Skip to main content
Tag

January Patch Tuesday

WSUS Can’t Handle This

By News, Patch Management, Patch Tuesday, UncategorizedNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Microsoft Releases Fix for Patch Tuesday Blunder

When Patch Tuesday rolled out earlier this month, it came with an unexpected problem. Two updates, KB4480970 and KB4480960, created network shares accessing errors. Patch deployment strategies had to be halted and the update required removal.
Now, Microsoft has released a new update, KB4487345, that should fix the networking issues.
With the mess that this botched update created, Microsoft has shone a bright light on to the limitations of certain update software. WSUS, Microsoft’s own proprietary system, is one of the weakest available.

Deploying the previous, broken updates, along with this new fix, with WSUS would induce massive headaches. Essentially, you would be deploying your updates blindly. There is no function within WSUS to check if devices already have an update deployed. So, if you patched your Patch Tuesday updates as regular, you may have the broken updates on your systems. There is also no option to roll back updates. Uninstalling them would require an immense amount of work.
Even after you had figured out which systems had the bad updates, uninstalled them, and then deployed the fixed update, you’d still have a major problem. WSUS does not show the status of a task. There is no way to confirm within the software that an update was successful. This also means there is no evidence to prove you have executed this critical task.
There can be no more waiting in implementing a true patch management solution. Look to Syxsense.

Why choose Syxsense?
1. Detection: With Realtime security information, Syxsense displays the current state of your devices and software. This is a reflection of right now; not minutes or hours ago.
2. Roll Back Patches: Not only can you deploy updates with a strategic method, but the Patch Manager can also uninstall updates. The task can be configured to remove a specific update, or group of updates, from all devices or just a selection of them.

[vc_single_image image=”26877″ img_size=”full”]

3. Task Status and Reporting: Along with that Realtime data display comes accurate task status information. You can follow along as the task runs and analyze which devices succeeded or failed to implement the update. From there, our reporting section organizes vital information into easy to understand reports. These are perfect for emailing out to prove needed work has been completed effectively.

[vc_separator]

What is Realtime Security?

Syxsense Realtime Security pulls live data from thousands of devices, direct to a web console, in seconds. By eliminating stale data, IT management and security decisions are based on what is happening right now, not in the past.

[dt_default_button link=”url:%2Fsyxsense-trial%2F|||” size=”medium”]Start A Free Trial[/dt_default_button]

If device scans are run at night when devices are offline, hidden behind a firewall or roaming, security and IT teams have an incomplete view of their environment. Realtime Security eliminates blind spots enabling teams to manage their environment with 100% visibility.
With no steep learning curve, Realtime Security’s simple to learn web interface leverages AI, and empowers teams with the information and skill to act instantly.
Why juggle multiple consoles for device and security management? In a single place, security and IT operations can understand their exposed security risk, patch, deploy software, stop security breaches, satisfy compliance agencies and more.

Whether organizations are looking for endpoint security or IT management capabilities, including patch management, software distribution and remote control, Realtime Security is the only cloud-based approach to security and systems management which enables 10-second endpoint visibility and control thousands of devices.
Get started with Syxsense Realtime Security and manage your entire IT environment with a simple and powerful solution.

[vc_single_image image=”25591″ img_size=”full” alignment=”center” onclick=”custom_link” link=”https://www.syxsense.com/realtime-security”]

Patch Tuesday: January Updates

By News, Patch Management, Patch Tuesday, UncategorizedNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Patch Tuesday Release: The Latest News

Microsoft has released 49 security patches today. There are seven Critical severity patches in this release however almost half resolve a remote code execution issue.
Eleven of the others are important remote code execution patches, and one of these patches is listed as publicly known which we are highly recommend be prioritized this month.

Adobe Flash, Connect and Digital Editions

Adobe has released updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS.  These updates address feature and performance bugs, but do not include security fixes.

The Adobe Connect update resolves an important session token exposure vulnerability and the update for Adobe Digital resolved a vulnerability which if successful exploitation could lead to information disclosure in the context of the current user.
All of these updates are Priority 3, which means Exploitation is not known or likely.

[vc_single_image image=”26868″ alignment=”center”]

CVE-2019-0579

Although this update has a Severity rating of Important, is publicly disclosed, and although there is no evidence that this is being actively exploited in the wild, these types of updates are commonly used to expose customer environments – as demonstrated by the independent CVSS score of 7.8 out of 10.
Robert Brown, Director of Services for Verismic said, “You should not leave Windows Update in its automatic mode as updates like this would typically be lower priority and therefore not deployed automatically. You should have enough information to make informed choices in your selection of patches, and that includes being able to see independent CVSS scores and whether the vulnerability has been made Public or known to be Actively Exploited.”
Syxsense provides that information so you do not need to reply on default Windows Update patching.

7GB of Storage – ‘Reserve Storage’

Windows doesn’t check if a device has enough space before installing an update. The current solution is for users to manually delete unnecessary temporary files and temporarily move those files like photos and films to external storage to make enough space.

Microsoft have announced that a future “Quality Update” could automatically earmark 7GB of storage on your local hard drive to future proof any download of large updates going forward.
What is concerning is this space cannot be retrieved or paid back to Windows – so any device with the older generation SDD drives or smaller hard drive are likely to run out of space.

[dt_default_button link=”url:%2Fsyxsense-trial%2F|||” size=”medium”]Start Your Free Trial[/dt_default_button]
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

[vc_single_image image=”26869″ img_size=”full”]
CVE ID Description Severity Publicly Discovered Actively Exploited Recommended
CVE-2019-0579 Jet Database Engine Remote Code Execution Vulnerability Important Yes No Yes
CVE-2019-0539 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0568 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0567 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0565 Microsoft Edge Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0547 Windows DHCP Client Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0550 Windows Hyper-V Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0551 Windows Hyper-V Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0564 ASP.NET Core Denial of Service Vulnerability Important No No
CVE-2019-0548 ASP.NET Core Denial of Service Vulnerability Important No No
CVE-2019-0566 Microsoft Edge Elevation of Privilege Vulnerability Important No No
CVE-2019-0562 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No
CVE-2019-0543 Microsoft Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-0555 Microsoft Xml Document Elevation of Privilege Vulnerability Important No No
CVE-2019-0552 Windows COM Elevation of Privilege Vulnerability Important No No
CVE-2019-0571 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0572 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0573 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0574 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0570 Windows Runtime Elevation of Privilege Vulnerability Important No No
CVE-2019-0545 ASP.NET Information Disclosure Vulnerability Important No No
CVE-2019-0560 Microsoft Office Information Disclosure Vulnerability Important No No
CVE-2019-0559 Microsoft Outlook Information Disclosure Vulnerability Important No No
CVE-2019-0537 Microsoft Visual Studio Information Disclosure Vulnerability Important No No
CVE-2019-0561 Microsoft Word Information Disclosure Vulnerability Important No No
CVE-2019-0536 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0549 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0554 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0569 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0553 Windows Subsystem for Linux Information Disclosure Vulnerability Important No No
CVE-2019-0541 Internet Explorer Remote Code Execution Vulnerability Important No No
CVE-2019-0538 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0575 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0576 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0577 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0578 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0580 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0581 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0582 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0583 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0584 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0588 Microsoft Exchange Information Disclosure Vulnerability Important No No
CVE-2019-0586 Microsoft Exchange Memory Corruption Vulnerability Important No No
CVE-2019-0585 Microsoft Word Remote Code Execution Vulnerability Important No No
CVE-2019-0556 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-0557 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-0558 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-0622 Skype for Android Elevation of Privilege Vulnerability Moderate No No
CVE-2019-0546 Visual Studio Remote Code Execution Vulnerability Moderate No No
[vc_btn title=”Start Your Free Trial of Syxsense →” style=”custom” custom_background=”#f19b2c” custom_text=”#ffffff” size=”lg” align=”center” button_block=”true” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||”]

Patch Tuesday: January Patches Bring February Headaches

By Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

New year, new steer for Microsoft patching professionals

Microsoft has released four bulletins in total of which two are rated Critical and 2 rated Important. Last week, they released 22 KB non-security updates for Office 2013 / 16 and an update for Word Viewer.

Overall, this is a fairly uneventful release for the first month of 2017 with Microsoft seemingly winding down in preparation for the newly launched Security Updates Guide database that will become the monthly patch Tuesday resource as of next month.

This move on the face of things looks like a good idea, but how will this be perceived by businesses that are used to choosing their updates? This new practice changes the way information is referenced and will most certainly cause a headache for IT administrators who will have to rethink their whole patch management procedure.

James Rowney, Service Manager for Verismic said, “When I first read about this last year, I couldn’t believe that Microsoft were taking such a valiant step towards forcing updates. This really feels like Microsoft is taking an intermediary step towards mimicking the Apple approach of just applying a updates / patches without notification. While this approach does seem to work for Apple I am not so sure that Microsoft has an OS stable enough to follow this practice just yet.”

Chrome coming into its own

Google announced at the end of 2016 that they would be marking web pages as unsecure if the page is not served using HTTPS and holds personal data like login details or financial input tables. These changes will only apply from Chrome revision 56 onwards so we can expect to see this take gradual effect as browsers update as opposed to a flick of a switch scenario.

[vc_single_image image=”11077″]

These changes go hand in hand with Google’s plan to encourage its users to adopt secure login methods. There are obvious pitfalls here as HTTPS doesn’t keep certificates or TLS liberties up to date and webmasters could also see negative movement on their Google rankings. However, this is generally a positive step forward.

Google recently announced that they hit a milestone where more than 50% of their desktop pages now load over HTTPS. Further information and the official notification can be referenced here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Microsoft Updates

To help your IT Security Officers, we have chosen one update from this Patch Tuesday to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly the independent CVSS score for the vulnerability.

MS17-003 – Late comer to this month’s releases is this security update to Adobe Flash Player, research indicates that this could have been a Zero Day release later in the week and affects all supported versions of Windows. The urgency to get this out shows the importance of this update, we recommend that this patch is rolled out with high priority at your earliest convenience.

The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

Bulletin ID

Description

Impact

Restart Requirement

Severity

CVSS Score

MS17-001

Security Update for Microsoft Edge (3199709)

This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow an elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited this vulnerability could gain elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges

Elevation of Privilege

Requires restart

Important

6.1

MS17-002

Security Update for Microsoft Office (3214291)

This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Remote Code Execution

May require restart

Critical

7.8

MS17-003

Security Update for Adobe Flash Player (3214628)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016

Remote Code Execution

May require restart

Critical

9.3

MS17-004

Security Update for Local Security Authority Subsystem Service (3216771)

A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system’s LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.

Remote Code Execution

Denial of Service

Important

7.5