Vulnerability Remote Code Execution Critical 8.8 No No Exploitation More Likely
CVE-2023-28240 Windows Network Load Balancing Remote Code Execution Vulnerability Remote Code Execution Critical 8.8 No No Exploitation Less Likely A workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. The following workaround might be helpful in your situation:

Migrate from Network Load Balancing to Software Load Balancing.

CVE-2023-28291 Raw Image Extension Remote Code Execution Vulnerability Remote Code Execution Critical 8.4 No No Exploitation Less Likely
CVE-2023-28219 Layer 2 Tunnelling Protocol Remote Code Execution Vulnerability Remote Code Execution Critical 8.1 No No Exploitation More Likely
CVE-2023-28220 Layer 2 Tunnelling Protocol Remote Code Execution Vulnerability Remote Code Execution Critical 8.1 No No Exploitation More Likely
CVE-2023-28232 Windows Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Remote Code Execution Critical 7.5 No No Exploitation Less Likely
CVE-2023-21727 Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.
CVE-2023-24884 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24885 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24886 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24887 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24925 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24926 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24927 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24928 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24929 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-28243 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-28275 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely
CVE-2023-28297 Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability Elevation of Privilege Important 8.8 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28296 Visual Studio Remote Code Execution Vulnerability Remote Code Execution Important 8.4 No No Exploitation Less Likely
CVE-2023-28221 Windows Error Reporting Service Elevation of Privilege Vulnerability Elevation of Privilege Important 8.1 No No Exploitation Less Likely
CVE-2023-28244 Windows Kerberos Elevation of Privilege Vulnerability Elevation of Privilege Important 8.1 No No Exploitation Less Likely
CVE-2023-28268 Netlogon RPC Elevation of Privilege Vulnerability Elevation of Privilege Important 8.1 No No Exploitation Less Likely
CVE-2023-23375 Microsoft SQL Server Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-24893 Visual Studio Code Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-24912 Windows Graphics Component Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation More Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-24924 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-28225 Windows NTLM Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation Less Likely A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.
CVE-2023-28236 Windows Kernel Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28237 Windows Kernel Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28246 Windows Registry Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.
CVE-2023-28248 Windows Kernel Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation Less Likely A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.
CVE-2023-28260 .NET DLL Hijacking Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28262 Visual Studio Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain administrator privileges.
CVE-2023-28272 Windows Kernel Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28274 Windows Win32k Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation More Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28285 Microsoft Office Graphics Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28287 Microsoft Publisher Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28292 Raw Image Extension Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28293 Windows Kernel Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation Less Likely
CVE-2023-28295 Microsoft Publisher Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28304 Microsoft SQL Server Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28311 Microsoft Word Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28309 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Spoofing Important 7.6 No No Exploitation Less Likely Scope = Changed, Jump Point = True
CVE-2023-21769 Microsoft Message Queuing Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely
CVE-2023-24860 Microsoft Defender Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely
CVE-2023-24931 Windows Secure Channel Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely
CVE-2023-28217 Windows Network Address Translation (NAT) Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely Mitigation Available: This vulnerability is limited to attacker traffic inside the NAT firewall. An enterprise perimeter firewall can be used to mitigate this attack. A NAT firewall works by only allowing requested internet traffic to pass through the gateway. Internet routed network traffic cannot attack the Windows Network Address Translation Service for this vulnerability.
CVE-2023-28227 Windows Bluetooth Driver Remote Code Execution Vulnerability Remote Code Execution Important 7.5 No No Exploitation More Likely
CVE-2023-28233 Windows Secure Channel Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely
CVE-2023-28234 Windows Secure Channel Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely
CVE-2023-28238 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability Remote Code Execution Important 7.5 No No Exploitation Less Likely
CVE-2023-28241 Windows Secure Socket Tunnelling Protocol (SSTP) Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely
CVE-2023-28247 Windows Network File System Information Disclosure Vulnerability Information Disclosure Important 7.5 No No Exploitation Less Likely
CVE-2023-28300 Azure Service Connector Security Feature Bypass Vulnerability Security Feature Bypass Important 7.5 No No Exploitation Less Likely
CVE-2023-28302 Microsoft Message Queuing Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely
CVE-2023-23384 Microsoft SQL Server Remote Code Execution Vulnerability Remote Code Execution Important 7.3 No No Exploitation Less Likely
CVE-2023-28254 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 7.2 No No Exploitation Less Likely
CVE-2023-28222 Windows Kernel Elevation of Privilege Vulnerability Elevation of Privilege Important 7.1 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28224 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability Remote Code Execution Important 7.1 No No Exploitation Less Likely
CVE-2023-24914 Win32k Elevation of Privilege Vulnerability Elevation of Privilege Important 7.0 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28216 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Elevation of Privilege Important 7.0 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28218 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Elevation of Privilege Important 7.0 No No Exploitation More Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28229 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Elevation of Privilege Important 7.0 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.
CVE-2023-28273 Windows Clip Service Elevation of Privilege Vulnerability Elevation of Privilege Important 7.0 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28235 Windows Lock Screen Security Feature Bypass Vulnerability Security Feature Bypass Important 6.8 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could bypass the Windows Lock Screen security feature.
CVE-2023-28269 Windows Boot Manager Security Feature Bypass Vulnerability Security Feature Bypass Important 6.8 No No Exploitation Less Likely
CVE-2023-28270 Windows Lock Screen Security Feature Bypass Vulnerability Security Feature Bypass Important 6.8 No No Exploitation Less Likely
CVE-2023-28223 Windows Domain Name Service Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-28249 Windows Boot Manager Security Feature Bypass Vulnerability Security Feature Bypass Important 6.6 No No Exploitation Less Likely
CVE-2023-28255 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-28256 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-28278 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-28305 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-28306 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-28307 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-28308 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-24883 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Information Disclosure Important 6.5 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.
CVE-2023-28267 Remote Desktop Protocol Client Information Disclosure Vulnerability Information Disclosure Important 6.5 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.
CVE-2023-28288 Microsoft SharePoint Server Spoofing Vulnerability Spoofing Important 6.5 No No Exploitation Less Likely
CVE-2023-28312 Azure Machine Learning Information Disclosure Vulnerability Information Disclosure Important 6.5 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could access the system logs.
CVE-2023-28313 Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability Spoofing Important 6.1 No No Exploitation Less Likely Scope = Changed, Jump Point = True
CVE-2023-28314 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Spoofing Important 6.1 No No Exploitation Less Likely Scope = Changed, Jump Point = True
CVE-2023-28228 Windows Spoofing Vulnerability Spoofing Important 5.5 No No Exploitation Less Likely
CVE-2023-28251 Windows Driver Revocation List Security Feature Bypass Vulnerability Security Feature Bypass Important 5.5 No No Exploitation Less Likely
CVE-2023-28253 Windows Kernel Information Disclosure Vulnerability Information Disclosure Important 5.5 No No Exploitation Less Likely
CVE-2023-28263 Visual Studio Information Disclosure Vulnerability Information Disclosure Important 5.5 No No Exploitation Less Likely
CVE-2023-28266 Windows Common Log File System Driver Information Disclosure Vulnerability Information Disclosure Important 5.5 No No Exploitation More Likely An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.
CVE-2023-28271 Windows Kernel Memory Information Disclosure Vulnerability Information Disclosure Important 5.5 No No Exploitation Less Likely
CVE-2023-28298 Windows Kernel Denial of Service Vulnerability Denial of Service Important 5.5 No No Exploitation Less Likely
CVE-2023-28299 Visual Studio Spoofing Vulnerability Spoofing Important 5.5 No No Exploitation Less Likely
CVE-2023-28226 Windows Enrol Engine Security Feature Bypass Vulnerability Security Feature Bypass Important 5.3 No No Exploitation Less Likely
CVE-2023-28277 Windows DNS Server Information Disclosure Vulnerability Information Disclosure Important 4.9 No No Exploitation Less Likely
CVE-2023-28276 Windows Group Policy Security Feature Bypass Vulnerability Security Feature Bypass Important 4.4 No No Exploitation Less Likely
CVE-2023-21729 Remote Procedure Call Runtime Information Disclosure Vulnerability Information Disclosure Important 4.3 No No Exploitation Less Likely Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
business wire

Syxsense’s Latest Product Release Gives Organizations Robust Capabilities to Easily Automate Complex Security and IT Management Playbooks

By News, Press Release

Other platform updates include performance enhancements around device scanning, unmanaged device discovery, agent lockdown, Bitlocker encryption key storage, and more.

