Skip to main content
Category

Patch Tuesday

Microsoft Patch Tuesday Update | March 2023

By Patch Tuesday, Video, WebinarsNo Comments

Watch March’s Microsoft Patch Tuesday Forecast On Demand

Join us as we dive into this month’s bulletins and show you strategies for tackling the latest and most important Patch Tuesday updates.  Our IT industry expert Rob Brown, Syxsense’s Chief Customer Success Officer, will be covering all of the latest updates live. Rob’s team of IT management experts has deployed over 100 million patches — be sure to register so you don’t miss out on the top patch strategies of the month!

Hosted by Rob Brown

During his 17 years at Syxsense, Rob’s role has evolved from onsite technical consultant through providing solutions around Patch Management, Vulnerability Management and Security Best Practices. His team have deployed over 100M patches to our global customers over the last decade.

February 2023 3rd Party Roundup Webinar

By Patch Tuesday, Video, WebinarsNo Comments

In this webinar, we have our industry expert, Jon Cassel here to give us an inside look at the newest third-party patch releases. Syxsense is the leading provider of innovative, intuitive technology that sees all and knows everything about every endpoint, in every location, everywhere inside and outside the network, as well as in the cloud. It combines the power of artificial intelligence with industry expertise to manage and secure endpoints by stopping threats before they occur and neutralizing threats when they happen.

The Syxsense Endpoint Security Cloud always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm.

Watch the Webinar

Microsoft Patch Tuesday Forecast | February 2023

By Patch Tuesday, Video, WebinarsNo Comments

Watch February’s Microsoft Patch Tuesday Forecast On Demand

Watch the Replay

Join us as we dive into this month’s bulletins and show you strategies for tackling the latest and most important Patch Tuesday updates.  Our IT industry expert Rob Brown, Syxsense’s Chief Customer Success Officer, will be covering all of the latest updates live. Rob’s team of IT management experts has deployed over 100 million patches — be sure to register so you don’t miss out on the top patch strategies of the month!

Hosted by Rob Brown

During his 17 years at Syxsense, Rob’s role has evolved from onsite technical consultant through providing solutions around Patch Management, Vulnerability Management and Security Best Practices. His team have deployed over 100M patches to our global customers over the last decade.

January Patch Tuesday Updates | 2023

By Patch Tuesday, Video, WebinarsNo Comments

Watch February’s Microsoft Patch Tuesday Forecast On Demand

Watch the Replay

Join us as we dive into this month’s bulletins and show you strategies for tackling the latest and most important Patch Tuesday updates.  Our IT industry expert Rob Brown, Syxsense’s Chief Customer Success Officer, will be covering all of the latest updates live. Rob’s team of IT management experts has deployed over 100 million patches — be sure to register so you don’t miss out on the top patch strategies of the month!

Hosted by Rob Brown

During his 17 years at Syxsense, Rob’s role has evolved from onsite technical consultant through providing solutions around Patch Management, Vulnerability Management and Security Best Practices. His team have deployed over 100M patches to our global customers over the last decade.

January 2023 3rd Party Roundup Webinar

By Patch Tuesday, Video, WebinarsNo Comments

In this video, we have our industry expert, Jon Cassel here to give us an inside look at the newest third-party patch releases. And with that, Jon Cassel. Syxsense is the leading provider of innovative, intuitive technology that sees all and knows everything about every endpoint, in every location, everywhere inside and outside the network, as well as in the cloud. It combines the power of artificial intelligence with industry expertise to manage and secure endpoints by stopping threats before they occur and neutralizing threats when they happen.

The Syxsense Endpoint Security Cloud always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm.

Watch the Webinar

December Patch Tuesday Update 2022

By Patch Management, Patch Tuesday, WebinarsNo Comments

Watch our December Patch Tuesday 2022 webcast for all the details on the most important vulnerabilities of the month.

Microsoft releases 98 fixes this month including 11 Critical, one Public Aware and one Weaponised Threat

There are 11 Rated Critical and 87 are rated Important. Microsoft Windows, Office, NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows Defender, Windows Print Spooler Components and Microsoft Exchange Server have all received fixes this month.

Robert Brown, Head of Customer Success for Syxsense said, “We are starting the year with almost 100 bugs being fixed. Last month in December there were no Preview updates available, which means Microsoft would not have had the same level of testing they would usually would have liked, so we recommend taking the first deployment of this year as carefully as possible — additional internal testing should be conducted to ensure your end users do not suffer. You will also notice 14 (fourteen) 3D Builder Remote Code Execution Vulnerability fixes have been added to the release notes; however, Microsoft has yet to release the fixes for them so keep an eye on these, as they could indicate problems with testing.”

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.

CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

This vulnerability has a large coverage of the Microsoft operating system estate from Windows 8.1 to Windows 11 on workstations and Windows 2012 R2 to 2022 20H2 on servers. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges. Combined with both being actively exploited and having a Jump Point, this should be your number 1 priority.

Note: The vulnerability is Weaponised and has a Jump Point

Syxscore
Vendor Severity: Important
CVSS: 8.8
Weaponised: Yes
Public Aware: No
Countermeasure: No

Syxscore Risk
Attack Vector: Network
Attack Complexity: Low
Privileges: None
User Interaction: Required
Scope (Jump Point): Changed / Yes

CVE-2023-21549 Windows SMB Witness Service Elevation of Privilege Vulnerability

Although Microsoft states this vulnerability is less likely to be used in an attack, the exact steps to follow to exploit this vulnerability can be found on the internet. If that could happen, an attacker could execute RPC functions that are restricted to privileged accounts only hence the CVSS score of 8.8.

Note: The vulnerability is Public Aware

Syxscore
Vendor Severity: Important
CVSS: 8.8
Weaponised: No
Public Aware: Yes
Countermeasure: No

Syxscore Risk
Attack Vector: Network
Attack Complexity: Low
Privileges: Low
User Interaction: None
Scope (Jump Point): Unchanged / No

CVE-2023-21561 Microsoft Cryptographic Services Elevation of Privilege Vulnerability

A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM. The AppContainer environment is considered a defensible security boundary therefore any process that can bypass the boundary is considered a change in Scope (what we call a Jump Point). The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

Note: The vulnerability has a Jump Point

Syxscore
Vendor Severity: Critical
CVSS: 8.8
Weaponised: No
Public Aware: No
Countermeasure: No

Syxscore Risk
Attack Vector: Local
Attack Complexity: Low
Privileges: Low
User Interaction: None
Scope (Jump Point): Changed / Yes

Syxsense Cortex Workflows are being set up to remediate all of January’s patches with the click of a button.

If you would like to see how Syxsense can help you automate your patch remediation process, click to schedule a customized demo.

Microsoft’s January Patch Tuesday Fixes

Reference Description Vendor Severity CVSS Score Publicly Aware Weaponised Countermeasure Additional Information
CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Important 8.8 No Yes No Scope = Changed / Jump Point = True
A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
CVE-2023-21549 Windows Workstation Service Elevation of Privilege Vulnerability Important 8.8 Yes No No An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only.
CVE-2023-21561 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical 8.8 No No No Scope = Changed / Jump Point = True
CVE-2023-21732 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2023-21744 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No In a network-based attack an attacker would need to have the privileges to create a page on a vulnerable SharePoint server. By creating a site using specific code, the attacker could execute code remotely on the target server.
CVE-2023-21742 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No In a network-based attack, an authenticated attacker as at least a Site Member could execute code remotely on the SharePoint Server.
CVE-2023-21681 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2023-21676 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2023-21543 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21546 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21555 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21556 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21679 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21535 Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21548 Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21762 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No No This vulnerability’s attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment.
CVE-2023-21745 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No No
CVE-2023-21551 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Identified by Microsoft Offensive Research and Security Engineering (MORSE).
CVE-2023-21730 Windows Cryptographic Services Remote Code Execution Vulnerability Critical 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21780 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21781 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21782 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21784 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21786 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21791 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21793 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21783 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21785 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21787 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21788 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21789 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21790 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21792 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21724 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21764 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21763 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21537 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21734 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21735 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21736 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21737 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21768 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21726 Windows Credential Manager User Interface Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21558 Windows Error Reporting Service Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.
CVE-2023-21552 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Exploitation More Likely
CVE-2023-21755 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21754 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21747 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21748 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21749 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21772 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21773 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21774 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21675 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21524 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21746 Windows NTLM Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21767 Windows Overlay Filter Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21765 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21678 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21541 Windows Task Scheduler Elevation of Privilege Vulnerability Important 7.8 No No No Exploitation More Likely
CVE-2023-21680 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21538 .NET Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21547 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21761 Microsoft Exchange Server Information Disclosure Vulnerability Important 7.5 No No No
CVE-2023-21539 Windows Authentication Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2023-21683 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21677 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21758 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21527 Windows iSCSI Service Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21757 Windows Layer 2 Tunnelling Protocol (L2TP) Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21557 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21728 Windows Net logon Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21779 Visual Studio Code Remote Code Execution Vulnerability Important 7.3 No No No
CVE-2023-21741 Microsoft Office Visio Information Disclosure Vulnerability Important 7.1 No No No
CVE-2023-21738 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.1 No No No
CVE-2023-21752 Windows Backup Service Elevation of Privilege Vulnerability Important 7.1 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21750 Windows Kernel Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2023-21760 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.1 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21531 Azure Service Fabric Container Elevation of Privilege Vulnerability Important 7 No No No An attacker who successfully exploited this vulnerability could elevate their privileges and gain control over the Service Fabric cluster. This vulnerability does not allow the attacker to elevate privileges outside of the compromised cluster.
CVE-2023-21733 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2023-21739 Windows Bluetooth Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2023-21532 Windows GDI Elevation of Privilege Vulnerability Important 7 No No No Exploitation More Likely
CVE-2023-21542 Windows Installer Elevation of Privilege Vulnerability Important 7 No No No
CVE-2023-21771 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Important 7 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21563 BitLocker Security Feature Bypass Vulnerability Important 6.8 No No No A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.
CVE-2023-21560 Windows Boot Manager Security Feature Bypass Vulnerability Important 6.6 No No No A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.
CVE-2023-21725 Microsoft Windows Defender Elevation of Privilege Vulnerability Important 6.3 No No No
CVE-2023-21559 Windows Cryptographic Services Information Disclosure Vulnerability Important 6.2 No No No
CVE-2023-21753 Event Tracing for Windows Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21540 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21550 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21776 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21743 Microsoft SharePoint Server Security Feature Bypass Vulnerability Critical 5.3 No No No Exploitation More Likely
CVE-2023-21525 Windows Encrypting File System (EFS) Denial of Service Vulnerability Important 5.3 No No No
CVE-2023-21682 Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability Important 5.3 No No No
CVE-2023-21536 Event Tracing for Windows Information Disclosure Vulnerability Important 4.7 No No No
CVE-2023-21766 Windows Overlay Filter Information Disclosure Vulnerability Important 4.7 No No No
CVE-2023-21759 Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Important 3.3 No No No An attacker who successfully exploited this vulnerability could gain access to data related to FIDO keys managed on a vulnerable system.

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Start a Free Trial
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Patch Tuesday Webinar | November 2022

By Patch Tuesday, WebinarsNo Comments

Watch November’s Patch Tuesday Updates On Demand

Watch the Replay

Wednesday, November 9th at 8am PST/11am EST

Join us as we dive into this month’s bulletins and show you strategies for tackling the latest and most important Patch Tuesday updates.  Our IT industry expert Rob Brown, Syxsense’s Chief Customer Success Officer, will be covering all of the latest updates live. Rob’s team of IT management experts has deployed over 100 million patches — be sure to register so you don’t miss out on the top patch strategies of the month!

Hosted by Rob Brown

During his 17 years at Syxsense, Rob’s role has evolved from onsite technical consultant through providing solutions around Patch Management, Vulnerability Management and Security Best Practices. His team have deployed over 100M patches to our global customers over the last decade.

What You Need To Know: June Patch Tuesday 2022

By Patch Tuesday, WebinarsNo Comments

Syxsense Webcast

What You Need To Know: June Patch Tuesday 2022

Get the latest Microsoft updates for June Patch Tuesday 2022 where Rob Brown (top) our Chief Customer Officer and JC (bottom) our Senior Solutions Architect, discuss the most urgent patches and priorities for the month. Sign up to hear the most up-to-date patch insights.

What to Expect

Reduce Your Attack Surface

Security Scanning

Patching is only half the job. Find out how to stop brute force attacks.

Antivirus

Confirm antivirus is installed and running with updated definitions.

Quarantine

Quarantine and troubleshoot a device you suspect has been breached.

Patch Deployment

Check and deploy patches for any zero-day vulnerabilities.

Powerful Features

Experience the Benefits

Advanced Threat Detection

Scan for software vulnerabilities, security compliance violations, and open threat vectors with real-time response capabilities.

Comprehensive Patch Management

Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

100% Endpoint Visibility

Manage and secure all endpoints inside and outside your network with coverage for all major operating systems and IoT devices.

Get Started

Receive a Demo of Syxsense

July 2022 Patch Tuesday

What You Need To Know: July Patch Tuesday 2022

By Patch Tuesday, WebinarsNo Comments

Syxsense Webcast

Get the latest Microsoft updates for July’s Patch Tuesday 2022. Rob Brown (top video) our Chief Customer Officer and Jon Cassell (bottom video) our Senior Solutions Architect, discuss the most urgent patches and priorities for the month,  R/ob will cover Microsoft patches and Jon will cover your Third-Party patches.

Click Here for the write-up of all the patches.

 

If you would like Syxsense to help you Automate your Patch Remediation process please Schedule a customized demo and get your company set up on Syxsense Enterprise free for 14 days.

Workflows have been set up today to remediate all of July’s patches with a click of a button.

Powerful Features

Experience the Benefits

Advanced Threat Detection

Scan for software vulnerabilities, security compliance violations, and open threat vectors with real-time response capabilities.

Comprehensive Patch Management

Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

100% Endpoint Visibility

Manage and secure all endpoints inside and outside your network with coverage for all major operating systems and IoT devices.

Get Started

Receive a Demo of Syxsense

|

May Patch Tuesday 2022 Addresses 74 Critical Issues

By Patch Management, Patch TuesdayNo Comments

Watch our May Patch Tuesday 2022 webcast for all the details on the most important vulnerabilities of the month.

Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats

There are 7 Rated Critical and 66 are rated Important with the remaining 1 marked as Low.  Microsoft Windows and Windows Components, .NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office and Office Components, Windows Hyper-V, Windows Authentication Methods, BitLocker, Windows Cluster Shared Volume (CSV), Remote Desktop Client, Windows Network File System, NTFS, and Windows Point-to-Point Tunnelling Protocol have all been updated.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “One of the most serious characteristics of a vulnerability is the Scope; which we call the Jump Point.  It suggests that should a hacker expose a specific vulnerability, they would be able to jump from that specific technology and hop into another, which is exactly what they did with the Solar Winds hack.  In this release Microsoft is resolving 11 vulnerabilities which have an exposed Jump Point.”

Top May 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2022-26925: Windows LSA Spoofing Vulnerability

An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.  This security update detects anonymous connection attempts in LSARPC and disallows it.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.1
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-22713: Windows Hyper-V Denial of Service Vulnerability

Successful exploitation of this vulnerability requires an attacker to win a race condition.

Syxscore

  • Vendor Severity: Important
  • CVSS: 5.6
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

3. CVE-2022-26937: Windows Network File System Remote Code Execution Vulnerability

This bug could allow remote, unauthenticated attackers to execute code in the context of the Network File System (NFS) service on affected systems.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: Yes – This vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV2 and NFSV3.

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

Reference Description Vendor Severity CVSS Score Public Aware Weaponised Countermeasure Syxsense Recommended
CVE-2022-26925 Windows LSA Spoofing Vulnerability Important 8.1 Yes Yes No Yes
CVE-2022-29972 Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver Critical N/A Yes No No Yes
CVE-2022-22713 Windows Hyper-V Denial of Service Vulnerability Important 5.6 Yes No No Yes
CVE-2022-26937 Windows Network File System Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2022-22012 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No No Yes
CVE-2022-29130 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No Yes – This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. Yes
CVE-2022-26923 Active Directory Domain Services Elevation of Privilege Vulnerability Critical 8.8 No No Yes – A system is vulnerable only if Active Directory Certificate Services is running on the domain. Yes
CVE-2022-22017 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-29108 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-22019 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-30129 Visual Studio Code Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-26927 Windows Graphics Component Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29133 Windows Kernel Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2022-22013 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-22014 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29128 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29129 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29131 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29137 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29139 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29141 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21978 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2022-26932 Storage Spaces Direct Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2022-21972 Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2022-23270 Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2022-29109 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29110 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29105 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29148 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-26926 Windows Address Book Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29113 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-29115 Windows Fax Service Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29104 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-29132 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-29103 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-26931 Windows Kerberos Elevation of Privilege Vulnerability Critical 7.5 No No No
CVE-2022-23267 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-29117 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-29145 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-26913 Windows Authentication Security Feature Bypass Vulnerability Important 7.4 No No No
CVE-2022-26938 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-26939 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29126 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23279 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29135 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29150 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29151 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29138 Windows Clustered Shared Volume Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29106 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29142 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-22016 Windows Play To Manager Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29125 Windows Push Notifications Apps Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-26940 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29120 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29122 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29123 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29134 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-26934 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29112 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-22015 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-26936 Windows Server Service Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29121 Windows WLAN AutoConfig Service Denial of Service Vulnerability Important 6.5 No No No
CVE-2022-26935 Windows WLAN AutoConfig Service Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29107 Microsoft Office Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2022-29102 Windows Failover Cluster Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-22011 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-26933 Windows NTFS Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29114 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29140 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-26930 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29116 Windows Kernel Information Disclosure Vulnerability Important 4.7 No No No
CVE-2022-29127 BitLocker Security Feature Bypass Vulnerability Important 4.2 No No No
CVE-2022-24466 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.1 No No No
CVE-2022-30130 .NET Framework Denial of Service Vulnerability Low 3.3 No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Start a Free Trial
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo