Skip to main content
Category

Patch Management

Businesswoman,Looking,At,Futuristic,Interface,Screen.

Why Financial Organizations Say They’re Relying on Endpoint Security, Management, and Zero Trust

By Blog, Cybersecurity, Endpoint Security, Patch Management, Vulnerability Management

I’ve been alerted by my bank about their hack, and it looks like I’m one of the victims.

I’d like to know what they are doing to protect my money and prevent this from happening again.

Financial services firms are adopting new technologies like cloud computing, big data analytics, mobile apps, and social media to drive growth in their businesses.

They need to maintain, manage, and secure their critical systems, applications, and infrastructure — all while responding to new demands for new technologies, products, services, and new ways to serve customers.

There’s a few aspects of cybersecurity no business should go without:

  • A response and playbook ready to go after an incident.
  • The principle of “never trust, always verify.” 
  • A way to monitor all of their devices including mobile ones, whether they’re on-premises or at home, and knowing they’re all following your security policies. 

The financial sector is undergoing a massive shift in how it manages its internet-connected devices.

What is Unified Security and Endpoint Management (USEM)?

USEM lets you see, manage, secure, and monitor all the devices accessing your systems and network. It doesn’t matter whether those devices are Windows, Linux, Mac, iOS, or Android — they are all put into a single management console. These are your endpoints. All your devices used for work that connect to the internet.

Managing them should be as easy as possible (and not take all day). When they’re automatically inventoried with hardware specs, manufacturer info, and serial numbers, making it more convenient to:

  • Create and send workflows.
  • Minimize the intricacies as more devices become part of your organizational ecosystem.
  • Get real-time visuals on device health, state, and events.
  • Guarantee that all devices adhere to the security standards set by you.

Why should financial enterprises consider USEM?

The risk of a single device…

It can originate from an out-of-date app.

Or happens after someone clicks a link in a fake email (otherwise known as phishing.)

Whether human error or a newly discovered attack path through a vulnerability, cloud-native USEM gives you real-time connections to endpoints so you can see what needs to be updated and what’s in bad health.

Another great option for those who to streamline their IT processes, but don’t have the time or resources to do it themselves: automation.

Automatically isolate those devices so they don’t affect the integrity of your entire network.

It takes over tasks such as updating software applications, patches, and security configurations before they take over you. 

USEM and Zero Trust Evaluations for Device Attestation

“Never trust, always verify.” 

This means that no user or device, inside or outside the network perimeter, receives automatic trust.

With a zero-trust (ZT) approach, each endpoint undergoes scrutiny through device attestation before gaining network access. 

Confirm their status before confirming their trustworthiness. 

Only trusted devices can access sensitive data. 

ZT requires a more proactive approach to information protection by implementing strict access rules rather than relying on users to make good decisions.

Threats can come from any source, including employees. 

USEM and Zero Trust: the combination of these two strategies is a potent one for reducing risk and fortifying security.

The smart way to mitigate risk with USEM

USEM solutions are inherently innovative, and innovation is the driving force behind a culture of security.

The financial industry is facing a unique set of challenges when it comes to security. They need a new way of securing their data that is cost-effective, scalable, and dynamic enough to match the environments they work in.

Keep your current infrastructure (no spending thousands of dollars on new equipment) and your systems up-to-date without having to worry about compatibility issues or re-training staff members.

By providing tools for enforcing security policies, tracking compliance, monitoring all devices on the network, and identifying and remediating IT and cyber risks (e.g., vulnerabilities), USEM empowers financial businesses to mitigate cyber risks.

It’s the perfect balance of safety without sacrificing ease of use and accessibility.

Find out how Syxsense can help you with a unified security and endpoint management platform. Schedule a demo below.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Syxsense Named a Leader, Outperformer in 2023 GigaOm Radar Report for Patch Management Solutions

By Patch Management, Report

Syxsense ranked an Outperformer in 2023 GigaOm Radar Report for Patch Management Solutions

We are excited to announce that Syxsense has been named an Outperformer and a Leader in the GigaOm Radar Report for Patch Management!

This report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria, and provides a forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution.

Syxsense achieved full coverage marks in the evaluation metrics for flexibility, scalability, resource load management, security, and usability.

“Syxsense…patching architecture ranks above the norm, as it can be the source of record for devices…the use of vulnerability and compliance evaluations also makes its patch prioritization stand out.” 

–GigaOm

Get your complimentary copy of the full report by filling out the form below.

Download the Full Report

September 2023 Third-Party Roundup Webinar

By Patch Management, Patch Tuesday, Video, Webinars

Don’t miss out on September’s 3rd Party Patch Management Update.

Fill out the form to the right to watch as we dive into September’s bulletins and show you strategies for tackling the latest and most important 3rd Party Patch updates. Our IT industry expert, Jon Cassell, Syxsense’s Senior Solutions Architect, covers all of the latest updates.

Syxsense spots critical threats early and deploys instantly, with curated patch content that includes risk assessment, patch prioritization, and dedicated Patch scheduling for simple deployment every month.

Our experts have deployed over 100 million patches. Join us as we tackle this month’s updates and then get your own customized demo to see how Syxsense can help you manage patches, vulnerabilities, and more.

Watch the Webinar

Jon_Cassell

Hosted By: Jon Cassell, Syxsense Senior Solutions Architect

Jon is currently a Senior Solutions Architect at Syxsense and has been working in the IT and Infrastructure industries for the last 15 years. Before working at Syxsense, he was an IT Manager for a large financial services firm and has a background in Accounting and Tax consultation. He currently holds an MCSA in Server Infrastructure, A+, Network+, Security+, and Server+ certifications.

Female using typing on a laptop with multiple monitors and devices

A Comparative Breakdown of Patch and Vulnerability Management

By Blog, Cybersecurity, Endpoint Security, Patch Management, Vulnerability Management

“Tell me about your policies for patch and vulnerability management.”

How does your workplace keep up-to-date with the latest patches and updates? How about finding, assessing, and prioritizing vulnerabilities in your infrastructure?

Your next audit may want to know. They may want proof from your IT and HR department.

We advise waiting until an audit, though.

Patients, customers, the people your business helps every day — they’re depending on you way before an audit comes along.

No patch and vulnerability management? No complete cybersecurity strategy. If you don’t have a patch management program, you’re vulnerable to cyberattacks. And if you don’t have a vulnerability management program in place, you won’t know about the vulnerabilities in your system until it’s too late.

While they both aim to cut an organization’s risk and prevent security breaches, they differ in approach and scope.

Do you know why patch and vulnerability management is important?

What is the difference between patch and vulnerability management?

How do you patch hundreds or thousands of workstations?

Who owns both processes from end-to-end?

If your processes are showing some signs of neglect, check out the next upcoming sections for the quickest ways to reinvigorate and document your patch and vulnerability management.

What Should Patch Management Be Doing for You?

Patch management is a routine process of finding, verifying, testing, and installing the updates provided by software vendors to fix vulnerabilities.

Software developers are always working to improve the quality of their software. They release patches that introduce new features, change how existing ones work, and fix security vulnerabilities, and other bugs.

Unpatched systems quickly overwhelm those who handle patch management manually. The number of missing patches grows—a vicious cycle is born. Their risk only goes up with time.

Some System Administrators might be looking at thousands of workstations to patch. How do they patch them all? Patching isn’t just installing updates; it’s keeping track of what patches have been installed on each system so that you know when newer ones are available.

They’re using a systematic approach to fill in missing patches, and they’re automating as much as possible.

Inventory of all those devices? Already done on their behalf.

The eye-straining number of patches is rolled out based on vulnerability prioritization (not all patches need to be applied immediately.)

Deploying protects productivity when scheduled during off-hour maintenance windows.

Hackers know that many people don’t keep their systems up-to-date with security patches. The good news is that patching doesn’t have to be complicated or time-consuming.

What You Need to Know About Vulnerability Management

A vulnerability is a weakness in an application or system that could be exploited by hackers or other malicious actors to gain access to your data.

The goal of vulnerability management is to reduce risk by identifying, prioritizing, and remediating potential security holes before they can be exploited.

Vulnerability management solutions often include a vulnerability scanner—a tool that scans for known vulnerabilities across a network. It detects any software bugs that could lead to unwanted access, unsecure configurations, or other potential problems.

After identifying a vulnerable asset, you need to determine what action mitigates that vulnerability.

Who Owns Patch and Vulnerability Management Processes?

In a typical enterprise, patch management is overseen by the IT department, specifically under the purview of the system administrators, network administrators, or IT managers. Depending on the organizational structure, dedicated roles like Patch Manager or Cybersecurity Analysts are specifically tasked with this role. They’re responsible for upholding all systems, software, and applications with the latest patches. They collaborate with the security team to prioritize patches based on criticality and potential impact on the organization’s security posture.

In most cases, vulnerability management is overseen by the Information Security team, with the Chief Information Security Officer (CISO) usually at the helm. The CISO sets the security strategy and works with stakeholders across the organization to maintain implementation.

The vulnerability management team usually includes security analysts and engineers who are tasked with identifying, evaluating, and mitigating vulnerabilities. They collaborate with the patch management team to tackle vulnerabilities and bolster the organization’s security defenses.

What Are the Similarities and Differences Between Patch and Vulnerability Management?

Both patch management and vulnerability management:

  • Are vital for shielding networks from potential threats.
  • Identify vulnerabilities and take steps to mitigate them.
  • Aim to provide an organization with a safe and secure IT environment.
  • Are part of each other—when a vulnerability is identified, one of the remedial actions could be to apply a patch.

However, the scope of patch management is often narrower. It’s mainly focused on maintaining up-to-date systems and software.

Vulnerability management includes both prevention and detection activities, and it can be performed manually or automatically through software tools that scan for vulnerable systems.

It looks at how people, processes, and technology all interact with one another from a security perspective.

A Unified Shield for Enterprise Security

Patch management and vulnerability management are two closely related security processes. While they differ in scope and approach, they are deeply interconnected.

While businesses might know about these dangers, most organizations still employ various security tools and products from different vendors, each having different interfaces.

Organizations need a unified platform that allows them to easily define and enforce consistent security policies across all applications and devices — while also providing real-time visibility into potential risks across the network.

Teams say that using one platform for patch and vulnerability management allows them to leverage their Security Operations Center (SOC) experts and other IT members.

A unified platform combines the best of both worlds:

  • Automation and customization.
  • Better coordination among teams, reducing the likelihood of overlooking crucial patches or vulnerabilities.
  • Reduced costs when other tools aren’t needed for patch and vulnerability management.

Cybersecurity is an ever-evolving challenge. A unified platform does more than just adjust to this changing landscape. It’s a bold move to reinforce your infrastructure with improved resilience and efficiency.

 

Find out how Syxsense can help you with a unified security and endpoint management platform. Schedule a demo below.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Cyber security data protection online computer network and personal privacy user access key protect and hacker cybercrime prevent or safety storage cloud transfer sharing financial internet banking

Automation Is the Key to Improving Time-to-Remediate and Time-to-Patch

By Blog, Cybersecurity, Endpoint Security, Patch Management, Vulnerability Management

Cybercriminals are notorious for their swift actions. Once a zero-day exploit is discovered, they waste no time infecting numerous systems in the hours that follow. This malicious activity persists for weeks, and in some cases, even months, due to the sluggish response of many organizations in implementing necessary patches and taking remedial measures.

Responding to a zero-day exploit can be a laborious and time-consuming process, especially for organizations lacking automated systems. The response time spans from just a few hours to several weeks, depending on the complexity of the exploit and the efficiency of the remediation process employed by the organization. One has to consider the time required to identify, validate, and fix the vulnerability, plus the additional time needed to deploy the patch across all affected systems. In many instances, the longer the time-to-remediate or resolve (TTR) and time-to-patch, the more severe the potential consequences, underscoring the critical role of automation in cyber risk response.

Similarly, if cybercriminals unearth a weakness in the organizational defenses or manage to compromise a user account, they don’t waste time capitalizing on it. Some launch a major attack in seconds by unleashing ransomware or other malware. Others use that foothold to gain access to privileged accounts or mission-critical systems. They move rapidly and then quickly cover their tracks. Their goal is not a smash-and-grab raid. They want to learn the workings and finances of the organization unobserved while they determine the most lucrative and opportune way to profit from their efforts. When they strike, the only thing preventing devastation is the ability of the organization to respond effectively with the minimum of TTR.

Rapid Patching Minimizes Time-to-Remediate Emergencies

Many cybersecurity response emergencies can be traced back to failure to effectively and speedily patch. The correlation between cybersecurity emergencies and a failure to patch quickly is largely about the window of opportunity. Cybercriminals strive to exploit the vulnerability before the organization can patch it. This situation often leads to a lag time between the discovery of a flaw and its patching – a window that cybercriminals exploit. This is why automation is so crucial in reducing the time-to-patch.

Despite this reality, the majority of organizational breaches occur due to the exploitation of known vulnerabilities for which patches exist but were not implemented. The latest Verizon Data Breach Investigations Report (DBIR) sheds light on the fact that unpatched vulnerabilities, such as Log4j, were among the most severe incidents reported in 2022. The report emphasizes the criticality of promptly patching known vulnerabilities and swiftly addressing zero-day exploits and other attack vectors. In essence, organizations with poor time-to-patch and time-to-remediate (TTR) metrics expose themselves to greater risks.

How Can Enterprises Reduce Their Time-to-Patch and Time-to-Remediate?

Automation is the ultimate solution for reducing time-to-patch and TTR. With the sheer number of patches that require deployment across numerous endpoints scattered across various clouds, systems, and networks, manual patching simply cannot keep up. By automating the patching process, organizations can significantly minimize the gap between identification and remediation of vulnerabilities, thereby reducing the window of opportunity for cybercriminals to launch an attack. When patches are deployed rapidly and effectively, it lessens the occurrence and severity of cybersecurity emergencies.

Automation can help enterprises accomplish such things as:

  • Comprehensive scanning to detect all endpoints and devices
  • Rapid patch deployment
  • Patch and remediation workflow automation, ideally with no scripting required
  • Pre-checks of available system, network, and endpoints resources to ensure patches and remediations can be deployed
  • Testing of patches before full production deployment
  • Verification of patch installation

With these items addressed by automation, time-to-patch and TTR can be brought down to hours or days versus weeks, months, or years.

Syxsense Cortex: The Ultimate Scanning and Remediation Automation Tool

Syxsense Cortex simplifies complex IT and security processes via automation. It is a drag-and-drop visual editor that removes the need for scripting expertise. With an ever-growing library of pre-built workflows and templates, organizations can lower their IT and cyber risk as it pertains to vulnerabilities, reduce the burdens of tedious tasks for IT and security teams, and enable them to focus on critical business initiatives.

Syxsense Cortex enables users to combine logic, approvals, and actions to automate complex processes and bring an end to long patch and remediation timelines. Syxsense Cortex also makes it possible to deploy several software updates simultaneously and effortlessly. Its script-free capability minimizes repetitive manual work and reduces the time needed to complete complex tasks. It streamlines the management and remediation of security issues enabling them to be detected much sooner. Further benefits include the visualization of workflows and processes ranging from inventory to scans, patch prioritization and supersedence, patch verification, detection and remediation of vulnerabilities, and a variety of other IT management and security actions.

Never again wonder about your true security and management posture. Syxsense can help you realize the benefits of automation while providing real-time monitoring and alerting that will keep you in the know on potential threats as well as any changes that occur in your environment. And then leverage Syxsense Cortex to reduce your risks automatically.

See how quickly you can improve your endpoint and security posture with Syxsense. Schedule a custom demo below.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Microsoft Patch Tuesday Update | September 2023

By Patch Management, Patch Tuesday, Video, Webinars

Watch September’s Microsoft Patch Tuesday Forecast On Demand

Dive into this month’s bulletins and strategies for tackling the latest and most important Patch Tuesday updates.  Syxsense’s Chief Customer Success Officer, Rob Brown, covers all of the latest updates live.

Watch the Webinar

syxsense - patch management, cybersecurity, mobile device management, security scanning, remediation

Hosted by Rob Brown, Chief Customer Success Officer

During his 17 years at Syxsense, Rob’s role has evolved from onsite technical consultant through providing solutions around Patch Management, Vulnerability Management and Security Best Practices. His team have deployed over 100M patches to our global customers over the last decade.

September 2023 Patch Tuesday: Microsoft releases 59 fixes this month including 2 Critical and 2 Weaponised Threats

By Blog, Patch Management, Patch Tuesday

Microsoft releases 59 fixes this month including 2 Critical and 2 Weaponised Threats

There are 2 Critical, 55 Important, 1 Moderate and an NA severity fixed this month.  Microsoft Windows and Windows Components, Exchange Server, Office, .NET and Visual Studio, Azure, Microsoft Dynamics and Windows Defender have all received fixes this month.

Robert Brown, Head of Customer Success for Syxsense said, “We have 2 patches that resolve vulnerabilities which are Weaponised and one of those are also Publicly Aware. If you count all the individual CVSS scores together, September has a combined CVSS score of 434.3 down from 531.5 last month; however, the average CVSS score was 7.4 which was higher than last month’s even though there were a larger quantity of updates which were fixed.”

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below.  As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.

 

CVE-2023-36761 – Microsoft Word Information Disclosure Vulnerability

Exploiting this vulnerability could allow the disclosure of NTLM hashes, the Preview Pane is an attack vector.

Note:  The vulnerability is Weaponised and Publicly Aware

Syxscore

  • Vendor Severity: Important
  • CVSS: 6.2
  • Weaponised: Yes
  • Public Aware: Yes
  • Countermeasure: No

Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope / Jump Point: Unchanged / No

CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

This vulnerability has been found by the Microsoft Threat Intelligence team and could be linked to an existing Ransomware attack.  An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Note:  The vulnerability is Weaponised

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponised: Yes
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope / Jump Point: Unchanged / No

CVE-2023-38148 – Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

An unauthorized attacker could exploit this Internet Connection Sharing (ICS) vulnerability by sending a specially crafted network packet to the Internet Connection Sharing (ICS) Service.

Note:  The vulnerability is More Likely to be Weaponised

Syxscore

  • Vendor Severity: Critical
  • CVSS: 8.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope / Jump Point: Unchanged / No
Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Additional Information Countermeasure Exploitability Assessment Impact
CVE-2023-36761 Microsoft Word Information Disclosure Vulnerability Important 6.2 Yes Yes Exploiting this vulnerability could allow the disclosure of NTLM hashes, the Preview Pane is an attack vector. No Exploitation Detected Information Disclosure
CVE-2023-36802 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Important 7.8 Yes No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation Detected Elevation of Privilege
CVE-2023-38148 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Critical 8.8 No No Yes Exploitation More Likely Remote Code Execution
CVE-2023-33136 Azure DevOps Server Remote Code Execution Vulnerability Important 8.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36764 Microsoft SharePoint Server Elevation of Privilege Vulnerability Important 8.8 No No An attacker who successfully exploited this vulnerability could gain administrator privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-38146 Windows Themes Remote Code Execution Vulnerability Important 8.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-38147 Windows Miracast Wireless Display Remote Code Execution Vulnerability Important 8.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36744 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8 No No An attacker could exploit the vulnerability by leveraging the known (Type 4) UnitySerializationHolder gadget through a deserialization of untrusted data. Exploitation of this vulnerability requires that a user gain LAN-access as well as obtain credentials for a valid Exchange user. No Exploitation More Likely Remote Code Execution
CVE-2023-36745 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8 No No An attacker could exploit the vulnerability by leveraging the known (Type 4) UnitySerializationHolder gadget through a deserialization of untrusted data. Exploitation of this vulnerability requires that a user gain LAN-access as well as obtain credentials for a valid Exchange user. No Exploitation More Likely Remote Code Execution
CVE-2023-36757 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No No Exploitation Less Likely Spoofing
CVE-2023-36756 Microsoft Exchange Server Remote Code Execution Vulnerability None 8 No No In a network-based attack, an attacker could trigger malicious code in the context of the server’s account through a network call. No Exploitation More Likely Not a Vulnerability
CVE-2023-35355 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36739 3D Viewer Remote Code Execution Vulnerability Important 7.8 No No This vulnerability affects FBX component used within the 3D Viewer product. No Exploitation Unlikely Remote Code Execution
CVE-2023-36740 3D Viewer Remote Code Execution Vulnerability Important 7.8 No No This vulnerability affects FBX component used within the 3D Viewer product. No Exploitation Unlikely Remote Code Execution
CVE-2023-36742 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36758 Visual Studio Elevation of Privilege Vulnerability Important 7.8 No No A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36760 3D Viewer Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36765 Microsoft Office Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36766 Microsoft Excel Information Disclosure Vulnerability Important 7.8 No No No Exploitation Less Likely Information Disclosure
CVE-2023-36770 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36771 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36772 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36773 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36788 .NET Framework Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36792 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36793 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36794 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36796 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36804 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation More Likely Elevation of Privilege
CVE-2023-38139 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-38141 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-38142 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation More Likely Elevation of Privilege
CVE-2023-38143 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation More Likely Elevation of Privilege
CVE-2023-38144 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation More Likely Elevation of Privilege
CVE-2023-38150 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Exploitation Less Likely Elevation of Privilege
CVE-2023-38161 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation More Likely Elevation of Privilege
CVE-2023-38163 Windows Defender Attack Surface Reduction Security Feature Bypass Important 7.8 No No No Exploitation Less Likely Security Feature Bypass
CVE-2023-36800 Dynamics Finance and Operations Cross-site Scripting Vulnerability Important 7.6 No No No Exploitation Less Likely Spoofing
CVE-2023-36886 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 7.6 No No Scope = Changed, Jump Point = True
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.
No Exploitation Less Likely Spoofing
CVE-2023-38164 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 7.6 No No Scope = Changed, Jump Point = True
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.
No Exploitation Less Likely Spoofing
CVE-2023-29332 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability Critical 7.5 No No An attacker who successfully exploited this vulnerability could gain Cluster Administrator privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36763 Microsoft Outlook Information Disclosure Vulnerability Important 7.5 No No Exploiting this vulnerability could allow the disclosure of credentials. No Exploitation Less Likely Information Disclosure
CVE-2023-38149 Windows TCP/IP Denial of Service Vulnerability Important 7.5 No No Yes Exploitation Less Likely Denial of Service
CVE-2023-38162 DHCP Server Service Denial of Service Vulnerability Important 7.5 No No Customers who have not configured their DHCP server as a failover are not affected by this vulnerability. Exploitation Less Likely Denial of Service
CVE-2023-36762 Microsoft Word Remote Code Execution Vulnerability Important 7.3 No No The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not. No Exploitation Unlikely Remote Code Execution
CVE-2023-38156 Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability Important 7.2 No No An attacker who successfully exploited this vulnerability could gain domain administrator privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36805 Windows MSHTML Platform Security Feature Bypass Vulnerability Important 7 No No An attacker who successfully exploited this vulnerability could maintain high privileges, which include read, write, and delete functionality. No Exploitation Less Likely Remote Code Execution
CVE-2023-38155 Azure DevOps Server and Team Foundation Server Elevation of Privilege Vulnerability Important 7 No No An attacker who successfully exploited this vulnerability could gain administrator privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36759 Visual Studio Elevation of Privilege Vulnerability Important 6.7 No No A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. No Exploitation Less Likely Denial of Service
CVE-2023-36799 .NET Core and Visual Studio Denial of Service Vulnerability Important 6.5 No No No Exploitation Less Likely Denial of Service
CVE-2023-36777 Microsoft Exchange Server Information Disclosure Vulnerability Important 5.7 No No No Exploitation More Likely Information Disclosure
CVE-2023-36803 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. No Exploitation Less Likely Information Disclosure
CVE-2023-38140 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No Exploitation Less Likely Information Disclosure
CVE-2023-38160 Windows TCP/IP Information Disclosure Vulnerability Important 5.5 No No An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. No Exploitation More Likely Information Disclosure
CVE-2023-36801 DHCP Server Service Information Disclosure Vulnerability Important 5.3 No No Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Yes Exploitation Less Likely Information Disclosure
CVE-2023-38152 DHCP Server Service Information Disclosure Vulnerability Important 5.3 No No Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Yes Exploitation More Likely Information Disclosure
CVE-2023-36736 Microsoft Identity Linux Broker Arbitrary Code Execution Vulnerability Important 4.4 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36767 Microsoft Office Security Feature Bypass Vulnerability Important 4.3 No No No Exploitation Less Likely Security Feature Bypass
CVE-2023-41764 Microsoft Office Spoofing Vulnerability Moderate No No No Exploitation Less Likely Spoofing
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Internet network security concept with blurred city abstract lights background

How to Shrink Your Attack Surface With Patching and Automated Remediation

By Blog, Cybersecurity, Patch Management

“What is my attack surface?”

Consider all of your internet-accessible software, hardware, and cloud assets. It’s all the points of vulnerability within a system that hackers can exploit. The wider the surface—the more opportunity for hackers to exploit. 

Spotting and eliminating these vulnerabilities toughen access for unauthorized parties. 

If you think you have a small attack surface, consider that your attack surface grows organically.

It expands through third-party software, bad passwords, disabled firewalls, phishing campaigns, delayed patching, human errors, legacy assets, and maybe other ways you don’t know about.

Hackers are targeting a broad range of industries: financial and banking institutions, manufacturing, schools and universities, tech companies, healthcare providers, and even government agencies. They’re not only targeting the big names—they’re also going after smaller businesses. 

As online theft and hacking have evolved, so have your defense strategies. 

When you manage your attack surface with the right security controls in place—you shrink it—along with the likelihood of facing beaches by hackers.

Your security is not a one-time event. It’s an ongoing process that includes consistent patching and vulnerability remediation procedures. 

What can you do to patch and scan while protecting your time, eliminating manual processes, and working on the more challenging parts of security?

Below are ways to handle patching and scanning that save time, remove manual processes, and free you to take on the more exciting intricacies of security and business.

The Best Way to Customize My Patch Deployment

Patching is the process of upgrading software so that it can be used safely on a computer system. It fixes flaws or improves functionality. It’s like applying a band-aid to a wound, covering the vulnerabilities in your software systems that hackers could potentially exploit. 

Like an annual flu shot that adapts to new virus strains, patching updates your software to defend against the latest threats.

Ever wonder when the best time is to schedule the next patch?

You need to protect employee productivity, downtime, and costs. 

It’s why so many teams rely on automation to schedule deployments in recurring maintenance windows. 

When done consistently, patching reduces your attack surface. Up-to-date software locks the door against threats. Automation continually works in the background to prioritize and patch the most critical vulnerabilities, all while monitoring any changes in your attack surface.

Is Self-Aware Security Remediation the Future?

What is your weakest link?

How do you fix them… and quickly?

Vulnerability scanning is a proactive practice—and not one that’s easy to do manually, either. Your vulnerabilities are spread across software, systems, networks, and devices.

With so many devices (and probably not enough time), you need a way to regularly scan for security gaps, misconfigurations, patch updates, and other exploitable points across your entire attack surface. 

What devices do I need to target?

How do I figure out what to do with them?

When do I do it?

How often?

Automated remediation takes care of it for you through customized access policies and remediation workflows.

Security teams have been looking to offload manual processes to work on more challenging and exciting parts of security, but they don’t want to compromise the quality of protection.

When live data and monitoring communicate and react to behavioral and state changes on your endpoints, automation can remediate vulnerabilities as they’re discovered. Thousands of devices can now self-heal and self-manage, leading to fewer avenues of invasion, and less risk of successful attacks.

Here’s What to Expect With Personalized Automation

Patching and remediation are just one aspect of a comprehensive security strategy. A multi-layered approach includes a little bit of everything: training your staff, regular audits, and strong access controls.

The best way to keep your organization secure is to understand the state of your network at all times. But you can’t be everywhere, all the time. 

Automated patch and vulnerability management tools handle updating and addressing weaknesses, reducing the time and effort required by teams to “DIY.” It’s everywhere, all the time, for you.

​​The security industry is moving toward a more personal, automated approach to cybersecurity. Personalized automation lets you focus on strategy, not administration. It’s not just about making your work easier. It’s about giving you more time to do what matters most: solving problems, protecting people, and making the world a better place.

It’s never been easier to develop and manage automated workflows for patching, vulnerability scanning, endpoint management, and remediation to get more done and safeguard your valuable assets. Schedule a demo below to find out how.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

August 2023 Third-Party Roundup Webinar

By Patch Management, Patch Tuesday, Video, Webinars

Don’t miss out on August’s 3rd Party Patch Management Update.

Fill out the form to the right to watch as we dive into August’s bulletins and show you strategies for tackling the latest and most important 3rd Party Patch updates. Our IT industry expert, Jon Cassell, Syxsense’s Senior Solutions Architect, covers all of the latest updates.

Syxsense spots critical threats early and deploys instantly, with curated patch content that includes risk assessment, patch prioritization, and dedicated Patch scheduling for simple deployment every month.

Our experts have deployed over 100 million patches. Join us as we tackle this month’s updates and then get your own customized demo to see how Syxsense can help you manage patches, vulnerabilities, and more.

Watch the Webinar

Jon_Cassell

Hosted By: Jon Cassell, Syxsense Senior Solutions Architect

Jon is currently a Senior Solutions Architect at Syxsense and has been working in the IT and Infrastructure industries for the last 15 years. Before working at Syxsense, he was an IT Manager for a large financial services firm and has a background in Accounting and Tax consultation. He currently holds an MCSA in Server Infrastructure, A+, Network+, Security+, and Server+ certifications.

The Evolution of Patch Management in Enterprise Security

By Blog, Cybersecurity, Patch Management

You’ve got a new patch.

But do I have to apply it? Can I wait until next week? (Or the next?) Is it that serious?

How critical your patch is may vary. It might be the update that stops hackers from exploiting a vulnerability for full control.

If you’re not sure what patching is: when a software vendor discovers vulnerabilities in their product, they release a patch to fix those issues. They identify security holes in software and update them with a new version that closes those holes. 

Patches can be applied on your laptop, desktop, cell phone, or video game system.

The best way to protect your network is to stay current with patches.

Patching is just one way to mitigate known vulnerabilities and thwart potential network breaches, but it’s one of the most effective.

The way patches are applied and managed in the enterprise has evolved, but some misconceptions persist, such as:

  • “Patching is complicated and time-consuming.”
  • “If it’s not broken, no need to fix it.”
  • “This needs deep technical knowledge.”
  • “We can’t handle the downtime… so maybe next month… or next quarter.”

What was once slow, administrative, and even annoying, is now automated, easier, and handled for you.

The Smart Way to Inventory and Monitor a Fleet of Devices

You can’t patch unless you know what device you have.

And you can see how out of control that gets when you have hundreds or thousands of devices. 

Which ones need to be patched to keep them safe?

If you’re managing a fleet of devices, you don’t have time to waste on manually identifying and patching them.

Teams are using solutions that let them see everything in one place, and quickly find which devices are out of date or vulnerable. Because critical security patches are speeding beyond monthly patch timetables, teams are relying on continuous monitoring more than ever.

Once teams know what devices are being used, they can automatically deploy patches to each device—no matter where they are.

Implementing a patch management strategy is not a one-time process. Vulnerabilities don’t run on a schedule. And they most certainly don’t run on yours. Without a systematic approach to patch management, your most important updates may not be applied on time.

Before You Deploy a New Patch Release…

Your new patch is available for deployment. 

But first, it’s time to test the new patch in a controlled environment, preferably a carbon copy of where it’s set to go live. 

Are there any problems with the patch that could disturb how the system works? 

After testing and approval, the patch can be deployed to all relevant systems.

We can’t pretend to know what kind of vulnerability you’re facing, but it’s safe to say that it’s not one you want to ignore. Not all patches require your immediate attention, but some do.

Some patches address critical vulnerabilities with immediate risks, while others fix less severe issues. Prioritizing patches by vulnerability severity lets you take on the major threats first.

Using a vulnerability scanner assess software for weaknesses that could be breached by an attacker. Running a scan helps you prioritize what needs to be patched first—usually based on your organization’s risk management plan and how critical each system’s function is.

Patching Yesterday vs Today: Which Is Really Better?

What is broken, doesn’t have to take long to fix.

And what isn’t broken, can still be looked after without devoting any overtime. 

No more feeling like you’re stuck in the past when:

  • You don’t have to guess what needs to be patched. 
  • Downtime doesn’t have to drag into weeks or months because you put off the next update. 
  • You take the proactive approach that saves you time and resources.

There are only so many hours in the day. Teams of all sizes and expertise automate their patching process free up time to focus on more challenging parts of the job. In security, there’s always a different problem tomorrow. Scheduling patching (or service management and software installs) shouldn’t be one of them.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo