Skip to main content
Tag

Feb Patch Tuesday updates

||||

February Patch Tuesday: Disable Windows Update

By News, Patch Management, Patch TuesdayOne Comment

February Patch Tuesday: Disable Windows Update

It's the second Tuesday of February, which means it's time for another round of Patch Tuesday security updates from Microsoft.

Microsoft has released almost 80 security patches today covering IE, Edge, Exchange, Windows, .NET Framework and Office. There are only 20 rated Critical, 54 rated Important, and 3 are rated Moderate in severity.

Four of the updates released CVE-2019-0636, CVE-2019-0686, CVE-2019-0646 and CVE-2019-0647 are marked as “Publicly Disclosed” meaning there is an increased risk of attack in the near future. Although they are marked Important, we would highly recommend these updates be prioritized this month.

Why should you disable Windows Update?

Many of our customers are concerned that updates released by Microsoft cause significant user disruption, and are simply unable to keep up with the constant fire fighting bad patches give an IT department.

The first reaction is not to patch. This places your environment and users’ identity at risk of exposure, and risk a total network breach. Leaving Windows Update enabled in its default setting downloads and installs all updates released by Microsoft on the same day they are released, leaving your IT department no time to test.

Our clients like the way Syxsense provides the control over when and where the scanning and deployment of updates takes place, providing much relieved stress to any IT department. Ask us how Maintenance Windows can help schedule any patch deployment over high dispersed environments.

Adobe Releases Over 70 Updates

Acrobat and Reader from version 2019.010.20069 and earlier for both Windows and Mac OS are affected. All updates carry a Priority Rating of 2 meaning there is an elevated risk of exploit although no active exploits are known to exist in the wild.

Robert Brown, Director of Services said, “Adobe use their Priority Rating to illustrate how quickly users should update their systems, in this case they recommend within 30 days. Users using Mac OS who usually update their systems manually can truly benefit from the remote patching capability of Syxsense which enables automation over a typical otherwise manual method.”

Of the 71 updates released today, 43 are rating Critical. If exploited, this would allow malicious native-code to execute, potentially without a user being aware.

Is it time to replace IE?

Over the past several months there is an increasing amount of “Actively Exploited” updates being fixed by Microsoft. CVE-2019-0676 is no exception, and as it involved Internet Explorer which is still highly used we would recommend this update be one of your top priorities.

If you wish to replace IE with another browser, Syxsense can deploy the software throughout your environment, and better still your new browser can be kept up date using the Patch Manager solution. Replace your IE browser before an exploit ruins your Valentine’s Day.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Patch Tuesday Release

CVE ID Patch Description Severity Publicly Disclosed Active Exploited Recommended
CVE-2019-0676 Internet Explorer Information Disclosure Vulnerability Important No Yes Yes
CVE-2019-0636 Windows Information Disclosure Vulnerability Important Yes No Yes
CVE-2019-0686 Microsoft Exchange Server Elevation of Privilege Vulnerability Important Yes No Yes
CVE-2019-0646 Team Foundation Server Cross-site Scripting Vulnerability Important Yes No Yes
CVE-2019-0647 Team Foundation Server Information Disclosure Vulnerability Important Yes No Yes
CVE-2019-0590 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0591 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0593 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0594 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0604 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0605 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0606 Internet Explorer Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0607 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0618 GDI+ Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0626 Windows DHCP Server Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0634 Microsoft Edge Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0640 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0642 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0644 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0645 Microsoft Edge Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0650 Microsoft Edge Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0651 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0652 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0655 Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0662 GDI+ Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0540 Microsoft Office Security Feature Bypass Vulnerability Important No No
CVE-2019-0595 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0596 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0597 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0598 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0599 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0600 HID Information Disclosure Vulnerability Important No No
CVE-2019-0601 HID Information Disclosure Vulnerability Important No No
CVE-2019-0602 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-0610 Scripting Engine Memory Corruption Vulnerability Important No No
CVE-2019-0613 .NET Framework and Visual Studio Remote Code Execution Vulnerability Important No No
CVE-2019-0615 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-0616 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-0619 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-0621 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0623 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2019-0625 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0627 Windows Security Feature Bypass Vulnerability Important No No
CVE-2019-0628 Win32k Information Disclosure Vulnerability Important No No
CVE-2019-0630 Windows SMB Remote Code Execution Vulnerability Important No No
CVE-2019-0631 Windows Security Feature Bypass Vulnerability Important No No
CVE-2019-0632 Windows Security Feature Bypass Vulnerability Important No No
CVE-2019-0633 Windows SMB Remote Code Execution Vulnerability Important No No
CVE-2019-0635 Windows Hyper-V Information Disclosure Vulnerability Important No No
CVE-2019-0637 Windows Defender Firewall Security Feature Bypass Vulnerability Important No No
CVE-2019-0648 Scripting Engine Information Disclosure Vulnerability Important No No
CVE-2019-0649 Scripting Engine Elevation of Privileged Vulnerability Important No No
CVE-2019-0654 Microsoft Browser Spoofing Vulnerability Important No No
CVE-2019-0656 Windows Kernel Elevation of Privilege Vulnerability Important No No
CVE-2019-0657 .NET Framework and Visual Studio Spoofing Vulnerability Important No No
CVE-2019-0658 Scripting Engine Information Disclosure Vulnerability Important No No
CVE-2019-0659 Windows Storage Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0660 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-0661 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0664 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-0668 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No
CVE-2019-0669 Microsoft Excel Information Disclosure Vulnerability Important No No
CVE-2019-0724 Microsoft Exchange Server Elevation of Privilege Vulnerability Important No No
CVE-2019-0728 Visual Studio Code Remote Code Execution Vulnerability Important No No
CVE-2019-0641 Microsoft Edge Security Feature Bypass Vulnerability Moderate No No
CVE-2019-0643 Microsoft Edge Information Disclosure Vulnerability Moderate No No
CVE-2019-0670 Microsoft SharePoint Spoofing Vulnerability Moderate No No
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

February Patch Tuesday: Hackers Say Hello

By News, Patch TuesdayNo Comments

Telegram Messenger Exploited Again

Back in March 2017 we saw “Secure” WhatsApp and Telegram messenger applications being exploited by the user receiving a seemingly harmless image file which actually hosts malicious HTML code.

This code directs them to a webpage specifically crafted to harvest personal data from the user device and hijack their accounts.

Today it seems that Telegram did not learn their lesson. The application has been exploited again using the same flaw, this time with the aim of distributing malicious software to harness the users device for mining cryptocurrencies.

The 2018 exploit works is by the hacker again sending an image file to be opened by the user which hosts a malicious VB Script. The file would for example be calledphoto_high_re*U+202E*gnp.js.

Note the U+202E part of the name, this is the RLO character which tells Telegram to display the remaining string in reverse hiding the script and keeping the js file extension.

While this exploit primarily targets home users, it is not limited to this audience. Having a capable systems management tool like Syxsense in your environment can help combat these kind of attacks which are becoming more and more frequent.

IoT devices are being targeted by hackers. In the midst of the WannaCry outbreak reports,  a factory was reportedly exploited even though its devices had no direct internet access at the time. The culprit after investigation was found to be a coffee machine with Wi-Fi capability.

James Rowney, Service Manager for Verismic commented: “In this day and age we are seeing more and more convenience devices that are obviously designed to make our lives easier when in fact we are just leaving ourselves open to attack.”

When looking at such appliances, we need to consider the potential fall out if they were to be exploited especially in the workplace. If a coffee machine can take down a factory then anything is possible.

Be vigilant, stay protected and consider a systems management tool with IoT tracking capabilities like Syxsense.

[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

“January 2018 was one of the worst months for patching I have seen since I joined Verismic” said Verismic Service Manager, James Rowney. “The vast amount of patches released last month left in its wake a sea of bluescreened machines, broken applications and inactive Web browsers. February seems to be following suite which will cause headaches for IT admins.”

2017 saw a similar trend with the headache months being February and November primarily but on the whole it seems that last year was significantly worse than 2016. This does seem to coincide with the change in the way Microsoft handled their patch releases. Let’s hope the rest of this year is more fruitful or it may be worth Microsoft considering going back to their old release strategy.

Microsoft addressed 49 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore and Adobe Flash. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service condition.

We have chosen a few updates to prioritize this month, this recommendation has been made using evidence from industry experts (including our own) and anticipated business impact.

[vc_single_image image=”23735″ img_size=”full” alignment=”center”]
CVE-ID Vendor Name Title CVSS Recommended
CVE-2018-0825 Microsoft Microsoft Windows StructuredQuery Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2018-0844 Microsoft Microsoft Windows Common Log File System Driver Privilege Escalation Vulnerability 7.8 Yes
CVE-2018-0846 Microsoft Microsoft Windows Common Log File System Driver Privilege Escalation Vulnerability 7.8 Yes
CVE-2018-0840 Microsoft Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2018-0847 Microsoft Microsoft Internet Explorer Information Disclosure Vulnerability 7.5 Yes
CVE-2018-0866 Microsoft Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2018-0742 Microsoft Microsoft Windows Kernel Privilege Escalation Vulnerability 7
CVE-2018-0756 Microsoft Microsoft Windows Kernel Privilege Escalation Vulnerability 7
CVE-2018-0809 Microsoft Microsoft Windows Privilege Escalation Vulnerability 7
CVE-2018-0820 Microsoft Microsoft Windows Kernel Privilege Escalation Vulnerability 7
CVE-2018-0823 Microsoft Microsoft Windows Named Pipe File System Privilege Escalation Vulnerability 7
CVE-2018-0826 Microsoft Microsoft Windows Storage Services Privilege Escalation Vulnerability 7
CVE-2018-0842 Microsoft Microsoft Windows Arbitrary Code Execution Vulnerability 6.7
CVE-2018-0828 Microsoft Microsoft Windows Privilege Escalation Vulnerability 6.6
CVE-2018-0831 Microsoft Microsoft Windows Kernel Privilege Escalation Vulnerability 6.6
CVE-2018-0755 Microsoft Microsoft Windows OpenType Font Information Disclosure Vulnerability 5.5
CVE-2018-0760 Microsoft Microsoft Windows OpenType Font Information Disclosure Vulnerability 5.5
CVE-2018-0761 Microsoft Microsoft Windows OpenType Font Information Disclosure Vulnerability 5.5
CVE-2018-0853 Microsoft Microsoft Office Information Disclosure Vulnerability 5.5
CVE-2018-0855 Microsoft Microsoft Windows OpenType Font Information Disclosure Vulnerability 5.5
CVE-2018-0864 Microsoft Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0869 Microsoft Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0821 Microsoft Microsoft Windows AppContainer Privilege Escalation Vulnerability 5.3
CVE-2018-0827 Microsoft Microsoft Windows Security Feature Bypass Vulnerability 5.3
CVE-2018-0833 Microsoft Microsoft Windows SMB Request Processing Denial of Service Vulnerability 4.8
CVE-2018-0757 Microsoft Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0810 Microsoft Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0829 Microsoft Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0830 Microsoft Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0832 Microsoft Microsoft Windows Information Disclosure Vulnerability 4.7
CVE-2018-0843 Microsoft Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0839 Microsoft Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2018-0850 Microsoft Microsoft Outlook Security BypassVulnerability 4.3
CVE-2018-0763 Microsoft Microsoft Edge Information Disclosure Vulnerability 4.2
CVE-2018-0834 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0835 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0836 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0837 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0838 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0841 Microsoft Microsoft Office Memory Corruption Vulnerability 4.2
CVE-2018-0851 Microsoft Microsoft Office Memory Corruption Vulnerability 4.2
CVE-2018-0852 Microsoft Microsoft Outlook Memory Corruption Vulnerability 4.2
CVE-2018-0856 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0857 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0858 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0859 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0860 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo