Skip to main content
Tag

December patch Tuesday

||

December Patch Tuesday: Disclosed & Exploited

By News, Patch Management, Patch TuesdayNo Comments

Patch Tuesday Release: The Latest News

Microsoft has released half the updates they released last month: 39 security patches total.

Thee cover Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office.  9 of these are listed as Critical with the remaining 30 as Important.

Adobe Fixes Many Vulnerabilities

Adobe on the other have released almost 90 updates today, and all are marked Important for Adobe Acrobat and Reader. To our knowledge none of the updates released today are being exposed in the wild, but we would recommend you implement these as part of your third-party patching strategy.

Several Vulnerabilities Require Your Attention: Turn Off Windows Update

CVE-2018-8611 and CVE-2018-8517 are two important updates you need to prioritize this month. Not because they have the highest severity, but because these are publicly disclosed and actively being exploited.

CVE-2018-8611 is an update being exposed by malware which is exposing networks all over the world. Robert Brown, Director of Services for Verismic said, “Just this week we have learned one of Italy’s oil and gas exploration giants have suffered a relentless cyber-attack causing server infrastructure to go offline. Often it’s these companies who think by leaving Windows Update in its default mode are protecting their environment from zero day attacks and sophisticated espionage.”

The Best Patch Strategy

We recommend our Syxsense clients take a safe and calculated approach to managing their security. Turn off the default Windows patching mode and implementing a fully rigorous, selective but fully secure patching strategy.

Patch Tuesday Release

CVE ID Description Severity Public Exploited Recommended
CVE-2018-8611 Windows Kernel Elevation of Privilege Vulnerability Important No Yes Yes
CVE-2018-8517 .NET Framework Denial Of Service Vulnerability Important Yes No Yes
CVE-2018-8540 .NET Framework Remote Code Injection Vulnerability Critical No No Yes
CVE-2018-8583 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8617 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8618 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8624 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8626 Windows DNS Server Heap Overflow Vulnerability Critical No No Yes
CVE-2018-8629 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8631 Internet Explorer Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8634 Microsoft Text-To-Speech Remote Code Execution Vulnerability Critical No No Yes
CVE-2018-8477 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2018-8514 Remote Procedure Call runtime Information Disclosure Vulnerability Important No No
CVE-2018-8580 Microsoft SharePoint Information Disclosure Vulnerability Important No No
CVE-2018-8587 Microsoft Outlook Remote Code Execution Vulnerability Important No No
CVE-2018-8595 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2018-8596 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2018-8597 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2018-8598 Microsoft Excel Information Disclosure Vulnerability Important No No
CVE-2018-8599 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important No No
CVE-2018-8604 Microsoft Exchange Server Tampering Vulnerability Important No No
CVE-2018-8612 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important No No
CVE-2018-8619 Internet Explorer Remote Code Execution Vulnerability Important No No
CVE-2018-8621 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2018-8622 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2018-8625 Windows VBScript Engine Remote Code Execution Vulnerability Important No No
CVE-2018-8627 Microsoft Excel Information Disclosure Vulnerability Important No No
CVE-2018-8628 Microsoft PowerPoint Remote Code Execution Vulnerability Important No No
CVE-2018-8635 Microsoft SharePoint Server Elevation of Privilege Vulnerability Important No No
CVE-2018-8636 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2018-8637 Win32k Information Disclosure Vulnerability Important No No
CVE-2018-8638 DirectX Information Disclosure Vulnerability Important No No
CVE-2018-8639 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2018-8641 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2018-8643 Scripting Engine Memory Corruption Vulnerability Important No No
CVE-2018-8649 Windows Denial of Service Vulnerability Important No No
CVE-2018-8650 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2018-8651 Microsoft Dynamics NAV Cross Site Scripting Vulnerability Important No No
CVE-2018-8652 Windows Azure Pack Cross Site Scripting Vulnerability Important No No
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||

Prepare for Patch Tuesday!

By News, Patch Management, Patch TuesdayNo Comments

Do you have a patching strategy? It should include turning off Automatic Windows update.

Patch Tuesday is here. To avoid the usual splitting headache, we recommend disabling automatic updates for Windows and implementing a reliable patch strategy.

Windows 10 updates whether you want it to or not…unless you know the trick. While we recommend that you always keep your systems patched, sometimes the updates are worse than the vulnerability, like the July Patch Tuesday this year.

Win10

If you have a Professional, Enterprise, or Education edition of Windows 10, you can turn off automatic updates, but the option is hidden. You need to pull yourself out of beta testing and then delay new versions by setting the “feature update” deferral to 120 days or more. Here’s what to do in version 1703, if you have a later version of Windows 10 these settings still apply, but the wording is slightly different.

  • Press Win-R, type gpedit.msc, press Enter. This brings up the Local Group Policy Editor.
  • Navigate the left pane as if it were File Explorer to
  • Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Updates.
  • Choose Select when Feature Updates are received.
  • In the resulting dialog box, select Enabled.
  • In the Options box, type in how many days you’d like to pause updates and then in the next field type in today’s date.
  • Click Apply and then OK.

If you want to you can repeat this process for the second setting in Group Policy named Select when Quality Updates are received. Keep in mind, however, that quality updates include security updates and skipping them is not the best idea. On the upside, security updates are cumulative meaning if you do skip these updates, you can download the next one and be up to date.

Win7 and 8

  • Log in to the Windows 7 or Windows 8 guest operating system as an administrator.
  • Click Start > Control Panel > System and Security > Turn automatic updating on or off.
  • In the Important updates menu, select Never check for updates.
  • Deselect Give me recommended updates the same way I receive important updates.
  • Deselect Allow all users to install updates on this computer and click OK.

Patch Strategy

Your IT update solution should facilitate phased rollouts and have full rollback options. These are the necessary keys to avoiding data loss or device outages.

Step 1. Identify

You can’t manage your environment if you don’t know what devices are there and which need updates. An IT solution should also be able to manage roaming devices.

Plus, if data is stale, it could mean missing a device or update that was critical to secure. Detect the state of your environment with live, accurate, and actionable data.

Step 2. Test Group Deployment

Deploy the updates to a small group of devices. These devices should be of low impact to the overall productivity of your company. Once these devices have been successfully and safely updated, you can deploy needed updates without worrying about a massive disaster.

Step 3. Phased Rollout

Now updates should be distributed to any device that needs them. However, you want this task to preform around business hours. Updates are important, but so is avoiding interruptions of productivity. A maintenance window should be set up so that any update tasks happen before and after business hours.

And to facilitate a proper patching strategy, look to a comprehensive IT solution.

Syxsense

This is the solution for all of your patching needs. Syxsense can deploy updates to Windows, Mac, and Linux devices. It is a complete patching solution that can manage devices both in your network, but also roaming and out of the office.

Software Update Service

We understand that while updating software is the #1 way to protect your environment, it’s low on your priority list. As an IT department, you have other pressing tasks that you need your attention.

With our Software Update Service, you can move forward while we keep your devices up to date.

Our expert patch management team provides reliable support with detection and remediation for Windows and third-party software updates. We work closely with you to provide safe and efficient endpoint security with your own systems management tool or ours, Syxsense.

Our team will keep your IT systems reliable with endpoints updated and secure.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo