Skip to main content
Tag

cisa

||

Government Orders Agencies to Patch Zerologon Vulnerability Immediately

By Blog, NewsNo Comments

Government Orders Agencies to Patch Zerologon Vulnerability Immediately

The Department of Homeland Security's cybersecurity division has declared an emergency directive for patching the Zerologon vulnerability.

[vc_empty_space]
[vc_single_image image=”107454″ img_size=”full”]

Homeland Security Issues Emergency Alert for Zerologon

The Department of Homeland Security’s cybersecurity division (CISA) has ordered federal civilian agencies to install a security patch for Windows Servers by Monday, citing “unacceptable risk” posed by the vulnerability to federal networks.

Declared via an emergency directive, the DHS order was issued via a rarely-used legal mechanism through which US government officials can force federal agencies into taking various actions.

The Zerologon vulnerability allows attackers that have a grasp on an internal network to hijack Windows Servers running as domain controllers and take over the entire network. It has been independently ranked with a CVSS score of 10.0, which is the highest possible rating. Deployment of this patch is essential.

Why the Zerologon Needs to Be Patched Immediately

Microsoft included fixes for the Zerologon vulnerability in the August Patch Tuesday update. Most IT professionals did not know how bad the bug really was until seeing a recent report from Secura and the weaponized proof-of-concepts that went public shortly afterward.

The widespread use of Windows Servers as domain controllers in US government networks, the 10 out of 10 severity rating for Zerologon, and the danger of a successful attack is what determined DHS officials to issue a rare emergency directive late Friday afternoon.

“CISA [Cybersecurity and Infrastructure Security Agency] has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action,” DHS CISA said in Emergency Directive 20-04.

The short deadline for applying security updates is primarily due to the ease of exploitation and severe consequences of a successful Zerologon attack. Although the directive applies to executive branch departments and agencies, the CISA also “strongly recommends” that the private sector take immediate action as well.

How to Patch Zerologon

We recommend deploying this update as soon as possible. Customers of Syxsense can easily patch the vulnerability by simply searching for CVE-2020-1472 within Patch Manager. Syxsense Manage and Syxsense Secure can easily deploy updates across your environment for Windows, Linux, and Mac devices. Automatically stay up-to-date and keep your environment secure with a simple and powerful solution.

[vc_single_image image=”38151″ img_size=”full” alignment=”center” onclick=”custom_link” css_animation=”fadeIn” link=”https://www.syxsense.com/start-a-free-trial-of-syxsense”]
[vc_separator]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1590698033746{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Google Chrome Zero-Day Vulnerability Under Attack

By Patch ManagementNo Comments

Google Chrome Zero-Day Vulnerability Under Attack

Google has patched a Chrome browser zero-day bug being actively exploited in the wild. The vulnerability affects installations of Chrome running on Windows, Linux, and macOS.

[vc_empty_space]
[vc_single_image image=”37070″ img_size=”full”]

Chrome Under Active Attack

Google has patched a Chrome web browser zero-day bug being actively exploited in the wild. The vulnerability affects installations of Chrome running on Windows, Linux, and macOS.

The zero-day vulnerability, tracked as CVE-2020-6418, has been described as a type confusion issue affecting the V8 open source JavaScript engine used by the browser. Google has credited Clement Lecigne of its Threat Analysis Group for reporting the vulnerability. Lecigne has discovered various vulnerabilities within the past year within Chrome, as well as Internet Explorer.

Government Says Update Chrome

The Cybersecurity and Infrastructure Security Agency (CISA) also posted a bulletin encouraging users and administrators to review the Chrome Release and “apply the necessary updates.”

Technical details of the vulnerability are being withheld pending patch deployment to a majority of affected versions of the browser, according to Google. Memory corruption vulnerabilities typically occur when memory is altered without explicit data assignments triggering function errors, which in turn enable an attacker to execute arbitrary code on targeted devices.

Google Warns of More Vulnerabilities

Google has also warned users of two additional high-severity vulnerabilities. The first (CVE-2020-6407) is an out-of-bounds memory access in streams flaw and the other (CVE unassigned) is a flaw tied to an integer overflow in ICU, a flaw commonly associated with triggering a denial of service and possibly to code execution.

This is actually the third Chrome zero-day to have been exploited in the wild just this past year. Google patched the first Chrome zero-day in March of 2019 (CVE-2019-5786) and then a second in November of 2019 (CVE-2019-13720).

Patches for this zero-day have been released part of Chrome version 80.0.3987.122.

How to Manage Chrome Vulnerabilities

Leveraging a simple and powerful solution with an up-to-date library of third-party products could easily alleviate the issue across organizations. Syxsense provides Chrome updates same-day and allows for an exceptionally smooth process with a Patch Deploy task.

Simply target all devices for the newest update and the pre-packaged detection will determine if devices do/do not require the update. If they require it, the update will be automatically applied and the vulnerability remediated.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Major Vulnerability Discovered in KACE

By Blog, Patch ManagementNo Comments

Major Vulnerability Discovered in KACE

The CISA has recently published an advisory regarding an administrator interface vulnerability for the Quest KACE Systems Management Appliance.
[vc_empty_space]
[vc_single_image image=”32013″ img_size=”full” alignment=”center”]

The Cybersecurity and Infrastructure Security Agency has recently published an advisory regarding an administrator interface vulnerability for the Quest KACE Systems Management Appliance (ICS Advisory 19-183-02)

Affecting the KACE SMA (Systems Management Appliance) versions 8.0, 8.1, and 9.0, the vulnerability allows “unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface”, says the agency. Quest has already recommended that all users upgrade to the latest Version 9.1 or newer, so at this time, anyone remaining on the older versions will not be supported and will also remain open to the vulnerability.

This isn’t the first time that the KACE SMA has been recognized as insecure. Just last year, researcher Kapil Khot discovered several blind SQL injection flaws, tracked as CVE-2018-0504, that allow a remote but authenticated attacker with “User Console Only” privileges to obtain data from the application’s database, including sensitive information.

“Script execution could allow a malicious user of the system to steal session cookies of other users including Administrator and take over their session. This can further be exploited to launch other attacks,” CERT/CC (CERT Coordination Center at Carnegie Mellon University) said in its advisory. “The software also does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.”

Experience a Better Approach to Systems Management

Use Syxsense to detect and then remediate critical updates. While you could run a comprehensive scan of all devices on a network, you can also run a targeted scan seeking a specific software. Easily see which devices are running which version of an application that might be at risk.

From there, it’s simple to set up a task that targets every device that need the update.

[ultimate_video video_type=”vimeo_video” vimeo_video_url=”https://vimeo.com/299967989″ vimeo_autoplay=”” vimeo_loop=”” vimeo_intro_title=”” vimeo_intro_portrait=”” vimeo_intro_byline=”” thumbnail=”custom” custom_thumb=”id^26255|url^https://www.syxsense.com/wp-content/uploads/2019/01/CMS-Level-Video.jpg|caption^null|alt^null|title^CMS-Level-Video|description^null” play_source=”icon” play_icon=”far fa-play-circle” play_size=”0″ icon_color=”rgba(255,255,255,0.01)”]
[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:%2Fsyxsense-trial|||”]