Skip to main content
Category

Patch Management

6 Simple Rules for Securing Your Endpoints

By Patch ManagementNo Comments

6 Simple Rules for Securing Your Endpoints

It's never been more critical to manage and secure your endpoints. Here are six important rules for protecting your organization from IT security threats.

[vc_single_image image=”38772″ img_size=”full”]

1. Always Be Patching

Managing software updates—and specifically patching endpoints—secures your organization from known threats. The appearance of new endpoint types—such as Internet of Things (IoT), Bring Your Own Device (BYOD), and other operating system and software vulnerabilities—requires countless patches. Always be patching if you want to stay ahead of the bad actors.

2. Seek Out All Endpoints

Think about your company’s network—how many devices are out there? Is the number of staggering? You had better give it some thought, because endpoints account for the vast majority of security breaches—estimates put the number at about 70 percent. And if you don’t know you have them, you can’t secure them.

3. Stay Current

You must adapt to the increasing complexity of hackers and their cyberattacks. Bad actors never sleep—they continually work to improve their cyberattacks, constantly evolving the threat landscape. Your organization, therefore, must deploy endpoint security solutions that will keep up with the deluge of malware that can be expected in the future.

4. Be Resilient

Experts suggest that companies must aim to be resilient, assuming that breaches are inevitable. Since endpoints are said to account for about 70 percent of all breaches, being able to find and fix an attack at an endpoint while continuing to operate your business effectively is the key to resilience. A threat or breach to an endpoint must not be allowed to demobilize your entire business.

5. Be Strategic

Many organizations have an inconsistent approach to endpoint security. Companies, today, must manage endpoint security strategically and begin to fully comprehend the risks associated with all endpoints. Not doing so can result in inadequacies in processes and procedures leaving endpoints open to attack and breaches.

6. Make It a Priority

Overall, endpoint security and cybersecurity need to become a priority in your organization’s business plans. Endpoint security doesn’t just protect your business—it preserves your reputation, reassures your customers, and streamlines your business processes. Without the necessary prioritization that cybersecurity demands, your endpoint security will most likely fail.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

May Patch Tuesday 2022 Addresses 74 Critical Issues

By Patch Management, Patch TuesdayNo Comments

Watch our May Patch Tuesday 2022 webcast for all the details on the most important vulnerabilities of the month.

Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats

There are 7 Rated Critical and 66 are rated Important with the remaining 1 marked as Low.  Microsoft Windows and Windows Components, .NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office and Office Components, Windows Hyper-V, Windows Authentication Methods, BitLocker, Windows Cluster Shared Volume (CSV), Remote Desktop Client, Windows Network File System, NTFS, and Windows Point-to-Point Tunnelling Protocol have all been updated.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “One of the most serious characteristics of a vulnerability is the Scope; which we call the Jump Point.  It suggests that should a hacker expose a specific vulnerability, they would be able to jump from that specific technology and hop into another, which is exactly what they did with the Solar Winds hack.  In this release Microsoft is resolving 11 vulnerabilities which have an exposed Jump Point.”

Top May 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2022-26925: Windows LSA Spoofing Vulnerability

An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.  This security update detects anonymous connection attempts in LSARPC and disallows it.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.1
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-22713: Windows Hyper-V Denial of Service Vulnerability

Successful exploitation of this vulnerability requires an attacker to win a race condition.

Syxscore

  • Vendor Severity: Important
  • CVSS: 5.6
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

3. CVE-2022-26937: Windows Network File System Remote Code Execution Vulnerability

This bug could allow remote, unauthenticated attackers to execute code in the context of the Network File System (NFS) service on affected systems.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: Yes – This vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV2 and NFSV3.

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

Reference Description Vendor Severity CVSS Score Public Aware Weaponised Countermeasure Syxsense Recommended
CVE-2022-26925 Windows LSA Spoofing Vulnerability Important 8.1 Yes Yes No Yes
CVE-2022-29972 Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver Critical N/A Yes No No Yes
CVE-2022-22713 Windows Hyper-V Denial of Service Vulnerability Important 5.6 Yes No No Yes
CVE-2022-26937 Windows Network File System Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2022-22012 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No No Yes
CVE-2022-29130 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No Yes – This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. Yes
CVE-2022-26923 Active Directory Domain Services Elevation of Privilege Vulnerability Critical 8.8 No No Yes – A system is vulnerable only if Active Directory Certificate Services is running on the domain. Yes
CVE-2022-22017 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-29108 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-22019 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-30129 Visual Studio Code Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-26927 Windows Graphics Component Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29133 Windows Kernel Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2022-22013 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-22014 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29128 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29129 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29131 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29137 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29139 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29141 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21978 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2022-26932 Storage Spaces Direct Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2022-21972 Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2022-23270 Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2022-29109 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29110 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29105 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29148 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-26926 Windows Address Book Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29113 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-29115 Windows Fax Service Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29104 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-29132 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-29103 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-26931 Windows Kerberos Elevation of Privilege Vulnerability Critical 7.5 No No No
CVE-2022-23267 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-29117 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-29145 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-26913 Windows Authentication Security Feature Bypass Vulnerability Important 7.4 No No No
CVE-2022-26938 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-26939 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29126 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23279 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29135 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29150 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29151 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29138 Windows Clustered Shared Volume Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29106 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29142 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-22016 Windows Play To Manager Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29125 Windows Push Notifications Apps Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-26940 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29120 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29122 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29123 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29134 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-26934 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29112 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-22015 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-26936 Windows Server Service Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29121 Windows WLAN AutoConfig Service Denial of Service Vulnerability Important 6.5 No No No
CVE-2022-26935 Windows WLAN AutoConfig Service Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29107 Microsoft Office Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2022-29102 Windows Failover Cluster Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-22011 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-26933 Windows NTFS Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29114 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29140 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-26930 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29116 Windows Kernel Information Disclosure Vulnerability Important 4.7 No No No
CVE-2022-29127 BitLocker Security Feature Bypass Vulnerability Important 4.2 No No No
CVE-2022-24466 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.1 No No No
CVE-2022-30130 .NET Framework Denial of Service Vulnerability Low 3.3 No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Start a Free Trial
||

April Patch Tuesday 2022 Addresses Over 120 Security Fixes

By Patch Management, Patch TuesdayNo Comments

April Patch Tuesday 2022 Addresses Over 120 Security Fixes

April Patch Tuesday 2022 has arrived. Tackle the latest Microsoft updates, critical patches, and vulnerabilities of the month.

Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats

There are 10 Rated Critical and 115 patches rated Important with the remaining marked Moderate. This includes:

  • Microsoft Windows and Windows Components
  • Microsoft Defender and Defender for Endpoint
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Exchange Server
  • Office and Office Components
  • SharePoint Server
  • Windows Hyper-V, DNS Server
  • Skype for Business
  • .NET and Visual Studio
  • Windows App Store
  • Windows Print Spooler Components

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month as well.

Robert Brown, Head of Customer Success for Syxsense said, “We have an increase of patches fixed in this release which matches what we had released last year, and is almost twice as many as last month.  There is both a weaponized threat and a Public Aware threat so right away you have updates to prioritize this month.  We also have an increase of Critical updates this month, increasing from 3 last month to 10 this month.”

Top April 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2022-24521: Windows Common Log File System Driver Elevation of Privilege Vulnerability

The vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: Yes
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-26904: Windows User Profile Service Elevation of Privilege Vulnerability

The vulnerability exists due to a race condition in Windows User Profile Service. A local user can exploit the race and escalate privileges on the system.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.0
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

3. CVE-2022-26809: Remote Procedure Call Runtime Remote Code Execution Vulnerability

The vulnerability could allow a remote attacker to executed code at high privileges on an affected system. Since no user interaction is required, these factors combine to make this wormable, at least between machine where RPC can be reached.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

||

March Patch Tuesday 2022 Resolves 71 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

March Patch Tuesday 2022 Resolves 71 Vulnerabilities

March Patch Tuesday 2022 has officially arrived — tackle the latest Microsoft updates and vulnerabilities for this month.

Microsoft Releases 71 Fixes This Month Including 3 Public Aware Threats

There are 3 patches rated Critical and 68 are rated Important.  Microsoft Windows and Windows Components, Azure Site Recovery, Microsoft Defender for Endpoint and IoT, Intune, Edge (Chromium-based), Windows HTML Platforms, Office and Office Components, Skype for Chrome, .NET and Visual Studio, Windows RDP and SMB Server have all been updated.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “Public Aware threats do not often go to Weaponized, but do you want to be the IT Manager who didn’t prioritize these updates? There are very few Critical severity patches this month for the release, but that doesn’t mean some of the Important updates should be ignored.  Your patching strategy should be based on the risk you are prepared to take, and if the risk if too high then deploy those patches.”

 

Top March 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend our customers enter the CVE numbers below into your patch management solution and deploy as soon as possible.

1. CVE-2022-21990: Remote Desktop Client Remote Code Execution Vulnerability

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

This vulnerability is ‘More Likely’ to be used as an entry point as suggested by Microsoft.  Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-24459: Windows Fax and Scan Service Elevation of Privilege Vulnerability

Vulnerabilities details are unknown at this time but an attacker who successfully exploited the vulnerability could run arbitrary code. Keep an eye on this for changes in severity or priority.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

3. CVE-2022-24508: Windows SMBv3 Client/Server Remote Code Execution Vulnerability

The vulnerability allows a remote attacker to execute arbitrary code on the target system and is ‘More Likely’ to be used as an entry point as suggested by Microsoft.  Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Syxscore

  • Vendor Severity: Network
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes – see here

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Countermeasure Syxsense Recommended
CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-21990 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No Yes No Yes
CVE-2022-24459 Windows Fax and Scan Service Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2022-24512 .NET and Visual Studio Remote Code Execution Vulnerability Important 6.3 No Yes No Yes
CVE-2022-24508 Windows SMBv3 Client/Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-23285 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-23294 Windows Event Tracing Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-24469 Azure Site Recovery Elevation of Privilege Vulnerability Important 8.1 No No No Yes
CVE-2022-22006 HEVC Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-24501 VP9 Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-24457 HEIF Image Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-22007 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23301 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24452 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24453 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24456 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23266 Microsoft Defender for IoT Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24461 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24509 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24510 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23282 Paint 3D Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23295 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23300 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24451 VP9 Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24507 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24455 Windows CD-ROM Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23291 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23293 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23290 Windows Inking COM Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23296 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23299 Windows PDEV Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24454 Windows Security Support Provider Interface Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24464 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-24522 Skype Extension for Chrome Information Disclosure Vulnerability Important 7.5 No No No
CVE-2022-24467 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24468 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24470 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24471 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24517 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24520 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-23265 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-23284 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.2 No No No
CVE-2022-21967 Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24460 Tablet Windows User Interface Application Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23283 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23287 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24505 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23286 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23288 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23298 Windows NT OS Kernel Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24525 Windows Update Stack Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24506 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2022-24515 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2022-24518 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2022-24519 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2020-8927 Brotli Library Buffer Overflow Vulnerability Important 6.5 No No No
CVE-2022-24463 Microsoft Exchange Server Spoofing Vulnerability Important 6.5 No No No
CVE-2022-23253 Point-to-Point Tunnelling Protocol Denial of Service Vulnerability Important 6.5 No No No
CVE-2022-24526 Visual Studio Code Spoofing Vulnerability Important 6.1 No No No
CVE-2022-23278 Microsoft Defender for Endpoint Spoofing Vulnerability Important 5.9 No No No
CVE-2022-24511 Microsoft Office Word Tampering Vulnerability Important 5.5 No No No
CVE-2022-24462 Microsoft Word Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2022-23281 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-21973 Windows Media Center Update Denial of Service Vulnerability Important 5.5 No No No
CVE-2022-23297 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-24503 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 5.4 No No No
CVE-2022-21975 Windows Hyper-V Denial of Service Vulnerability Important 4.7 No No No
CVE-2022-22010 Media Foundation Information Disclosure Vulnerability Important 4.4 No No No
CVE-2022-24502 Windows HTML Platforms Security Feature Bypass Vulnerability Important 4.3 No No No
CVE-2022-21977 Media Foundation Information Disclosure Vulnerability Important 3.3 No No No
CVE-2022-24465 Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability Important 3.3 No No No
|||

2022 Endpoint Protection Guide

By Blog, News, Patch ManagementNo Comments

2022 Endpoint Protection Guide

As today's threat landscape becomes more unpredictable than ever, how do you mitigate risk? See the top strategies for protecting your endpoints in 2022.

Read the 2022 Endpoint Protection Guide

Today’s threat landscape is more unpredictable than ever in the wake of the COVID-19 pandemic and the ensuing “Work From Home” and hybrid work models, leaving organizations vulnerable to an increasing number of cyberattacks. See the top ways to protect your endpoints and mitigate risk in 2022.

Download the 2022 Endpoint Protection Guide

||

Why Log4j Keeps Getting Exploited

By Patch ManagementNo Comments

Why Log4j Keeps Getting Exploited

Cybercriminals are still using Log4j to rampage through enterprise after enterprise. What's the best way to protect your organization?

Log4j Still Being Targeted

It is a couple of months now since the Log4j vulnerability become public knowledge. Yet cybercriminals are still using it to rampage through enterprise after enterprise. Known as CVE-2021-44228, Log4j exploits Java servers that are ubiquitous in the enterprise. It has been spreading in the wild as fast as the Omicron variant of COVID-19. The sad part of the story is that the hacking world has jumped on it while many IT departments remain oblivious to it.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) keeps issuing warnings about it, attempting to raise awareness of the problem. Federal agencies have been ordered to search carefully through their systems for all Java servers and related dependences, and patch them all.

To make matters worse, nobody knows how long Log4j was being exploited by cybercriminals. Its discovery in early December 2021 does not mean that was the first time it was ever used by hackers. It could have been harnessed for months. Nevertheless, they are having a field day due to the number of potential systems at their disposal.

Consider the ubiquitous nature of Java:

  • About 9 million people are considered to be Java developers worldwide.
  • As many as 3 billion devices exist that are running Java in some form or another.
  • That includes nine of out ten desktops, laptops, and tablets.
  • Almost all enterprise desktops use Java.

That adds up to a lot of trouble for security personnel. As an analogy, imagine a relatively flat country like Poland trying to defend its borders while being attacked simultaneously by all the nations around it: Russia, Germany, Denmark, Sweden, Latvia, Belarus, Ukraine, Czech, and Slovakia – and having to deal with internal insurgency at the same time. Java is so pervasive that it offers hackers innumerable channels for exploitation. What worries security experts is that even a relatively thorough search for vulnerably Java servers might still miss one or two buried systems.

No wonder government agencies, open-source communities, and vendors have been issuing patches and remedies at a frantic pace. Here are a few highlights:

 

  • The Apache Software Foundation released a detailed series of fixes for Log4j on its software. This is the most recent of a series of Apache patches and fixes. The foundation made an early release of remedies and followed that up with another couple of releases due after finding more ways Log4j could exploit Apache.
  • Blumira announced the discovery of a nasty Log4j-related Javascript WebSocket attack vector that is very hard to detect.
  • Google announced that nearly vulnerable 20,000 Java packages were found inside the Maven Central repository.
  • JFrog found even more that are undetectable via dependency scanning.
  • Microsoft released a series of scanning tools a dashboard to detect Log4j vulnerabilities running on Windows and Linux.
  • CISA released a Log4J scanner.
  • CrowdStrike released its own scanner to find hidden vulnerabilities.

But as fast as fixes, scanner, and patches are issue, ransomware groups are harnessing Log4j in sophisticated ransomware scams. One Chinese gang, for example, is using Log4Shell to breach VMware server products. Another gang from Iran has found a way to use it to distribute a PowerShell toolkit to exploit Java applications.

Fixing the Log4j Mess

It isn’t easy to fix the mess left behind by vulnerable Java code. The advice from CISA is to draw up a detailed list of external facing devices that have Log4j installed. Take action on every alert on those devices. Install a web application firewall (WAF) that can automate alert consolidation and centralization. And patch, patch, and patch again.

There are scanners available such as those noted above, as well as quite a number of patches to install. The advice of the UK’s National Cyber Security Centre (NCSC) is to update all systems with the latest security patches.

“In the case of this vulnerability CVE-2021-44228, the most important aspect is to install the latest updates as soon as practicable.”

How to Protect Yourself from Log4j

Although a number of popular IT management and security tools are vulnerable, Syxsense is pleased to confirm that it does NOT use Log4j. Syxsense Secure and Enterprise customers can use the Syxsense security scanner to identify endpoints that are exposed to this new vulnerability.

Syxsense vulnerability scanner is not only a complete security management package, it is automated, repeatable, and generates quick results, delivering security and safety in a timely manner. With security scanning and patch management in one console, Syxsense Secure is the only product that not only shows you what’s wrong, but also deploys the solution.

It offers visibility into OS and third-party vulnerabilities like defects, errors, or misconfigurations of components, while increasing cyber resilience. And it is fully integrated with automated patch management software that lets you easily manage unpatched vulnerabilities with the click of a button.

Syxsense includes patch supersedence, patch roll back, and a wealth of automation features. In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

||

New Google Chrome Zero Day Weaponized

By Patch ManagementNo Comments

Google Chrome Zero-Day Is Being Weaponized

Google has released 98.0.4758.102 today to the Stable Channel to resolve serious issues impacting Windows, Linux and Mac OS.  So far this year this is the first Google Zero Day version of the Chrome browser, on par with last year’s record cadence of 16 Weaponised versions throughout the year.  This vulnerability is being tracked under CVE-2022-0609 and are both Critical Severity.

A remote attacker can create a specially-crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

What’s the solution?

Upgrade to the latest version of Chrome stable channel using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a serious risk as this can be exposed over any network, with low complexity and without privileges.  The CVE carries a CVSS score of 8.8 (High Severity) and the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No
February Patch Tuesday 2021

February Patch Tuesday 2022 Fixes 51 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

February Patch Tuesday 2022 Fixes 51 Vulnerabilities

The second Patch Tuesday of 2022 has arrived — tackle the latest Microsoft updates and vulnerabilities for the month of February.

Microsoft Releases 51 fixes this month including 1 Public Aware threat

here are 50 Important fixes in this release and 1 Moderate.  Microsoft Windows and Windows Components, Azure Data Explorer, Kestrel Web Server, Microsoft Edge (Chromium-based), Windows Codecs Library, Microsoft Dynamics, Microsoft Dynamics GP, Microsoft Office and Office Components, Windows Hyper-V Server, SQL Server, Visual Studio Code, and Microsoft Teams.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “This is the first year we have a Microsoft release which has not consisted of a Critical severity vulnerability rated by the Vendor.  This is the reason it is essential to compare different severity systems instead of relying on a single source of truth, in this case the vendor rated severity.  There are still extremely important vulnerabilities to remediate this month, the lack of a Critical vulnerabilities does not allow you to relax just yet.”

 

Top February 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend our customers enter the CVE numbers below into your patch management solution and deploy as soon as possible.

1. CVE-2022-21989: Windows Kernel Elevation of Privilege Vulnerability

Windows does not properly impose security restrictions in Windows Kernel, which leads to security restrictions bypass and privilege escalation.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponised: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

2. CVE-2022-21984: Windows DNS Server Remote Code Execution Vulnerability

This patch fixes a remote code execution bug in the Microsoft DNS server.  An attacker could completely take over your DNS and execute code with elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: Yes – The server is only affected if dynamic updates are enabled, but this is a relatively common configuration. 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No

3. CVE-2022-21995: Windows Hyper-V Remote Code Execution Vulnerability

This patch fixes a guest-to-host escape in Hyper-V server and successful exploitation of this vulnerability may result in complete compromise of the system.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.9
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Adjacent
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Yes
  • Scope (Jump Point): No

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Title Vendor Severity CVSS Score Countermeasure Publicly Aware Weaponised Highly Recommended
CVE-2022-21989 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Yes No Yes
CVE-2022-21984 Windows DNS Server Remote Code Execution Vulnerability Important 8.8 Yes No No Yes
CVE-2022-22005 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No Yes
CVE-2022-23274 Microsoft Dynamics GP Remote Code Execution Vulnerability Important 8.3 No No Yes
CVE-2022-23256 Azure Data Explorer Spoofing Vulnerability Important 8.1 No No Yes
CVE-2022-23272 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important 8.1 No No Yes
CVE-2022-21991 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability Important 8.1 No No Yes
CVE-2022-21987 Microsoft SharePoint Server Spoofing Vulnerability Important 8 No No Yes
CVE-2022-21995 Windows Hyper-V Remote Code Execution Vulnerability Important 7.9 No No Yes
CVE-2022-21844 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21926 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21927 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-22004 Microsoft Office ClickToRun Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-22003 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21988 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-22715 Named Pipe File System Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21974 Roaming Security Rights Management Services Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-23276 SQL Server for Linux Containers Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22709 VP9 Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21996 Win32k Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21981 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22000 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21994 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21992 Windows Mobile Device Management Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21999 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22718 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22001 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21971 Windows Runtime Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-23263 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 7.7 No No Yes
CVE-2022-21986 .NET Denial of Service Vulnerability Important 7.5 No No
CVE-2022-21965 Microsoft Teams Denial of Service Vulnerability Important 7.5 No No
CVE-2022-21993 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important 7.5 No No
CVE-2022-21957 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Important 7.2 No No
CVE-2022-23273 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important 7.1 No No
CVE-2022-21997 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.1 No No
CVE-2022-22717 Windows Print Spooler Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-23269 Microsoft Dynamics GP Spoofing Vulnerability Important 6.9 No No
CVE-2022-23271 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important 6.5 No No
CVE-2022-23262 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 6.3 No No
CVE-2022-23255 Microsoft OneDrive for Android Security Feature Bypass Vulnerability Important 5.9 No No
CVE-2022-22712 Windows Hyper-V Denial of Service Vulnerability Important 5.6 No No
CVE-2022-22716 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-23252 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-22710 Windows Common Log File System Driver Denial of Service Vulnerability Important 5.5 No No
CVE-2022-21998 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21985 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-22002 Windows User Account Profile Picture Denial of Service Vulnerability Important 5.5 No No
CVE-2022-23280 Microsoft Outlook for Mac Security Feature Bypass Vulnerability Important 5.3 No No
CVE-2022-23261 Microsoft Edge (Chromium-based) Tampering Vulnerability Moderate 5.3 No No
CVE-2022-23254 Microsoft Power BI Elevation of Privilege Vulnerability Important 4.9 No No
CVE-2022-21968 Microsoft SharePoint Server Security Feature Bypass Vulnerability Important 4.3 No No
||

January Patch Tuesday 2022 Fixes 96 Critical Issues

By News, Patch Management, Patch TuesdayNo Comments

January Patch Tuesday 2022 Fixes 96 Critical Issues

With 96 new bugs, Microsoft is kicking off the first Patch Tuesday of 2022 with a bang. There are 8 Critical and 88 Important fixes.

Microsoft Patch Tuesday Released with 96 Fixes

There are 8 Critical (one more than last month) and 88 Important fixes in this release. Updates were included for Microsoft Windows and Windows Components, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop. 

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month. Next month you need to renew for a third ESU if you are still using Windows 7 or 2008 R2.

The first Patch Tuesday of the year has arrived with a bang, and just in time for many of our customers who are ending their change freeze following the New Year holidays.  We do not have any confirmed Weaponized threats to deal with this month so far, however we do have 6 confirmed Public Aware threats which could be weaponized at any minute.”

Syxsense Recommendations

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as possible.

Top January 2022 Patches and Vulnerabilities

1. CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability

The vulnerability exists due to a boundary error within the HTTP Trailer Support feature in HTTP Protocol Stack (http.sys). A remote attacker can send a specially crafted HTTP request to the web server, trigger a buffer overflow and execute arbitrary code on the system. Microsoft recommends prioritizing the patching of affected devices because it is suspected to be wormable.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2022-21849: Windows IKE Extension Remote Code Execution Vulnerability

The vulnerability exists due to insufficient validation of user-supplied input Windows IKE Extension. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack. In an environment where Internet Key Exchange (IKE) version 2 is enabled, a remote attacker could trigger multiple vulnerabilities without being authenticated.

Syxscore

  • Vendor Severity: Important
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

3. CVE-2022-21912: DirectX Graphics Kernel Remote Code Execution Vulnerability

The vulnerability allows a local user to execute arbitrary code on the target system, and successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The authenticated attacker could take advantage of a vulnerability in dxgkrnl.sys to execute an arbitrary pointer dereference in kernel mode. What makes this even worse is an attacker with non-admin credentials can potentially carry out an exploit using this vulnerability.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 7.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month; please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Countermeasure Highest Priority
CVE-2022-21907 HTTP Protocol Stack Remote Code Execution Vulnerability Critical 9.8 No No Yes Yes
CVE-2022-21849 Windows IKE Extension Remote Code Execution Vulnerability Important 9.8 No No No Yes
CVE-2022-21846 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9 No No No Yes
CVE-2022-21855 Microsoft Exchange Server Remote Code Execution Vulnerability Important 9 No No No Yes
CVE-2022-21969 Microsoft Exchange Server Remote Code Execution Vulnerability Important 9 No No No Yes
CVE-2022-21901 Windows Hyper-V Elevation of Privilege Vulnerability Important 9 No No No Yes
CVE-2022-21857 Active Directory Domain Services Elevation of Privilege Vulnerability Critical 8.8 No No No Yes
CVE-2022-21840 Microsoft Office Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-21850 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21851 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21893 Remote Desktop Protocol Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21922 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21920 Windows Kerberos Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2022-21837 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.3 No No No Yes
CVE-2022-21912 DirectX Graphics Kernel Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-21898 DirectX Graphics Kernel Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-21917 HEVC Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-21833 Virtual Machine IDE Drive Elevation of Privilege Vulnerability Critical 7.8 No No No Yes
CVE-2022-21836 Windows Certificate Spoofing Vulnerability Important 7.8 No Yes No Yes
CVE-2022-21874 Windows Security Center API Remote Code Execution Vulnerability Important 7.8 No Yes No Yes
CVE-2022-21919 Windows User Profile Service Elevation of Privilege Vulnerability Important 7 No Yes No Yes
CVE-2022-21884 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21910 Microsoft Cluster Port Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21835 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21841 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21842 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21858 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21916 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21897 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21852 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21902 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21878 Windows Geolocation Service Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21908 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21888 Windows Modern Execution Server Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21885 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21914 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21895 Windows User Profile Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21891 Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability Important 7.6 No No No
CVE-2022-21932 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability Important 7.6 No No No
CVE-2022-21911 .NET Framework Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21904 Windows GDI Information Disclosure Vulnerability Important 7.5 No No No
CVE-2022-21880 Windows GDI+ Information Disclosure Vulnerability Important 7.5 No No No
CVE-2022-21843 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21883 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21848 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21889 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21890 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21839 Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability Important 6.1 No Yes No
CVE-2022-21869 Clipboard User Service Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21865 Connected Devices Platform Service Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21871 Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21870 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21861 Task Flow Data Engine Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21873 Tile Data Repository Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21882 Win32k Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21887 Win32k Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21859 Windows Accounts Control Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21860 Windows App Contracts API Server Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21862 Windows Application Model Core API Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21868 Windows Devices Human Interface Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21896 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21872 Windows Event Tracing Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21903 Windows GDI Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21881 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21867 Windows Push Notifications Apps Elevation Of Privilege Vulnerability Important 7 No No
CVE-2022-21863 Windows State Repository API Server file Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21875 Windows Storage Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21866 Windows System Launcher Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21864 Windows UI Immersive Server API Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21834 Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21892 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21958 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21959 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21960 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21961 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21962 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21918 DirectX Graphics Kernel File Denial of Service Vulnerability Important 6.5 No No
CVE-2022-21915 Windows GDI+ Information Disclosure Vulnerability Important 6.5 No No
CVE-2022-21847 Windows Hyper-V Denial of Service Vulnerability Important 6.5 No No
CVE-2022-21963 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.4 No No
CVE-2022-21928 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.3 No No
CVE-2022-21970 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 6.1 No No
CVE-2022-21964 Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21877 Storage Spaces Controller Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21876 Win32k Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21838 Windows Clean up Manager Elevation of Privilege Vulnerability Important 5.5 No No
CVE-2022-21906 Windows Defender Application Control Security Feature Bypass Vulnerability Important 5.5 No No
CVE-2022-21899 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Important 5.5 No No
CVE-2022-21879 Windows Kernel Elevation of Privilege Vulnerability Important 5.5 No No
CVE-2022-21913 Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass Important 5.3 No No
CVE-2022-21925 Windows Backup Key Remote Protocol Security Feature Bypass Vulnerability Important 5.3 No No
CVE-2022-21924 Workstation Service Remote Protocol Security Feature Bypass Vulnerability Important 5.3 No No
CVE-2022-21900 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.6 No No
CVE-2022-21905 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.6 No No
CVE-2022-21894 Secure Boot Security Feature Bypass Vulnerability Important 4.4 No No
CVE-2022-21921 Windows Defender Credential Guard Security Feature Bypass Vulnerability Important 4.4 No No

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

||

Windows Out-of-Band Update Released to Fix Remote Desktop

By Patch ManagementNo Comments

Windows Out-of-Band Update Released to Fix Remote Desktop

Microsoft has released an emergency security update to fix a Remote Desktop vulnerability in Windows Server running Remote Desktop.

Microsoft Issues Emergency Update for Remote Desktop

Microsoft has released an emergency security update to fix a Remote Desktop vulnerability in Windows Server running Remote Desktop. There is a known issue that might prevent you from using Remote Desktop to reach the server.  In some circumstances, the server might stop responding. The screen might also appear black, and general performance and signing in might be slow.

Rob Brown, Head of Customer Success for Syxsense said, “This is not available via the usual Windows Update or Microsoft update channel / Windows Update for Business or Windows Server Update Service (WSUS), which can make resolving this vulnerability more difficult unless you are using a solution like Syxsense. Alternatively, you may download this patch manually via the Microsoft Catalogue.”

Windows Out-of-Band Updates

For instructions on how to install this update for your operating system, see the KB for your OS listed below:

As always we recommend full testing be performed prior to live deployment to your device, these are now available within the Syxsense Console.