Microsoft’s February 2020 Patch Tuesday Fixes 99 Security Issues

By bmhumePatch Management, Patch Tuesday

Microsoft’s February 2020 Patch Tuesday Fixes 99 Security Issues

The official Patch Tuesday updates have arrived for February, including 99 vulnerability fixes. Catch up on the latest news from Microsoft and start patching.

February Patch Tuesday is Here

Microsoft have released 99 patches today. There are 12 Critical patches with the remaining marked Important.

Support for Windows 7 and Windows Server 2008 (including R2) was officially ended last month, but there are plenty of updates released this month for customers who have purchased an extension agreement.

Zero Day Weaponized Bug for IE

CVE-2020-0674, which carries a Critical vendor severity and High CVSS score, has been documented as being Publicly Aware and actively Weaponized.

This is as close to a Zero Day as you can get, and we encourage all users still using Internet Explorer to update this as soon as possible. This vulnerability affects Windows 7, which officially ended support last month, and Windows 10 through Windows Server 2008 to 2012.

Robert Brown, Director of Services for Syxsense said, If you are still using Internet Explorer on Windows 7 and have not purchased the CSA / ESU extension, you may wish to consider uninstalling IE and replacing it with another browser immediately due to the critical nature of this vulnerability. It has huge potential to be used to install Ransomware or other software simply by accessing an infected website. Customers using Syxsense Manage or Syxsense Secure will be able to deploy all new Windows 7 content to your licensed Windows 7 systems.

Microsoft released a security advisory for an unpatched IE code-execution vulnerability.

Another Adobe Headache

Adobe released 42 updates todaythe largest of the year so far. They have fixed bugs in Framemaker, Experience Manager, Adobe Digital Editions, Flash, and Acrobat and Reader. Both Syxsense and Adobe recommend these Critical updates be deployed within the next 7 days.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

February 11, 2020

Love0

Internet Explorer Has Massive Security Flaw

By bmhumeBlog, Patch Management

Internet Explorer Has Massive Security Flaw

Microsoft recently released a security advisory alerting its users of an unpatched code-execution vulnerability in Internet Explorer.

What is the IE Vulnerability?

Microsoft recently released a security advisory alerting its users of an unpatched code-execution vulnerability in Internet Explorer.

The vulnerability (CVE-2020-0674), which is listed as high as critical in severity for Internet Explorer version 11 and moderate in severity for Internet Explorer versions 9 and 10, “exists in the way that the scripting engine handles objects in memory in Internet Explorer”, Microsoft stated in its advisory.

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights,” Microsoft went on to explain in the advisory.

“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”

How the IE Vulnerability was Discovered

Microsoft stated they had learned about the vulnerability by Clément Lecigne of Google’s Threat Analysis Group (TAG) and Ella Yu from Qihoo 360, which have apparently seen the weakness being exploited in limited, targeted attacks.

Google’s Threat Analysis Group has previously reported several vulnerabilities to Microsoft, including one in the Windows 7/2008R2 architecture (CVE-2019-0808) as well as another Internet Explorer exploit (CVE-2019-1367).

Managing the IE Vulnerability

Although the vulnerability sounds intense, Microsoft stated it’s not present in the supported versions of Internet Explorer (which uses Jscrip9.dll) and they instead took a firm stance on waiting until next month’s Patch Tuesday to produce remediation.

“Microsoft is aware of this vulnerability and working on a fix,” Microsoft stated at the end of their advisory. “Our standard policy is to release security updates on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers.”

For those that require a quick fix, Microsoft detailed a workaround that leverages administrative commands to restrict access to the vulnerable scripting library. It should be noted that the workaround may result in reduced functionality for components or features that rely on jscript.dll.

Security professionals have also advised users to simply stop using Internet Explorer and instead switch to a more reliable and secure solution; however, this may not be easy for all as some existing web-based software still requires outdated version of Internet Explorer. Microsoft has even recently launched its own Chromium-based Edge browser to provide better compatibility to its customers.

Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across your entire environment. Find peace of mind by trusting your Syxsense and set up a free trial today.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

January 22, 2020

Love0

Microsoft’s November 2019 Patch Tuesday Fixes IE Zero-Day

By bmhumeNews, Patch Management, Patch Tuesday

Microsoft’s November 2019 Patch Tuesday Fixes IE Zero-Day

Microsoft has released 74 Patch Tuesday updates, including 13 Critical updates and a fix for a remote code execution vulnerability in Internet Explorer.

November 2019 Patch Tuesday: What to Expect

Microsoft has released 74 updates today – there are 13 Critical and 61 Important updates to deal with.

CVE-2019-1429 has been released to solve a bug that is being weaponized! This vulnerability should be treated as an ‘Out-of-Band’ update for anyone still using Internet Explorer. Previously, we have suggested moving away from IE—this is yet another reason to look for a safer browser for your business.

Robert Brown, Director of Services for Syxsense said, “The biggest risk our customers can take, is not treating weaponized vulnerabilities seriously enough. Weaponized vulnerabilities are often not the highest severity and aren’t prioritized enough by IT managers and security administrators. In this case, the severity is critical. If the vulnerability was exploited, it could easily be used to spread ransomware or take over a system. Please patch this now.”

Not Critical, But High Priority Patches

CVE-2019-1384 and CVE-2019-1424 have only been ranked as Important by Microsoft, however the independent CVSS Score has ranked these 8.5 and 8.1 respectively. CVE-2019-1384 is a vulnerability impacting all Windows operating systems from Windows 7 to Windows Server 2019 where an attacker could obtain key and sign in messages making some security login audit records redundant. It can also infect other machines.

We believe CVE-2019-1424 is particularly dangerous. If exposed, this vulnerability could downgrade the secure communications channel leading to communications messages being sent to Windows improperly—possibly even intercepted and recorded.

Latest Adobe Patches

Adobe released four patches for Adobe Animate CC, Illustrator CC, Bridge CC, and Media Encoder. The Media Encoder patch includes a critical fix for an out-of-bounds (OOB) that could allow code execution. Both Syxsense and Adobe recommend this Out-of-Band update be deployed within the next 7 days.

November 2019 Patch Tuesday Update

Based on the vendor severity and CVSS score, we have made a few recommendations for what to prioritize this month. Pay close attention to those under Publicly Aware and Weaponized.

CVE Ref.	Description	Vendor Severity	CVSS Base Score	Publicly Aware	Weaponised	Syxsense Secure Recommended
CVE-2019-1429	Scripting Engine Memory Corruption Vulnerability	Critical	7.5	No	Yes	YES
CVE-2019-1373	Microsoft Exchange Remote Code Execution Vulnerability	Critical	NA	No	No	YES
CVE-2019-1457	Microsoft Office Excel Security Feature Bypass	Important	NA	Yes	No	YES
CVE-2019-1384	Microsoft Windows Security Feature Bypass Vulnerability	Important	8.5	No	No	YES
CVE-2019-1424	NetLogon Security Feature Bypass Vulnerability	Important	8.1	No	No	YES
CVE-2019-0721	Hyper-V Remote Code Execution Vulnerability	Critical	8	No	No	YES
CVE-2019-1419	OpenType Font Parsing Remote Code Execution Vulnerability	Critical	7.8	No	No	YES
CVE-2019-1379	Windows Data Sharing Service Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1380	Microsoft splwow64 Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1382	Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1383	Windows Data Sharing Service Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1385	Windows AppX Deployment Extensions Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1388	Windows Certificate Dialog Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1393	Win32k Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1394	Win32k Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1395	Win32k Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1396	Win32k Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1405	Windows UPnP Service Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1407	Windows Graphics Component Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1408	Win32k Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1415	Windows Installer Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1416	Windows Subsystem for Linux Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1417	Windows Data Sharing Service Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1420	Windows Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1422	Windows Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1423	Windows Elevation of Privilege Vulnerability	Important	7.8	No	No	YES
CVE-2019-1456	OpenType Font Parsing Remote Code Execution Vulnerability	Important	7.8	No	No	YES
CVE-2019-1389	Windows Hyper-V Remote Code Execution Vulnerability	Critical	7.6	No	No	YES
CVE-2019-1397	Windows Hyper-V Remote Code Execution Vulnerability	Critical	7.6	No	No	YES
CVE-2019-1398	Windows Hyper-V Remote Code Execution Vulnerability	Critical	7.6	No	No	YES
CVE-2019-1390	VBScript Remote Code Execution Vulnerability	Critical	7.5	No	No	YES
CVE-2019-1430	Microsoft Windows Media Foundation Remote Code Execution Vulnerability	Critical	7.3	No	No	YES
CVE-2019-1370	Open Enclave SDK Information Disclosure Vulnerability	Important	7	No	No	YES
CVE-2019-1392	Windows Kernel Elevation of Privilege Vulnerability	Important	7	No	No	YES
CVE-2019-1433	Windows Graphics Component Elevation of Privilege Vulnerability	Important	7	No	No	YES
CVE-2019-1434	Win32k Elevation of Privilege Vulnerability	Important	7	No	No	YES
CVE-2019-1435	Windows Graphics Component Elevation of Privilege Vulnerability	Important	7	No	No	YES
CVE-2019-1437	Windows Graphics Component Elevation of Privilege Vulnerability	Important	7	No	No	YES
CVE-2019-1438	Windows Graphics Component Elevation of Privilege Vulnerability	Important	7	No	No	YES
CVE-2019-1441	Win32k Graphics Remote Code Execution Vulnerability	Critical	6.7	No	No	YES
CVE-2019-1406	Jet Database Engine Remote Code Execution Vulnerability	Important	6.7	No	No
CVE-2019-1381	Microsoft Windows Information Disclosure Vulnerability	Important	6.6	No	No
CVE-2019-0712	Windows Hyper-V Denial of Service Vulnerability	Important	5.8	No	No
CVE-2019-1309	Windows Hyper-V Denial of Service Vulnerability	Important	5.8	No	No
CVE-2019-1310	Windows Hyper-V Denial of Service Vulnerability	Important	5.8	No	No
CVE-2019-1374	Windows Error Reporting Information Disclosure Vulnerability	Important	5.5	No	No
CVE-2019-1391	Windows Denial of Service Vulnerability	Important	5.5	No	No
CVE-2019-1409	Windows Remote Procedure Call Information Disclosure Vulnerability	Important	5.5	No	No
CVE-2019-1436	Win32k Information Disclosure Vulnerability	Important	5.5	No	No
CVE-2019-1399	Windows Hyper-V Denial of Service Vulnerability	Important	5.4	No	No
CVE-2019-1324	Windows TCP/IP Information Disclosure Vulnerability	Important	5.3	No	No
CVE-2019-1412	OpenType Font Driver Information Disclosure Vulnerability	Important	5	No	No
CVE-2019-1440	Win32k Information Disclosure Vulnerability	Important	5	No	No
CVE-2018-12207	Windows Kernel Information Disclosure Vulnerability	Important	4.7	No	No
CVE-2019-11135	Windows Kernel Information Disclosure Vulnerability	Important	4.7	No	No
CVE-2019-1439	Windows GDI Information Disclosure Vulnerability	Important	4.7	No	No
CVE-2019-1411	DirectWrite Information Disclosure Vulnerability	Important	4.4	No	No
CVE-2019-1432	DirectWrite Information Disclosure Vulnerability	Important	4.4	No	No
CVE-2019-1413	Microsoft Edge Security Feature Bypass Vulnerability	Important	4.3	No	No
CVE-2019-1426	Scripting Engine Memory Corruption Vulnerability	Critical	4.2	No	No
CVE-2019-1427	Scripting Engine Memory Corruption Vulnerability	Critical	4.2	No	No
CVE-2019-1428	Scripting Engine Memory Corruption Vulnerability	Critical	4.2	No	No
CVE-2019-1418	Windows Modules Installer Service Information Disclosure Vulnerability	Important	3.5	No	No
CVE-2019-1234	Azure Stack Spoofing Vulnerability	Important	NA	No	No
CVE-2019-1402	Microsoft Office Information Disclosure Vulnerability	Important	NA	No	No
CVE-2019-1425	Visual Studio Elevation of Privilege Vulnerability	Important	NA	No	No
CVE-2019-1442	Microsoft Office Security Feature Bypass Vulnerability	Important	NA	No	No
CVE-2019-1443	Microsoft SharePoint Information Disclosure Vulnerability	Important	NA	No	No
CVE-2019-1445	Microsoft Office Online Spoofing Vulnerability	Important	NA	No	No
CVE-2019-1446	Microsoft Excel Information Disclosure Vulnerability	Important	NA	No	No
CVE-2019-1447	Microsoft Office Online Spoofing Vulnerability	Important	NA	No	No
CVE-2019-1448	Microsoft Excel Remote Code Execution Vulnerability	Important	NA	No	No
CVE-2019-1449	Microsoft Office ClickToRun Security Feature Bypass Vulnerability	Important	NA	No	No
CVE-2019-1454	Windows User Profile Service Elevation of Privilege Vulnerability	Important	NA	No	No

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

November 13, 2019

Love0

Emergency Fix for IE Zero Day

By hsmithNews, Patch Management

Microsoft Releases Patch to Address Active Exploit

After learning about it from Google, Microsoft has moved to fix CVE-2018-8653. This flaw in Internet Explorer is being actively exploited in the wild.

According to the Microsoft release, this remote code execution issue “could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.”

The vulnerability effects Internet Explorer 11 on Windows 7 to 10 and Windows Server 2012, 2016, and 2019. For Explorer 10, it effects Windows Server 2012. For Explorer 9, it effects Windows Server 2008.

As it is being actively exploited, it’s critical to check that all systems have updated Internet Explorer.

Using Syxsense to Address This Issue

Syxsense is designed to facilitate and simplify any patching strategy. While you can run a comprehensive scan of all devices on a network, you can also run a targeted scan seeking a specific software. The console can easily display which devices are running which version of an application that might be at risk.

From there, it’s simple to set up a task that targets every device that requires the needed update.

With visual gadgets in both the device and task views, an IT manager can track the completion status of the deployment.

With everything being integrated, a report can be generated from the task information. Software can also be completely rolled back, if needed.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

October 15, 2019

Love0

Microsoft Releases Out-of-Band Security Updates

By bmhumeNews, Patch Management, Patch Tuesday

Microsoft Releases Out-of-Band Security Updates

Microsoft's out-of-band security updates address two vulnerabilities, including a zero-day vulnerability in the Internet Explorer (IE) scripting engine.

Microsoft Urges Users to Install Emergency Patches

Microsoft released an emergency set of cumulative updates for Windows 10 devices running the May 2019 update (Windows 10 version 1903) and earlier.

The out-of-band security updates address two vulnerabilities, including a zero-day vulnerability in the Internet Explorer (IE) scripting engine that has been actively exploited in the wild as well as a Microsoft Defender bug.

The IE zero-day vulnerability (CVE-2019-1367) is a remote code execution flaw that could easily enable an attacker who successfully exploited it to gain the same user rights as the current logged-in user.

“If the current user is logged-on with administrative rights, an attacker who successfully exploited the vulnerability could take control of an affected system,” stated Microsoft.

This flaw could also be exploited remotely and online; the attacker could even potentially host their own website specifically-designed to exploit the vulnerability within IE and then trick the end-user to view said website, via email or other means.

U.S. CERT Warns of Microsoft Vulnerabilities

The other released vulnerability (CVE-2019-1255) is a denial-of-service flaw in Microsoft Defender, Microsoft’s standard antivirus that ships with Windows 8 and later operating systems.

According to Microsoft, “an attacker could exploit the vulnerability to prevent legitimate accounts from executing legitimate system binaries.” The flaw allows an attacker to disable the Defender components from executing. Microsoft has released V1.1.16400.2 to the Microsoft Malware Protection Engine to resolve the concern.

“Microsoft has released out-of-band security updates to address vulnerabilities in Microsoft software,” stated the U.S. Computer Emergency Readiness Team (CERT). “A remote attacker could exploit one of these vulnerabilities to take control of an affected system.”

These updates stand out seeing as Microsoft typically only releases security updates on Patch Tuesday, the second Tuesday of every month. Microsoft rarely changes their frequency of release unless the updates are considered critically important for security issues.

This release is indeed very important and all Windows users are strongly advised to patch as soon as possible. The update for the IE zero-day vulnerability is a manual update while the Defender bug will be patched automatically and silently within 48 hours of its availability.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

September 24, 2019

Love0

Emergency Fix for IE Zero Day

By bmhumeNews, Patch Management

Microsoft Releases Patch to Address Active Exploit

After learning about it from Google, Microsoft has moved to fix CVE-2018-8653. This flaw in Internet Explorer is being actively exploited in the wild.

According to the Microsoft release, this remote code execution issue “could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.”

The vulnerability effects Internet Explorer 11 on Windows 7 to 10 and Windows Server 2012, 2016, and 2019. For Explorer 10, it effects Windows Server 2012. For Explorer 9, it effects Windows Server 2008.

As it is being actively exploited, it’s critical to check that all systems have updated Internet Explorer.

Using Syxsense to Address This Issue

Syxsense is designed to facilitate and simplify any patching strategy. While you can run a comprehensive scan of all devices on a network, you can also run a targeted scan seeking a specific software. The console can easily display which devices are running which version of an application that might be at risk.

From there, it’s simple to set up a task that targets every device that requires the needed update.

With visual gadgets in both the device and task views, an IT manager can track the completion status of the deployment.

With everything being integrated, a report can be generated from the task information. Software can also be completely rolled back, if needed.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

December 19, 2018

Love0

internet explorer