Skip to main content
Category

Patch Tuesday

|

May Patch Tuesday 2022 Addresses 74 Critical Issues

By Patch Management, Patch TuesdayNo Comments

Watch our May Patch Tuesday 2022 webcast for all the details on the most important vulnerabilities of the month.

Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats

There are 7 Rated Critical and 66 are rated Important with the remaining 1 marked as Low.  Microsoft Windows and Windows Components, .NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office and Office Components, Windows Hyper-V, Windows Authentication Methods, BitLocker, Windows Cluster Shared Volume (CSV), Remote Desktop Client, Windows Network File System, NTFS, and Windows Point-to-Point Tunnelling Protocol have all been updated.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “One of the most serious characteristics of a vulnerability is the Scope; which we call the Jump Point.  It suggests that should a hacker expose a specific vulnerability, they would be able to jump from that specific technology and hop into another, which is exactly what they did with the Solar Winds hack.  In this release Microsoft is resolving 11 vulnerabilities which have an exposed Jump Point.”

Top May 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2022-26925: Windows LSA Spoofing Vulnerability

An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.  This security update detects anonymous connection attempts in LSARPC and disallows it.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.1
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-22713: Windows Hyper-V Denial of Service Vulnerability

Successful exploitation of this vulnerability requires an attacker to win a race condition.

Syxscore

  • Vendor Severity: Important
  • CVSS: 5.6
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

3. CVE-2022-26937: Windows Network File System Remote Code Execution Vulnerability

This bug could allow remote, unauthenticated attackers to execute code in the context of the Network File System (NFS) service on affected systems.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: Yes – This vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV2 and NFSV3.

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

Reference Description Vendor Severity CVSS Score Public Aware Weaponised Countermeasure Syxsense Recommended
CVE-2022-26925 Windows LSA Spoofing Vulnerability Important 8.1 Yes Yes No Yes
CVE-2022-29972 Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver Critical N/A Yes No No Yes
CVE-2022-22713 Windows Hyper-V Denial of Service Vulnerability Important 5.6 Yes No No Yes
CVE-2022-26937 Windows Network File System Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2022-22012 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No No Yes
CVE-2022-29130 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No Yes – This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. Yes
CVE-2022-26923 Active Directory Domain Services Elevation of Privilege Vulnerability Critical 8.8 No No Yes – A system is vulnerable only if Active Directory Certificate Services is running on the domain. Yes
CVE-2022-22017 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-29108 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-22019 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-30129 Visual Studio Code Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-26927 Windows Graphics Component Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29133 Windows Kernel Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2022-22013 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-22014 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29128 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29129 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29131 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29137 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29139 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29141 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21978 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2022-26932 Storage Spaces Direct Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2022-21972 Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2022-23270 Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2022-29109 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29110 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29105 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29148 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-26926 Windows Address Book Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29113 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-29115 Windows Fax Service Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29104 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-29132 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-29103 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-26931 Windows Kerberos Elevation of Privilege Vulnerability Critical 7.5 No No No
CVE-2022-23267 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-29117 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-29145 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-26913 Windows Authentication Security Feature Bypass Vulnerability Important 7.4 No No No
CVE-2022-26938 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-26939 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29126 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23279 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29135 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29150 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29151 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29138 Windows Clustered Shared Volume Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29106 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29142 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-22016 Windows Play To Manager Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29125 Windows Push Notifications Apps Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-26940 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29120 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29122 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29123 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29134 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-26934 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29112 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-22015 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-26936 Windows Server Service Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29121 Windows WLAN AutoConfig Service Denial of Service Vulnerability Important 6.5 No No No
CVE-2022-26935 Windows WLAN AutoConfig Service Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29107 Microsoft Office Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2022-29102 Windows Failover Cluster Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-22011 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-26933 Windows NTFS Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29114 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29140 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-26930 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29116 Windows Kernel Information Disclosure Vulnerability Important 4.7 No No No
CVE-2022-29127 BitLocker Security Feature Bypass Vulnerability Important 4.2 No No No
CVE-2022-24466 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.1 No No No
CVE-2022-30130 .NET Framework Denial of Service Vulnerability Low 3.3 No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Start a Free Trial
||

April Patch Tuesday 2022 Addresses Over 120 Security Fixes

By Patch Management, Patch TuesdayNo Comments

April Patch Tuesday 2022 Addresses Over 120 Security Fixes

April Patch Tuesday 2022 has arrived. Tackle the latest Microsoft updates, critical patches, and vulnerabilities of the month.

Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats

There are 10 Rated Critical and 115 patches rated Important with the remaining marked Moderate. This includes:

  • Microsoft Windows and Windows Components
  • Microsoft Defender and Defender for Endpoint
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Exchange Server
  • Office and Office Components
  • SharePoint Server
  • Windows Hyper-V, DNS Server
  • Skype for Business
  • .NET and Visual Studio
  • Windows App Store
  • Windows Print Spooler Components

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month as well.

Robert Brown, Head of Customer Success for Syxsense said, “We have an increase of patches fixed in this release which matches what we had released last year, and is almost twice as many as last month.  There is both a weaponized threat and a Public Aware threat so right away you have updates to prioritize this month.  We also have an increase of Critical updates this month, increasing from 3 last month to 10 this month.”

Top April 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2022-24521: Windows Common Log File System Driver Elevation of Privilege Vulnerability

The vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: Yes
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-26904: Windows User Profile Service Elevation of Privilege Vulnerability

The vulnerability exists due to a race condition in Windows User Profile Service. A local user can exploit the race and escalate privileges on the system.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.0
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

3. CVE-2022-26809: Remote Procedure Call Runtime Remote Code Execution Vulnerability

The vulnerability could allow a remote attacker to executed code at high privileges on an affected system. Since no user interaction is required, these factors combine to make this wormable, at least between machine where RPC can be reached.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

||||||

Syxsense Changes Game with Introduction of New Mobile Device Management Solution

By News, Patch TuesdayNo Comments

Syxsense Changes Game with Introduction of New Mobile Device Management Solution

Syxsense's MDM solution broadens the reach of IT managers to mobile devices running iOS, iPadOS, and Android.

Mobile Device Management Added to Syxsense

ALISO VIEJO, Calif., March 29, 2022 /PRNewswire/ –– Syxsense, a global leader in IT and security management solutions, announced today the availability of their solution for Mobile Device Management (MDM).

Available immediately, the MDM solution from Syxsense is the first solution on the market that broadens the reach of IT managers to now include mobile devices running iOS, iPadOS, and Android, in addition to previously supported Windows, Linux and Mac environments.

The ongoing trend of remote and hybrid work models has increased the criticality of bringing mobile devices under the umbrella of IT managed security, both company issued as well as BYOD (bring your own device.) MDM is now recognized by analyst firm Gartner as a key requirement of an effective Unified Endpoint Management (UEM) strategy, which has seen a surge in investment recently. Gartner writes “UEM investment has grown in response to the greater acceptance of remote working and the requirement to manage, patch and support Windows 10 and macOS PCs as well as mobile devices, regardless of location.”

Syxsense’ MDM offering includes all the tools necessary to apply effective management to mobile endpoints, including Device Enrollment, Inventory and Configuration Management, Application Deployment and Rollback, Data Containerization, and Remote Device Lock/Reset/Wipe, making it possible for IT to wipe sensitive data from lost or stolen devices.

“The Syxsense approach of unifying management of all IT devices into a single console that spans device management, device security and vulnerability remediation, has resonated with our customers, and is the catalyst for our recent explosive growth,” explains Ashley Leonard, founder and CEO of Syxsense. “This industry-first ability to now manage mobile devices within the same platform and methodology as other IT assets has been hugely popular with our early adopters.”

Syxsense Mobile Device Management is available as an add-on module to Syxsense Secure, which already includes management and security tools for servers, desktops, laptops, and virtual machines. It will also be included in an upcoming release of a bundled offering targeted at enterprise customers who wish to manage the broad scope of their IT devices from within a single console.

Other Included Features

Syxsense has also released updates to their existing offerings to now provide integration with Active Directory (AD) allowing IT managers to manage on-premise AD devices from the cloud. Syxsense discovers devices as they are added to OUs (organizational units) and automatically applies the appropriate policies.

This union of Syxsense Cortex™ and AD enables cradle to grave lifecycle management based on OU membership, rather than having to manually apply tasks to new devices and is a huge time saver to the IT team.

Newly updated Syxsense Manage is now also the first patch management product on the market that offers active Patch Tuesday scheduling for phased deployments. The recurring windows are set relative to the moving target of the second Tuesday, making it easy to deploy new content automatically. Missing a deployment of Microsoft’s recommended patches is a major factor in unprotected or under-protected environments and leaves the door open for attack.

Syxsense products support iOS, iPadOS, Android, Windows Servers, Windows Desktop, MacOS devices, and a variety of Linux distributions, now also including the enterprise-friendly Rocky Linux.

Information and pricing on these new Syxsense products is available on the Syxsense website. Qualified customers are also able to schedule a personalized demo of the existing products and the new MDM module, and receive a $100 gift card in return, by registering here.

More Information

||

March Patch Tuesday 2022 Resolves 71 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

March Patch Tuesday 2022 Resolves 71 Vulnerabilities

March Patch Tuesday 2022 has officially arrived — tackle the latest Microsoft updates and vulnerabilities for this month.

Microsoft Releases 71 Fixes This Month Including 3 Public Aware Threats

There are 3 patches rated Critical and 68 are rated Important.  Microsoft Windows and Windows Components, Azure Site Recovery, Microsoft Defender for Endpoint and IoT, Intune, Edge (Chromium-based), Windows HTML Platforms, Office and Office Components, Skype for Chrome, .NET and Visual Studio, Windows RDP and SMB Server have all been updated.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “Public Aware threats do not often go to Weaponized, but do you want to be the IT Manager who didn’t prioritize these updates? There are very few Critical severity patches this month for the release, but that doesn’t mean some of the Important updates should be ignored.  Your patching strategy should be based on the risk you are prepared to take, and if the risk if too high then deploy those patches.”

 

Top March 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend our customers enter the CVE numbers below into your patch management solution and deploy as soon as possible.

1. CVE-2022-21990: Remote Desktop Client Remote Code Execution Vulnerability

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

This vulnerability is ‘More Likely’ to be used as an entry point as suggested by Microsoft.  Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-24459: Windows Fax and Scan Service Elevation of Privilege Vulnerability

Vulnerabilities details are unknown at this time but an attacker who successfully exploited the vulnerability could run arbitrary code. Keep an eye on this for changes in severity or priority.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

3. CVE-2022-24508: Windows SMBv3 Client/Server Remote Code Execution Vulnerability

The vulnerability allows a remote attacker to execute arbitrary code on the target system and is ‘More Likely’ to be used as an entry point as suggested by Microsoft.  Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Syxscore

  • Vendor Severity: Network
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes – see here

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Countermeasure Syxsense Recommended
CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-21990 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No Yes No Yes
CVE-2022-24459 Windows Fax and Scan Service Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2022-24512 .NET and Visual Studio Remote Code Execution Vulnerability Important 6.3 No Yes No Yes
CVE-2022-24508 Windows SMBv3 Client/Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-23285 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-23294 Windows Event Tracing Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-24469 Azure Site Recovery Elevation of Privilege Vulnerability Important 8.1 No No No Yes
CVE-2022-22006 HEVC Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-24501 VP9 Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-24457 HEIF Image Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-22007 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23301 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24452 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24453 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24456 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23266 Microsoft Defender for IoT Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24461 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24509 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24510 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23282 Paint 3D Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23295 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23300 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24451 VP9 Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24507 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24455 Windows CD-ROM Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23291 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23293 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23290 Windows Inking COM Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23296 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23299 Windows PDEV Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24454 Windows Security Support Provider Interface Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24464 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-24522 Skype Extension for Chrome Information Disclosure Vulnerability Important 7.5 No No No
CVE-2022-24467 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24468 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24470 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24471 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24517 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24520 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-23265 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-23284 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.2 No No No
CVE-2022-21967 Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24460 Tablet Windows User Interface Application Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23283 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23287 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24505 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23286 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23288 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23298 Windows NT OS Kernel Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24525 Windows Update Stack Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24506 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2022-24515 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2022-24518 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2022-24519 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2020-8927 Brotli Library Buffer Overflow Vulnerability Important 6.5 No No No
CVE-2022-24463 Microsoft Exchange Server Spoofing Vulnerability Important 6.5 No No No
CVE-2022-23253 Point-to-Point Tunnelling Protocol Denial of Service Vulnerability Important 6.5 No No No
CVE-2022-24526 Visual Studio Code Spoofing Vulnerability Important 6.1 No No No
CVE-2022-23278 Microsoft Defender for Endpoint Spoofing Vulnerability Important 5.9 No No No
CVE-2022-24511 Microsoft Office Word Tampering Vulnerability Important 5.5 No No No
CVE-2022-24462 Microsoft Word Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2022-23281 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-21973 Windows Media Center Update Denial of Service Vulnerability Important 5.5 No No No
CVE-2022-23297 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-24503 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 5.4 No No No
CVE-2022-21975 Windows Hyper-V Denial of Service Vulnerability Important 4.7 No No No
CVE-2022-22010 Media Foundation Information Disclosure Vulnerability Important 4.4 No No No
CVE-2022-24502 Windows HTML Platforms Security Feature Bypass Vulnerability Important 4.3 No No No
CVE-2022-21977 Media Foundation Information Disclosure Vulnerability Important 3.3 No No No
CVE-2022-24465 Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability Important 3.3 No No No
February Patch Tuesday 2021

February Patch Tuesday 2022 Fixes 51 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

February Patch Tuesday 2022 Fixes 51 Vulnerabilities

The second Patch Tuesday of 2022 has arrived — tackle the latest Microsoft updates and vulnerabilities for the month of February.

Microsoft Releases 51 fixes this month including 1 Public Aware threat

here are 50 Important fixes in this release and 1 Moderate.  Microsoft Windows and Windows Components, Azure Data Explorer, Kestrel Web Server, Microsoft Edge (Chromium-based), Windows Codecs Library, Microsoft Dynamics, Microsoft Dynamics GP, Microsoft Office and Office Components, Windows Hyper-V Server, SQL Server, Visual Studio Code, and Microsoft Teams.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “This is the first year we have a Microsoft release which has not consisted of a Critical severity vulnerability rated by the Vendor.  This is the reason it is essential to compare different severity systems instead of relying on a single source of truth, in this case the vendor rated severity.  There are still extremely important vulnerabilities to remediate this month, the lack of a Critical vulnerabilities does not allow you to relax just yet.”

 

Top February 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend our customers enter the CVE numbers below into your patch management solution and deploy as soon as possible.

1. CVE-2022-21989: Windows Kernel Elevation of Privilege Vulnerability

Windows does not properly impose security restrictions in Windows Kernel, which leads to security restrictions bypass and privilege escalation.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponised: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

2. CVE-2022-21984: Windows DNS Server Remote Code Execution Vulnerability

This patch fixes a remote code execution bug in the Microsoft DNS server.  An attacker could completely take over your DNS and execute code with elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: Yes – The server is only affected if dynamic updates are enabled, but this is a relatively common configuration. 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No

3. CVE-2022-21995: Windows Hyper-V Remote Code Execution Vulnerability

This patch fixes a guest-to-host escape in Hyper-V server and successful exploitation of this vulnerability may result in complete compromise of the system.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.9
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Adjacent
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Yes
  • Scope (Jump Point): No

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Title Vendor Severity CVSS Score Countermeasure Publicly Aware Weaponised Highly Recommended
CVE-2022-21989 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Yes No Yes
CVE-2022-21984 Windows DNS Server Remote Code Execution Vulnerability Important 8.8 Yes No No Yes
CVE-2022-22005 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No Yes
CVE-2022-23274 Microsoft Dynamics GP Remote Code Execution Vulnerability Important 8.3 No No Yes
CVE-2022-23256 Azure Data Explorer Spoofing Vulnerability Important 8.1 No No Yes
CVE-2022-23272 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important 8.1 No No Yes
CVE-2022-21991 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability Important 8.1 No No Yes
CVE-2022-21987 Microsoft SharePoint Server Spoofing Vulnerability Important 8 No No Yes
CVE-2022-21995 Windows Hyper-V Remote Code Execution Vulnerability Important 7.9 No No Yes
CVE-2022-21844 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21926 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21927 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-22004 Microsoft Office ClickToRun Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-22003 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21988 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-22715 Named Pipe File System Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21974 Roaming Security Rights Management Services Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-23276 SQL Server for Linux Containers Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22709 VP9 Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21996 Win32k Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21981 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22000 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21994 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21992 Windows Mobile Device Management Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21999 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22718 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22001 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21971 Windows Runtime Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-23263 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 7.7 No No Yes
CVE-2022-21986 .NET Denial of Service Vulnerability Important 7.5 No No
CVE-2022-21965 Microsoft Teams Denial of Service Vulnerability Important 7.5 No No
CVE-2022-21993 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important 7.5 No No
CVE-2022-21957 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Important 7.2 No No
CVE-2022-23273 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important 7.1 No No
CVE-2022-21997 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.1 No No
CVE-2022-22717 Windows Print Spooler Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-23269 Microsoft Dynamics GP Spoofing Vulnerability Important 6.9 No No
CVE-2022-23271 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important 6.5 No No
CVE-2022-23262 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 6.3 No No
CVE-2022-23255 Microsoft OneDrive for Android Security Feature Bypass Vulnerability Important 5.9 No No
CVE-2022-22712 Windows Hyper-V Denial of Service Vulnerability Important 5.6 No No
CVE-2022-22716 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-23252 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-22710 Windows Common Log File System Driver Denial of Service Vulnerability Important 5.5 No No
CVE-2022-21998 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21985 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-22002 Windows User Account Profile Picture Denial of Service Vulnerability Important 5.5 No No
CVE-2022-23280 Microsoft Outlook for Mac Security Feature Bypass Vulnerability Important 5.3 No No
CVE-2022-23261 Microsoft Edge (Chromium-based) Tampering Vulnerability Moderate 5.3 No No
CVE-2022-23254 Microsoft Power BI Elevation of Privilege Vulnerability Important 4.9 No No
CVE-2022-21968 Microsoft SharePoint Server Security Feature Bypass Vulnerability Important 4.3 No No
|||

Watch the Webcast: January Patch Tuesday 2022

By News, Patch Tuesday, VideoNo Comments

Watch the Webcast: January Patch Tuesday 2022

Watch this week's webcast to hear IT industry experts discuss strategies for tackling Microsoft's January Patch Tuesday updates.

Watch the January Patch Tuesday 2022 Webcast

New year, new Patch Tuesday — start 2022 ahead of the latest threats and vulnerabilities.

Industry experts discuss each of this month’s bulletins and show you strategies for tackling the most important updates.

Our team of IT management experts has deployed over 100 million patches. Sign up for our free webinar to receive the top patch strategies of the month.

View the Webcast

What You Need to Know: January Patch Tuesday 2022

||

January Patch Tuesday 2022 Fixes 96 Critical Issues

By News, Patch Management, Patch TuesdayNo Comments

January Patch Tuesday 2022 Fixes 96 Critical Issues

With 96 new bugs, Microsoft is kicking off the first Patch Tuesday of 2022 with a bang. There are 8 Critical and 88 Important fixes.

Microsoft Patch Tuesday Released with 96 Fixes

There are 8 Critical (one more than last month) and 88 Important fixes in this release. Updates were included for Microsoft Windows and Windows Components, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop. 

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month. Next month you need to renew for a third ESU if you are still using Windows 7 or 2008 R2.

The first Patch Tuesday of the year has arrived with a bang, and just in time for many of our customers who are ending their change freeze following the New Year holidays.  We do not have any confirmed Weaponized threats to deal with this month so far, however we do have 6 confirmed Public Aware threats which could be weaponized at any minute.”

Syxsense Recommendations

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as possible.

Top January 2022 Patches and Vulnerabilities

1. CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability

The vulnerability exists due to a boundary error within the HTTP Trailer Support feature in HTTP Protocol Stack (http.sys). A remote attacker can send a specially crafted HTTP request to the web server, trigger a buffer overflow and execute arbitrary code on the system. Microsoft recommends prioritizing the patching of affected devices because it is suspected to be wormable.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2022-21849: Windows IKE Extension Remote Code Execution Vulnerability

The vulnerability exists due to insufficient validation of user-supplied input Windows IKE Extension. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack. In an environment where Internet Key Exchange (IKE) version 2 is enabled, a remote attacker could trigger multiple vulnerabilities without being authenticated.

Syxscore

  • Vendor Severity: Important
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

3. CVE-2022-21912: DirectX Graphics Kernel Remote Code Execution Vulnerability

The vulnerability allows a local user to execute arbitrary code on the target system, and successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The authenticated attacker could take advantage of a vulnerability in dxgkrnl.sys to execute an arbitrary pointer dereference in kernel mode. What makes this even worse is an attacker with non-admin credentials can potentially carry out an exploit using this vulnerability.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 7.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month; please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Countermeasure Highest Priority
CVE-2022-21907 HTTP Protocol Stack Remote Code Execution Vulnerability Critical 9.8 No No Yes Yes
CVE-2022-21849 Windows IKE Extension Remote Code Execution Vulnerability Important 9.8 No No No Yes
CVE-2022-21846 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9 No No No Yes
CVE-2022-21855 Microsoft Exchange Server Remote Code Execution Vulnerability Important 9 No No No Yes
CVE-2022-21969 Microsoft Exchange Server Remote Code Execution Vulnerability Important 9 No No No Yes
CVE-2022-21901 Windows Hyper-V Elevation of Privilege Vulnerability Important 9 No No No Yes
CVE-2022-21857 Active Directory Domain Services Elevation of Privilege Vulnerability Critical 8.8 No No No Yes
CVE-2022-21840 Microsoft Office Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-21850 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21851 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21893 Remote Desktop Protocol Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21922 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21920 Windows Kerberos Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2022-21837 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.3 No No No Yes
CVE-2022-21912 DirectX Graphics Kernel Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-21898 DirectX Graphics Kernel Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-21917 HEVC Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-21833 Virtual Machine IDE Drive Elevation of Privilege Vulnerability Critical 7.8 No No No Yes
CVE-2022-21836 Windows Certificate Spoofing Vulnerability Important 7.8 No Yes No Yes
CVE-2022-21874 Windows Security Center API Remote Code Execution Vulnerability Important 7.8 No Yes No Yes
CVE-2022-21919 Windows User Profile Service Elevation of Privilege Vulnerability Important 7 No Yes No Yes
CVE-2022-21884 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21910 Microsoft Cluster Port Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21835 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21841 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21842 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21858 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21916 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21897 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21852 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21902 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21878 Windows Geolocation Service Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21908 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21888 Windows Modern Execution Server Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21885 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21914 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21895 Windows User Profile Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21891 Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability Important 7.6 No No No
CVE-2022-21932 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability Important 7.6 No No No
CVE-2022-21911 .NET Framework Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21904 Windows GDI Information Disclosure Vulnerability Important 7.5 No No No
CVE-2022-21880 Windows GDI+ Information Disclosure Vulnerability Important 7.5 No No No
CVE-2022-21843 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21883 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21848 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21889 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21890 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21839 Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability Important 6.1 No Yes No
CVE-2022-21869 Clipboard User Service Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21865 Connected Devices Platform Service Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21871 Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21870 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21861 Task Flow Data Engine Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21873 Tile Data Repository Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21882 Win32k Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21887 Win32k Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21859 Windows Accounts Control Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21860 Windows App Contracts API Server Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21862 Windows Application Model Core API Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21868 Windows Devices Human Interface Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21896 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21872 Windows Event Tracing Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21903 Windows GDI Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21881 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21867 Windows Push Notifications Apps Elevation Of Privilege Vulnerability Important 7 No No
CVE-2022-21863 Windows State Repository API Server file Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21875 Windows Storage Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21866 Windows System Launcher Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21864 Windows UI Immersive Server API Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21834 Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21892 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21958 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21959 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21960 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21961 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21962 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21918 DirectX Graphics Kernel File Denial of Service Vulnerability Important 6.5 No No
CVE-2022-21915 Windows GDI+ Information Disclosure Vulnerability Important 6.5 No No
CVE-2022-21847 Windows Hyper-V Denial of Service Vulnerability Important 6.5 No No
CVE-2022-21963 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.4 No No
CVE-2022-21928 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.3 No No
CVE-2022-21970 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 6.1 No No
CVE-2022-21964 Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21877 Storage Spaces Controller Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21876 Win32k Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21838 Windows Clean up Manager Elevation of Privilege Vulnerability Important 5.5 No No
CVE-2022-21906 Windows Defender Application Control Security Feature Bypass Vulnerability Important 5.5 No No
CVE-2022-21899 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Important 5.5 No No
CVE-2022-21879 Windows Kernel Elevation of Privilege Vulnerability Important 5.5 No No
CVE-2022-21913 Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass Important 5.3 No No
CVE-2022-21925 Windows Backup Key Remote Protocol Security Feature Bypass Vulnerability Important 5.3 No No
CVE-2022-21924 Workstation Service Remote Protocol Security Feature Bypass Vulnerability Important 5.3 No No
CVE-2022-21900 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.6 No No
CVE-2022-21905 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.6 No No
CVE-2022-21894 Secure Boot Security Feature Bypass Vulnerability Important 4.4 No No
CVE-2022-21921 Windows Defender Credential Guard Security Feature Bypass Vulnerability Important 4.4 No No

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Watch the Webcast: December Patch Tuesday 2021

By Patch Management, Patch TuesdayNo Comments

Watch the Webcast: December Patch Tuesday

Watch this week's webcast to hear IT industry experts discuss strategies for tackling Microsoft's December Patch Tuesday updates.

December Patch Tuesday 2021

What’s your December patch strategy?

Our webcast will show you how to prioritize the latest updates for this month’s Microsoft Patch Tuesday. We’ll do a deep dive into each of the bulletins and show you how to navigate the risks of newly-identified vulnerabilities.

Our team of IT management experts have deployed over 100 million patches. Watch our free webinar to get industry-leading patch management strategies delivered right to your desk.

View the Webcast

What You Need to Know: December Patch Tuesday

||

December Patch Tuesday 2021 Resolves 67 Vulnerabilities

By News, Patch Management, Patch TuesdayNo Comments

December Patch Tuesday 2021 Fixes 67 Vulnerabilities

December Patch Tuesday has arrived with 67 security gaps remediated, including one critical weaponized threat.

December Patch Tuesday Arrives with 67 Fixes

There are 7 Critical (one more than last month) and 60 Important fixes in this release.  Updates were included for Microsoft Windows and Windows Components, ASP.NET Core and Visual Studio, Azure Bot Framework SDK, Internet Storage Name Service, Defender for IoT, Edge (Chromium-based), Microsoft Office and Office Components, SharePoint Server, PowerShell, Remote Desktop Client, Windows Hyper-V, Windows Mobile Device Management and Windows Remote Access.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month. We are really close to the need to review for a third and final year of ESU if you are still using Windows 7 or 2008.

Robert Brown, Head of Customer Success for Syxsense said,“There are many extremely high risk vulnerabilities this month, with one being weaponized. Six other vulnerabilities are Publicly Aware meaning the exact method to exploit is public knowledge, and with some of these being recognized by Microsoft as Exploit More Likely, this is not what our customers wants to hear going into the end of year and Holiday Season.”

 

Top December Patches and Vulnerabilities

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below.  As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as possible.

1. CVE-2021-43890: Windows AppX Installer Spoofing Vulnerability

It has been linked to attacks associated with the Emotet/TrickBot/Bazaloader family. The vulnerability exists due to incorrect permissions in the windows installer service.  A local user can run a specially-crafted program to execute arbitrary code with SYSTEM privileges.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 7.1
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: Yes

 Syxscore Risk

    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges: Low
    • User Interaction: Required
    • Scope (Jump Point): No

2. CVE-2021-43905: Microsoft Office App Remote Code Execution Vulnerability

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. A remote attacker can send a specially-crafted request and execute arbitrary code on the target system because of an improper input validation in Microsoft Office app.

Microsoft have suggested this vulnerability is Exploitation More Likely and with the threat of a Jump Point, this vulnerability can be used to hop into the OS and jump into another technology. This is an extremely serious vulnerability to resolve.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.6
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Yes

3. CVE-2021-43217: Windows Encrypting File System (EFS) Remote Code Execution Vulnerability

The vulnerability exists due to a boundary error when processing untrusted input in Windows Encrypting File System (EFS). The Encrypted File System, or EFS, provides an additional level of security for files and directories. It provides cryptographic protection of individual files on NTFS file system volumes using a public-key system. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 8.1
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month; please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Reference Description Vendor Severity CVSS Score Weaponized Public Aware Countermeasure Highest Priority
CVE-2021-43890 Windows AppX Installer Spoofing Vulnerability Important 7.1 Yes Yes Yes Yes
CVE-2021-43240 NTFS Set Short Name Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-41333 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-43893 Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability Important 7.5 No Yes No Yes
CVE-2021-43883 Windows Installer Elevation of Privilege Vulnerability Important 7.1 No Yes No Yes
CVE-2021-43880 Windows Mobile Device Management Elevation of Privilege Vulnerability Important 5.5 No Yes No Yes
CVE-2021-43215 iSNS Server Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-43899 Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-43907 Visual Studio Code WSL Extension Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-43905 Microsoft Office app Remote Code Execution Vulnerability Critical 9.6 No No No Yes
CVE-2021-43882 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 9 No No No Yes
CVE-2021-41365 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42311 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42313 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42314 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42315 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42309 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42310 Microsoft Defender for IoT Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2021-43217 Windows Encrypting File System (EFS) Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2021-42320 Microsoft SharePoint Server Spoofing Vulnerability Important 8 No No No Yes
CVE-2021-43233 Remote Desktop Client Remote Code Execution Vulnerability Critical 7 No No No Yes
CVE-2021-43877 ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-40452 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-40453 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-41360 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-42312 Microsoft Defender for IOT Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43256 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-43875 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-43891 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-43214 Web Media Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-43207 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43226 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43248 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43245 Windows Digital TV Tuner Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43232 Windows Event Tracing Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-43234 Windows Fax Service Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-40441 Windows Media Center Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43229 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43230 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43231 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43223 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43238 Windows Remote Access Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43237 Windows Setup Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43247 Windows TCP/IP Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43242 Microsoft SharePoint Server Spoofing Vulnerability Important 7.6 No No No
CVE-2021-43225 Bot Framework SDK Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2021-43888 Microsoft Defender for IoT Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-43222 Microsoft Message Queuing Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-43236 Microsoft Message Queuing Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-43228 Sym Crypt Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-43219 DirectX Graphics Kernel File Denial of Service Vulnerability Important 7.4 No No No
CVE-2021-43889 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2021-42294 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2021-43892 Microsoft BizTalk ESB Toolkit Spoofing Vulnerability Important 7.1 No No No
CVE-2021-43239 Windows Recovery Environment Agent Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2021-42293 Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2021-43216 Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-43244 Windows Kernel Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-43246 Windows Hyper-V Denial of Service Vulnerability Important 5.6 No No No
CVE-2021-43255 Microsoft Office Trust Center Spoofing Vulnerability Important 5.5 No No No
CVE-2021-43896 Microsoft PowerShell Spoofing Vulnerability Important 5.5 No No No
CVE-2021-43227 Storage Spaces Controller Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-43235 Storage Spaces Controller Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-42295 Visual Basic for Applications Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-43243 VP9 Video Extensions Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-43224 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-43908 Visual Studio Code Spoofing Vulnerability Important N/A No
|

Watch the Webcast: November Patch Tuesday 2021

By Patch Tuesday, VideoNo Comments

Watch the Webcast: November Patch Tuesday 2021

Watch this week's webcast to hear IT industry experts discuss strategies for tackling Microsoft's Patch Tuesday updates.

Watch the November Patch Tuesday 2021 Webcast

Watch our webcast to hear industry experts discuss each of this month’s bulletins and show you strategies for tackling the most important updates.

Our team of IT management experts has deployed over 100 million patches. Sign up for our free webinar to receive the top patch strategies of the month.

View the Webcast

What You Need to Know: November Patch Tuesday 2021