NEWPORT BEACH, Calif.–(BUSINESS WIRE)–Syxsense, a global leader in Unified Security and Endpoint Management (USEM) solutions, today released new updates to the Syxsense product suite designed to extend automated workflow capabilities, improve usability, and enhance overall platform security. Key to this release is the introduction of Cortex Sequences, which uses the power of automation to chain together workflows or playbooks, further enabling Syxsense customers to have intelligent endpoints that can dramatically simplify endpoint security and management.

With today’s complex digital infrastructure and cybersecurity landscape, organizations are increasingly relying on automation to streamline endpoint management and reduce their attack surface. This is critically important given recent research shows that 75% of organizations have experienced at least one attack related to poor endpoint device management. Syxsense Cortex already enables customers to combine logic, approvals, and actions to automate complex processes. With Cortex Playbooks, customers get pre-built workflows of common processes, such as ensuring a device has enough memory before running a patch scan and then pushing approved patches for any identified issues.

Cortex Sequences supercharges these capabilities by giving IT and security teams incredible control to build out a series of sequence-based automation chains between the Syxsense cloud and your managed endpoints that include targeted devices and timing handlers. All of this streamlines the management and security remediation associated with endpoint devices and provides detailed, scheduled reporting around all actions. For example, you can set up a sequence for Patch Tuesday that deploys patches to a group of test endpoints; evaluate if the endpoints are stable and performing as normal before then continuing deployment to the full production environment. All of this can be run via a Syxsense Cortex Sequence, freeing up staff from manual and sometimes tedious tasks and improving patch reliability.

“Endpoint security and management can be extremely time consuming, even if you just think about scanning for critical patch updates or vulnerabilities and resolving issues that are found. With Syxsense Cortex Sequences we’re extending our no-code automation technology and giving customers an extremely powerful tool that enables them to condense highly complex security and management projects into one-click, sequenced playbooks,” said Ashley Leonard, Founder and CEO at Syxsense. “This new feature, plus all the other updates in this release, means better usability, valuable reporting, and ultimately, more time for IT and security pros to spend on more business-critical initiatives.”

Syxsense Enterprise is the industry’s first USEM solution that addresses the three key elements of endpoint security – vulnerabilities, patching, and compliance. In addition to the launch of Cortex Sequences, this new product release has a variety of other security, performance, and usability enhancements:

  • Agent Lockdown – Administrators can protect and prevent end users from removing Syxsense endpoint agents from their device.
  • Bitlocker Enablement and Encryption Key Storage – Syxsense can now show which devices have Bitlocker enabled and take action to enable or disable it via Cortex workflows. In addition, encryption key storage and recovery capabilities for administrators are now available in the Syxsense console, helping to prevent data security issues on lost or compromised devices.
  • CIS Level 2 Benchmarking – CIS Level 1 Benchmark reporting was released earlier this year. This update includes Level 2 Benchmark reporting at the click of a button, providing security executives with measurements against industry norms and standards.
  • Enterprise-scale Process Optimization – Improved server-side processes enable Syxsense to run actions, from Cortex processes to security evaluations, across thousands of devices in seconds.
  • Integrated Cortex Playbooks – Improved usability through in-console access to the complete library of Cortex Playbooks.
  • nMap Integrations – Improved visibility into unmanaged devices (including IoT devices) with detail discovery via nMap.
  • Pop-out Help Guides – In-console pop-out guides and educational resources so administrators can easily self-service on tasks.

About Syxsense

Syxsense is a leading software vendor providing endpoint security and IT operations management solutions to Managed Service Providers (MSPs), enterprises, and government organizations. Its solutions provide real-time visibility and control over endpoint devices, networks, and cloud infrastructure, helping organizations to protect against cyber threats, improve IT operations, and reduce risk. Syxsense is the first Unified Security and Endpoint Management (USEM) platform that centralizes the three key elements of endpoint security management: security and patch vulnerability management, remediation, and compliance controlled by a powerful drag-and-drop workflow automation technology called Syxsense Cortex™. Syxsense is a single cloud-based platform supporting Windows, Linux, Mac, and mobile devices on-premises and in the cloud. For more information, visit www.syxsense.com.

Contacts

Raymond Fenton
Voxus PR
rfenton@voxuspr.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
patch management

Patch Management Solutions: What Matters in a Vendor

By Blog, Patch Management

Far too many successful cyberattacks have involved known vulnerabilities that were allowed to go unaddressed.

While it’s clear that no organization can afford to approach patch management haphazardly, the reality is few IT teams have the time or resources to do anything other than pick and choose which urgent tasks will receive their attention. To avoid this conundrum, savvy organizations will look to the various commercially available patch management solutions to help their IT departments take a more comprehensive approach to this highly critical mission.

What are the Hard & Soft Metrics?

It’s important to understand that not all patch management tools are created equal. Careful consideration is essential to ensure that a particular vendor and its solutions will meet an organization’s needs amid a backdrop of ever-evolving cyber threats.

Evaluation should initially focus on the “hard metrics” to determine how a prospective vendor’s core product features stack up against an organization’s key technical criteria. Designating specific criteria – patch coverage, support for third-party patches, ease of deployment, etc. – as “table stakes” will allow an IT team to quickly and easily identify solutions that align with their needs and eliminate other vendors from as the evaluation process progresses.

From there, IT leaders and operations teams can move to reviewing solutions for “soft metrics.”

These include patch coverage and other attributes crucial to comprehensive patch management, as well as the “decision trigger” features that have the potential to impact an organization significantly. For example, many IT teams would find the ability to run patch management from the cloud to be a considerable advantage, especially when devices are dispersed beyond their organization’s network, as is common in today’s remote and hybrid work environments.

What are the Solution’s Reporting Capabilities?

The importance of reporting can’t be overstated when evaluating potential patch management solutions. When reporting is optimal, IT staff will spend far less time compiling documentation for their organization’s Board and other key decision-makers.

Merely reporting a complex list of vulnerabilities can make a report almost unintelligible. The best patch management solutions allow organizations to draw actionable insights from their reporting to drive valuable security improvements. In most cases, unified solutions will enable better reporting. This is especially true when an organization’s coverage needs extend beyond assets that patching would traditionally cover, such as hardware devices on the IOT side

Bottom line: If a choice must be made between key product features and reporting capabilities, organizations will be better served by sacrificing some technical criteria for the sake of optimal reporting.

Where is a Vendor Directing Future Investments?

It’s essential to know if a vendor is investing for the future (they all are), but also whether or not they’re investing in the direction of where market demand is headed and at a pace that will keep up with that demand.

Firmware patch management, for example, is quickly becoming a critical problem within the IOT space, as doing so within its interface and with its reporting simply isn’t scalable because it’s poised to become an essential feature for many – if not most – organizations moving forward, a prospective vendor should already be directing investment toward that area.

It’s also essential to determine whether or not a vendor is striking a good balance between maturing their existing patch management platform and introducing new features, as those that are will be better able to reduce some of the disruptions that can accompany future innovation.

What About Automation and AI?

More than a buzzword, automation has become a significant driver of conversations surrounding patch management. With IT staff constantly being asked to do more with less, organizations are prioritizing anything that will alleviate the load and increase satisfaction in their day-to-day work. By this point and in this environment, every vendor should be focusing on developing automation capabilities that will allow IT teams to spend less time setting up patch deployment and management.

While AI is not currently impacting the patch management space, it is poised to do so in the very near future. Current AI isn’t 100% accurate but does exceptionally well when solving incredibly complex issues where accuracy isn’t important. If it can help move the needle in terms of prioritizing tasks, identifying change, and automating tuning of the dial, patch management would be an ideal space for utilizing AI

Take Away

Patch management should never be left to chance.

By taking the time to identify the right patch management tool and vendor for their needs, organizations will be much better positioned to ward off cyberattacks and ensure business continuity even in the face of ever-evolving security threats.

For more insight on choosing a patch management solution, check out this webinar with GigaOm CTO and research analyst, Howard Holton: Analysts Insights: Gigaom Radar for Patch Management.