Skip to main content
Category

Patch Management

December Patch Tuesday Update 2022

By Patch Management, Patch Tuesday, WebinarsNo Comments

Watch our December Patch Tuesday 2022 webcast for all the details on the most important vulnerabilities of the month.

Play Video

Microsoft releases 98 fixes this month including 11 Critical, one Public Aware and one Weaponised Threat

There are 11 Rated Critical and 87 are rated Important. Microsoft Windows, Office, NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows Defender, Windows Print Spooler Components and Microsoft Exchange Server have all received fixes this month.

Robert Brown, Head of Customer Success for Syxsense said, “We are starting the year with almost 100 bugs being fixed. Last month in December there were no Preview updates available, which means Microsoft would not have had the same level of testing they would usually would have liked, so we recommend taking the first deployment of this year as carefully as possible — additional internal testing should be conducted to ensure your end users do not suffer. You will also notice 14 (fourteen) 3D Builder Remote Code Execution Vulnerability fixes have been added to the release notes; however, Microsoft has yet to release the fixes for them so keep an eye on these, as they could indicate problems with testing.”

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.

CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

This vulnerability has a large coverage of the Microsoft operating system estate from Windows 8.1 to Windows 11 on workstations and Windows 2012 R2 to 2022 20H2 on servers. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges. Combined with both being actively exploited and having a Jump Point, this should be your number 1 priority.

Note: The vulnerability is Weaponised and has a Jump Point

Syxscore
Vendor Severity: Important
CVSS: 8.8
Weaponised: Yes
Public Aware: No
Countermeasure: No

Syxscore Risk
Attack Vector: Network
Attack Complexity: Low
Privileges: None
User Interaction: Required
Scope (Jump Point): Changed / Yes

CVE-2023-21549 Windows SMB Witness Service Elevation of Privilege Vulnerability

Although Microsoft states this vulnerability is less likely to be used in an attack, the exact steps to follow to exploit this vulnerability can be found on the internet. If that could happen, an attacker could execute RPC functions that are restricted to privileged accounts only hence the CVSS score of 8.8.

Note: The vulnerability is Public Aware

Syxscore
Vendor Severity: Important
CVSS: 8.8
Weaponised: No
Public Aware: Yes
Countermeasure: No

Syxscore Risk
Attack Vector: Network
Attack Complexity: Low
Privileges: Low
User Interaction: None
Scope (Jump Point): Unchanged / No

CVE-2023-21561 Microsoft Cryptographic Services Elevation of Privilege Vulnerability

A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM. The AppContainer environment is considered a defensible security boundary therefore any process that can bypass the boundary is considered a change in Scope (what we call a Jump Point). The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

Note: The vulnerability has a Jump Point

Syxscore
Vendor Severity: Critical
CVSS: 8.8
Weaponised: No
Public Aware: No
Countermeasure: No

Syxscore Risk
Attack Vector: Local
Attack Complexity: Low
Privileges: Low
User Interaction: None
Scope (Jump Point): Changed / Yes

Syxsense Cortex Workflows are being set up to remediate all of January’s patches with the click of a button.

If you would like to see how Syxsense can help you automate your patch remediation process, click to schedule a customized demo.

Microsoft’s January Patch Tuesday Fixes

Reference Description Vendor Severity CVSS Score Publicly Aware Weaponised Countermeasure Additional Information
CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Important 8.8 No Yes No Scope = Changed / Jump Point = True
A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
CVE-2023-21549 Windows Workstation Service Elevation of Privilege Vulnerability Important 8.8 Yes No No An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only.
CVE-2023-21561 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical 8.8 No No No Scope = Changed / Jump Point = True
CVE-2023-21732 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2023-21744 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No In a network-based attack an attacker would need to have the privileges to create a page on a vulnerable SharePoint server. By creating a site using specific code, the attacker could execute code remotely on the target server.
CVE-2023-21742 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No In a network-based attack, an authenticated attacker as at least a Site Member could execute code remotely on the SharePoint Server.
CVE-2023-21681 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2023-21676 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2023-21543 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21546 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21555 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21556 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21679 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21535 Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21548 Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21762 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No No This vulnerability’s attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment.
CVE-2023-21745 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No No
CVE-2023-21551 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Identified by Microsoft Offensive Research and Security Engineering (MORSE).
CVE-2023-21730 Windows Cryptographic Services Remote Code Execution Vulnerability Critical 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21780 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21781 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21782 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21784 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21786 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21791 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21793 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21783 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21785 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21787 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21788 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21789 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21790 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21792 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21724 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21764 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21763 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21537 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21734 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21735 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21736 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21737 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21768 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21726 Windows Credential Manager User Interface Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21558 Windows Error Reporting Service Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.
CVE-2023-21552 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Exploitation More Likely
CVE-2023-21755 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21754 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21747 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21748 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21749 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21772 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21773 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21774 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21675 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21524 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21746 Windows NTLM Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21767 Windows Overlay Filter Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21765 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21678 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21541 Windows Task Scheduler Elevation of Privilege Vulnerability Important 7.8 No No No Exploitation More Likely
CVE-2023-21680 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21538 .NET Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21547 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21761 Microsoft Exchange Server Information Disclosure Vulnerability Important 7.5 No No No
CVE-2023-21539 Windows Authentication Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2023-21683 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21677 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21758 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21527 Windows iSCSI Service Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21757 Windows Layer 2 Tunnelling Protocol (L2TP) Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21557 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21728 Windows Net logon Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21779 Visual Studio Code Remote Code Execution Vulnerability Important 7.3 No No No
CVE-2023-21741 Microsoft Office Visio Information Disclosure Vulnerability Important 7.1 No No No
CVE-2023-21738 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.1 No No No
CVE-2023-21752 Windows Backup Service Elevation of Privilege Vulnerability Important 7.1 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21750 Windows Kernel Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2023-21760 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.1 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21531 Azure Service Fabric Container Elevation of Privilege Vulnerability Important 7 No No No An attacker who successfully exploited this vulnerability could elevate their privileges and gain control over the Service Fabric cluster. This vulnerability does not allow the attacker to elevate privileges outside of the compromised cluster.
CVE-2023-21733 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2023-21739 Windows Bluetooth Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2023-21532 Windows GDI Elevation of Privilege Vulnerability Important 7 No No No Exploitation More Likely
CVE-2023-21542 Windows Installer Elevation of Privilege Vulnerability Important 7 No No No
CVE-2023-21771 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Important 7 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21563 BitLocker Security Feature Bypass Vulnerability Important 6.8 No No No A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.
CVE-2023-21560 Windows Boot Manager Security Feature Bypass Vulnerability Important 6.6 No No No A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.
CVE-2023-21725 Microsoft Windows Defender Elevation of Privilege Vulnerability Important 6.3 No No No
CVE-2023-21559 Windows Cryptographic Services Information Disclosure Vulnerability Important 6.2 No No No
CVE-2023-21753 Event Tracing for Windows Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21540 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21550 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21776 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21743 Microsoft SharePoint Server Security Feature Bypass Vulnerability Critical 5.3 No No No Exploitation More Likely
CVE-2023-21525 Windows Encrypting File System (EFS) Denial of Service Vulnerability Important 5.3 No No No
CVE-2023-21682 Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability Important 5.3 No No No
CVE-2023-21536 Event Tracing for Windows Information Disclosure Vulnerability Important 4.7 No No No
CVE-2023-21766 Windows Overlay Filter Information Disclosure Vulnerability Important 4.7 No No No
CVE-2023-21759 Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Important 3.3 No No No An attacker who successfully exploited this vulnerability could gain access to data related to FIDO keys managed on a vulnerable system.

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Start a Free Trial
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 15, 2023
Love0
Buyers Guide

2023 Patch Management Buyers Guide

By Patch ManagementNo Comments

2023 Patch Management Buyers Guide

How do you choose a patch management tool? See our list of essential questions that should be asked of vendors to identify the benefits of each system.

Read the 2023 Patch Management Buyers Guide

Selecting a new or replacement IT management or patch management system can be difficult, with many vendors offering what seems like similar features. This guide aims to provide a list of essential questions that should be asked of vendors to identify the benefits of each system.

Patch Management Buyers Guide 2023

Download the 2023 Patch Management Buyers Guide

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 1, 2023
Love0
Analyst Insights GigaOm Radar for Patch Management

Analyst Insights: GigaOm Radar for Patch Management

By Patch Management, Video, WebinarsNo Comments

We hosted Howard Holton, Analyst & CTO at GigaOm, to discuss the state of the industry, the future of patch management, and how to use the latest GigaOm Radar to find the right solution for you.

In this session you’ll learn:

  • Good practices for patch management in the current threat environment
  • Emerging technologies in patch management solutions
  • How to use the GigaOm Radar to find the right patch management solution

View the Webinar

December 13, 2022
Love0
syxsense scores high in gigaom report

Syxsense Named a Fast Mover in GigaOm Radar Report for Patch Management Solutions

By Endpoint Security, News, Patch ManagementNo Comments

Syxsense Named a Fast Mover in GigaOm Radar Report for Patch Management Solutions

We are excited to announce that Syxsense has been named a Fast Mover in the GigaOm Radar Report for Patch Management. This report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria, and provides a forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution.

This report synthesizes the analysis of key criteria and their impact on evaluation metrics to inform the GigaOm Radar graphic, which plots vendor solutions across a series of concentric rings, with those set closer to the center judged to be of higher overall value. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation, and Feature Play versus Platform Play—while providing an arrow that projects each solution’s evolution over the coming 12 to 18 months.

As a Fast Mover in Patch Management, Syxsense provides full coverage of Windows, macOS, and Linux desktops and servers, as well as mobile devices and remote systems. Our strengths lie in lifecycle management, patch testing, patch deployment, patch prioritization, and a large number of third-party applications. Syxsense also supports an API, allowing integration with other systems such as ITSM and CMDB. Our Patch Management solution is deployed as a SaaS application with agents installed on your organization’s endpoints, and is a good fit for market segments including mid-market, large enterprises, and MSPs.

To see the full report breakdown, fill out the form below:

syxsense award

Download the Full Report

November 28, 2022
Love1
6 Rules for Securing Your Endpoints

6 Simple Rules for Securing Your Endpoints

By Patch ManagementNo Comments

6 Simple Rules for Securing Your Endpoints

It's never been more critical to manage and secure your endpoints. Here are six important rules for protecting your organization from IT security threats.

1. Always Be Patching

Managing software updates—and specifically patching endpoints—secures your organization from known threats. The appearance of new endpoint types—such as Internet of Things (IoT), Bring Your Own Device (BYOD), and other operating system and software vulnerabilities—requires countless patches. Always be patching if you want to stay ahead of the bad actors.

2. Seek Out All Endpoints

Think about your company’s network—how many devices are out there? Is the number of staggering? You had better give it some thought, because endpoints account for the vast majority of security breaches—estimates put the number at about 70 percent. And if you don’t know you have them, you can’t secure them.

3. Stay Current

You must adapt to the increasing complexity of hackers and their cyberattacks. Bad actors never sleep—they continually work to improve their cyberattacks, constantly evolving the threat landscape. Your organization, therefore, must deploy endpoint security solutions that will keep up with the deluge of malware that can be expected in the future.

4. Be Resilient

Experts suggest that companies must aim to be resilient, assuming that breaches are inevitable. Since endpoints are said to account for about 70 percent of all breaches, being able to find and fix an attack at an endpoint while continuing to operate your business effectively is the key to resilience. A threat or breach to an endpoint must not be allowed to demobilize your entire business.

5. Be Strategic

Many organizations have an inconsistent approach to endpoint security. Companies, today, must manage endpoint security strategically and begin to fully comprehend the risks associated with all endpoints. Not doing so can result in inadequacies in processes and procedures leaving endpoints open to attack and breaches.

6. Make It a Priority

Overall, endpoint security and cybersecurity need to become a priority in your organization’s business plans. Endpoint security doesn’t just protect your business—it preserves your reputation, reassures your customers, and streamlines your business processes. Without the necessary prioritization that cybersecurity demands, your endpoint security will most likely fail.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
July 29, 2022
Love0
|

May Patch Tuesday 2022 Addresses 74 Critical Issues

By Patch Management, Patch TuesdayNo Comments

Watch our May Patch Tuesday 2022 webcast for all the details on the most important vulnerabilities of the month.

Play Video

Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats

There are 7 Rated Critical and 66 are rated Important with the remaining 1 marked as Low.  Microsoft Windows and Windows Components, .NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office and Office Components, Windows Hyper-V, Windows Authentication Methods, BitLocker, Windows Cluster Shared Volume (CSV), Remote Desktop Client, Windows Network File System, NTFS, and Windows Point-to-Point Tunnelling Protocol have all been updated.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “One of the most serious characteristics of a vulnerability is the Scope; which we call the Jump Point.  It suggests that should a hacker expose a specific vulnerability, they would be able to jump from that specific technology and hop into another, which is exactly what they did with the Solar Winds hack.  In this release Microsoft is resolving 11 vulnerabilities which have an exposed Jump Point.”

Top May 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2022-26925: Windows LSA Spoofing Vulnerability

An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.  This security update detects anonymous connection attempts in LSARPC and disallows it.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.1
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-22713: Windows Hyper-V Denial of Service Vulnerability

Successful exploitation of this vulnerability requires an attacker to win a race condition.

Syxscore

  • Vendor Severity: Important
  • CVSS: 5.6
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

3. CVE-2022-26937: Windows Network File System Remote Code Execution Vulnerability

This bug could allow remote, unauthenticated attackers to execute code in the context of the Network File System (NFS) service on affected systems.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: Yes – This vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV2 and NFSV3.

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

Reference Description Vendor Severity CVSS Score Public Aware Weaponised Countermeasure Syxsense Recommended
CVE-2022-26925 Windows LSA Spoofing Vulnerability Important 8.1 Yes Yes No Yes
CVE-2022-29972 Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver Critical N/A Yes No No Yes
CVE-2022-22713 Windows Hyper-V Denial of Service Vulnerability Important 5.6 Yes No No Yes
CVE-2022-26937 Windows Network File System Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2022-22012 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No No Yes
CVE-2022-29130 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No Yes – This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. Yes
CVE-2022-26923 Active Directory Domain Services Elevation of Privilege Vulnerability Critical 8.8 No No Yes – A system is vulnerable only if Active Directory Certificate Services is running on the domain. Yes
CVE-2022-22017 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-29108 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-22019 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-30129 Visual Studio Code Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-26927 Windows Graphics Component Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29133 Windows Kernel Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2022-22013 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-22014 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29128 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29129 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29131 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29137 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29139 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29141 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21978 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2022-26932 Storage Spaces Direct Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2022-21972 Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2022-23270 Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2022-29109 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29110 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29105 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29148 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-26926 Windows Address Book Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29113 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-29115 Windows Fax Service Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29104 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-29132 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-29103 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-26931 Windows Kerberos Elevation of Privilege Vulnerability Critical 7.5 No No No
CVE-2022-23267 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-29117 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-29145 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-26913 Windows Authentication Security Feature Bypass Vulnerability Important 7.4 No No No
CVE-2022-26938 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-26939 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29126 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23279 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29135 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29150 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29151 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29138 Windows Clustered Shared Volume Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29106 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29142 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-22016 Windows Play To Manager Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29125 Windows Push Notifications Apps Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-26940 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29120 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29122 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29123 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29134 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-26934 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29112 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-22015 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-26936 Windows Server Service Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29121 Windows WLAN AutoConfig Service Denial of Service Vulnerability Important 6.5 No No No
CVE-2022-26935 Windows WLAN AutoConfig Service Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29107 Microsoft Office Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2022-29102 Windows Failover Cluster Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-22011 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-26933 Windows NTFS Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29114 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29140 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-26930 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29116 Windows Kernel Information Disclosure Vulnerability Important 4.7 No No No
CVE-2022-29127 BitLocker Security Feature Bypass Vulnerability Important 4.2 No No No
CVE-2022-24466 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.1 No No No
CVE-2022-30130 .NET Framework Denial of Service Vulnerability Low 3.3 No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Start a Free Trial
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
May 10, 2022
Love0
||

April Patch Tuesday 2022 Addresses Over 120 Security Fixes

By Patch Management, Patch TuesdayNo Comments

April Patch Tuesday 2022 Addresses Over 120 Security Fixes

April Patch Tuesday 2022 has arrived. Tackle the latest Microsoft updates, critical patches, and vulnerabilities of the month.

Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats

There are 10 Rated Critical and 115 patches rated Important with the remaining marked Moderate. This includes:

  • Microsoft Windows and Windows Components
  • Microsoft Defender and Defender for Endpoint
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Exchange Server
  • Office and Office Components
  • SharePoint Server
  • Windows Hyper-V, DNS Server
  • Skype for Business
  • .NET and Visual Studio
  • Windows App Store
  • Windows Print Spooler Components

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month as well.

Robert Brown, Head of Customer Success for Syxsense said, “We have an increase of patches fixed in this release which matches what we had released last year, and is almost twice as many as last month.  There is both a weaponized threat and a Public Aware threat so right away you have updates to prioritize this month.  We also have an increase of Critical updates this month, increasing from 3 last month to 10 this month.”

Top April 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2022-24521: Windows Common Log File System Driver Elevation of Privilege Vulnerability

The vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: Yes
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-26904: Windows User Profile Service Elevation of Privilege Vulnerability

The vulnerability exists due to a race condition in Windows User Profile Service. A local user can exploit the race and escalate privileges on the system.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.0
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

3. CVE-2022-26809: Remote Procedure Call Runtime Remote Code Execution Vulnerability

The vulnerability could allow a remote attacker to executed code at high privileges on an affected system. Since no user interaction is required, these factors combine to make this wormable, at least between machine where RPC can be reached.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

April 13, 2022
Love0
||

March Patch Tuesday 2022 Resolves 71 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

March Patch Tuesday 2022 Resolves 71 Vulnerabilities

March Patch Tuesday 2022 has officially arrived — tackle the latest Microsoft updates and vulnerabilities for this month.

Microsoft Releases 71 Fixes This Month Including 3 Public Aware Threats

There are 3 patches rated Critical and 68 are rated Important.  Microsoft Windows and Windows Components, Azure Site Recovery, Microsoft Defender for Endpoint and IoT, Intune, Edge (Chromium-based), Windows HTML Platforms, Office and Office Components, Skype for Chrome, .NET and Visual Studio, Windows RDP and SMB Server have all been updated.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “Public Aware threats do not often go to Weaponized, but do you want to be the IT Manager who didn’t prioritize these updates? There are very few Critical severity patches this month for the release, but that doesn’t mean some of the Important updates should be ignored.  Your patching strategy should be based on the risk you are prepared to take, and if the risk if too high then deploy those patches.”

 

Top March 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend our customers enter the CVE numbers below into your patch management solution and deploy as soon as possible.

1. CVE-2022-21990: Remote Desktop Client Remote Code Execution Vulnerability

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

This vulnerability is ‘More Likely’ to be used as an entry point as suggested by Microsoft.  Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-24459: Windows Fax and Scan Service Elevation of Privilege Vulnerability

Vulnerabilities details are unknown at this time but an attacker who successfully exploited the vulnerability could run arbitrary code. Keep an eye on this for changes in severity or priority.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

3. CVE-2022-24508: Windows SMBv3 Client/Server Remote Code Execution Vulnerability

The vulnerability allows a remote attacker to execute arbitrary code on the target system and is ‘More Likely’ to be used as an entry point as suggested by Microsoft.  Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Syxscore

  • Vendor Severity: Network
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes – see here

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Countermeasure Syxsense Recommended
CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-21990 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No Yes No Yes
CVE-2022-24459 Windows Fax and Scan Service Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2022-24512 .NET and Visual Studio Remote Code Execution Vulnerability Important 6.3 No Yes No Yes
CVE-2022-24508 Windows SMBv3 Client/Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-23285 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-23294 Windows Event Tracing Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-24469 Azure Site Recovery Elevation of Privilege Vulnerability Important 8.1 No No No Yes
CVE-2022-22006 HEVC Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-24501 VP9 Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-24457 HEIF Image Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-22007 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23301 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24452 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24453 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24456 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23266 Microsoft Defender for IoT Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24461 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24509 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24510 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23282 Paint 3D Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23295 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23300 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24451 VP9 Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24507 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24455 Windows CD-ROM Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23291 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23293 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23290 Windows Inking COM Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23296 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23299 Windows PDEV Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24454 Windows Security Support Provider Interface Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24464 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-24522 Skype Extension for Chrome Information Disclosure Vulnerability Important 7.5 No No No
CVE-2022-24467 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24468 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24470 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24471 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24517 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24520 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-23265 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-23284 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.2 No No No
CVE-2022-21967 Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24460 Tablet Windows User Interface Application Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23283 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23287 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24505 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23286 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23288 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23298 Windows NT OS Kernel Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24525 Windows Update Stack Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24506 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2022-24515 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2022-24518 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2022-24519 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2020-8927 Brotli Library Buffer Overflow Vulnerability Important 6.5 No No No
CVE-2022-24463 Microsoft Exchange Server Spoofing Vulnerability Important 6.5 No No No
CVE-2022-23253 Point-to-Point Tunnelling Protocol Denial of Service Vulnerability Important 6.5 No No No
CVE-2022-24526 Visual Studio Code Spoofing Vulnerability Important 6.1 No No No
CVE-2022-23278 Microsoft Defender for Endpoint Spoofing Vulnerability Important 5.9 No No No
CVE-2022-24511 Microsoft Office Word Tampering Vulnerability Important 5.5 No No No
CVE-2022-24462 Microsoft Word Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2022-23281 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-21973 Windows Media Center Update Denial of Service Vulnerability Important 5.5 No No No
CVE-2022-23297 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-24503 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 5.4 No No No
CVE-2022-21975 Windows Hyper-V Denial of Service Vulnerability Important 4.7 No No No
CVE-2022-22010 Media Foundation Information Disclosure Vulnerability Important 4.4 No No No
CVE-2022-24502 Windows HTML Platforms Security Feature Bypass Vulnerability Important 4.3 No No No
CVE-2022-21977 Media Foundation Information Disclosure Vulnerability Important 3.3 No No No
CVE-2022-24465 Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability Important 3.3 No No No
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
March 9, 2022
Love0
||

Why Log4j Keeps Getting Exploited

By Patch ManagementNo Comments

Why Log4j Keeps Getting Exploited

Cybercriminals are still using Log4j to rampage through enterprise after enterprise. What's the best way to protect your organization?

Log4j Still Being Targeted

It is a couple of months now since the Log4j vulnerability become public knowledge. Yet cybercriminals are still using it to rampage through enterprise after enterprise. Known as CVE-2021-44228, Log4j exploits Java servers that are ubiquitous in the enterprise. It has been spreading in the wild as fast as the Omicron variant of COVID-19. The sad part of the story is that the hacking world has jumped on it while many IT departments remain oblivious to it.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) keeps issuing warnings about it, attempting to raise awareness of the problem. Federal agencies have been ordered to search carefully through their systems for all Java servers and related dependences, and patch them all.

To make matters worse, nobody knows how long Log4j was being exploited by cybercriminals. Its discovery in early December 2021 does not mean that was the first time it was ever used by hackers. It could have been harnessed for months. Nevertheless, they are having a field day due to the number of potential systems at their disposal.

Consider the ubiquitous nature of Java:

  • About 9 million people are considered to be Java developers worldwide.
  • As many as 3 billion devices exist that are running Java in some form or another.
  • That includes nine of out ten desktops, laptops, and tablets.
  • Almost all enterprise desktops use Java.

That adds up to a lot of trouble for security personnel. As an analogy, imagine a relatively flat country like Poland trying to defend its borders while being attacked simultaneously by all the nations around it: Russia, Germany, Denmark, Sweden, Latvia, Belarus, Ukraine, Czech, and Slovakia – and having to deal with internal insurgency at the same time. Java is so pervasive that it offers hackers innumerable channels for exploitation. What worries security experts is that even a relatively thorough search for vulnerably Java servers might still miss one or two buried systems.

No wonder government agencies, open-source communities, and vendors have been issuing patches and remedies at a frantic pace. Here are a few highlights:

 

  • The Apache Software Foundation released a detailed series of fixes for Log4j on its software. This is the most recent of a series of Apache patches and fixes. The foundation made an early release of remedies and followed that up with another couple of releases due after finding more ways Log4j could exploit Apache.
  • Blumira announced the discovery of a nasty Log4j-related Javascript WebSocket attack vector that is very hard to detect.
  • Google announced that nearly vulnerable 20,000 Java packages were found inside the Maven Central repository.
  • JFrog found even more that are undetectable via dependency scanning.
  • Microsoft released a series of scanning tools a dashboard to detect Log4j vulnerabilities running on Windows and Linux.
  • CISA released a Log4J scanner.
  • CrowdStrike released its own scanner to find hidden vulnerabilities.

But as fast as fixes, scanner, and patches are issue, ransomware groups are harnessing Log4j in sophisticated ransomware scams. One Chinese gang, for example, is using Log4Shell to breach VMware server products. Another gang from Iran has found a way to use it to distribute a PowerShell toolkit to exploit Java applications.

Fixing the Log4j Mess

It isn’t easy to fix the mess left behind by vulnerable Java code. The advice from CISA is to draw up a detailed list of external facing devices that have Log4j installed. Take action on every alert on those devices. Install a web application firewall (WAF) that can automate alert consolidation and centralization. And patch, patch, and patch again.

There are scanners available such as those noted above, as well as quite a number of patches to install. The advice of the UK’s National Cyber Security Centre (NCSC) is to update all systems with the latest security patches.

“In the case of this vulnerability CVE-2021-44228, the most important aspect is to install the latest updates as soon as practicable.”

How to Protect Yourself from Log4j

Although a number of popular IT management and security tools are vulnerable, Syxsense is pleased to confirm that it does NOT use Log4j. Syxsense Secure and Enterprise customers can use the Syxsense security scanner to identify endpoints that are exposed to this new vulnerability.

Syxsense vulnerability scanner is not only a complete security management package, it is automated, repeatable, and generates quick results, delivering security and safety in a timely manner. With security scanning and patch management in one console, Syxsense Secure is the only product that not only shows you what’s wrong, but also deploys the solution.

It offers visibility into OS and third-party vulnerabilities like defects, errors, or misconfigurations of components, while increasing cyber resilience. And it is fully integrated with automated patch management software that lets you easily manage unpatched vulnerabilities with the click of a button.

Syxsense includes patch supersedence, patch roll back, and a wealth of automation features. In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 16, 2022
Love0
||

New Google Chrome Zero Day Weaponized

By Patch ManagementNo Comments

Google Chrome Zero-Day Is Being Weaponized

Google has released 98.0.4758.102 today to the Stable Channel to resolve serious issues impacting Windows, Linux and Mac OS.  So far this year this is the first Google Zero Day version of the Chrome browser, on par with last year’s record cadence of 16 Weaponised versions throughout the year.  This vulnerability is being tracked under CVE-2022-0609 and are both Critical Severity.

A remote attacker can create a specially-crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

What’s the solution?

Upgrade to the latest version of Chrome stable channel using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a serious risk as this can be exposed over any network, with low complexity and without privileges.  The CVE carries a CVSS score of 8.8 (High Severity) and the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 16, 2022
Love0