Skip to main content
Tag

Microsoft Patch Tuesday

||

November Patch Tuesday: Windows Zero-Day Exploit Patched

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image image=”25731″ img_size=”full”]

Patch Tuesday Release: The Latest News

Microsoft has released 62 security patches today covering Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office.  12 of the 62 are listed as Critical.

CVE-2018-8589 with a severity of Important and a CVSS score of 7.8 is being actively exploited.  The most likely exploitation of this type of vulnerability is thought by many experts to be by global malware making this a very serious vulnerability.  We would highly recommend this be a priority for your IT Manager this month.

Patch Tuesday needed to fix file association bug

A cumulative update for Windows 10 from April 2018 has broken the file association settings with certain applications.

If this has impacted your users, we would recommend you include the patch in your next round of patch deployments. We have learned some third-party updates by Notepad++, which is a popular application used by software developers, loses its association with certain text file formats.

Robert Brown, Director of Services for Verismic said, “From our own experience of deploying tens of millions of updates worldwide, it is always the smallest bugs which impact your users the most and cause huge disruption in your users’ productivity.  We encourage all of our customers to have a robust testing process to ensure interruption to your workforce is minimized.

Adobe Fixes Critical Vulnerabilities

Adobe released their monthly patch list early this month, three additional updates have been released affecting Flash, Adobe Photoshop & Acrobat / Reader.

One of the three vulnerabilities identified as CVE-2018-15979 is currently being exploited, so if you are using Acrobat or Reader on your devices we would highly recommend this patch be prioritized.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

CVE Reference  Title   Severity   Publicly Disclosed   Actively Exploited  Recommended
 CVE-2018-8589  Windows Win32k Elevation of Privilege Vulnerability  Important  No  Yes  Yes
 CVE-2018-8584  Windows ALPC Elevation of Privilege Vulnerability  Important  Yes   No Yes
 CVE-2018-8566  BitLocker Security Feature Bypass Vulnerability  Important  Yes   No Yes
 CVE-2018-8476  Windows Deployment Services TFTP Server Remote Code Execution Vulnerability  Critical   No  No Yes
 CVE-2018-8553  Microsoft Graphics Components Remote Code Execution Vulnerability  Critical   No  No Yes
 CVE-2018-8588  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
 CVE-2018-8541  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
 CVE-2018-8542  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
 CVE-2018-8543  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
 CVE-2018-8544  Windows VBScript Engine Remote Code Execution Vulnerability  Critical   No  No Yes
 CVE-2018-8555  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
 CVE-2018-8556  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
 CVE-2018-8557  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
 CVE-2018-8551  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
CVE-2018-8609 Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability  Critical   No  No Yes
CVE-2018-8600  Azure App Service Cross-site Scripting Vulnerability  Important  No  No
CVE-2018-8602  Team Foundation Server Cross-site Scripting Vulnerability  Important  No  No
CVE-2018-8605  Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability  Important  No  No
CVE-2018-8606  Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability  Important  No  No
CVE-2018-8607  Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability  Important  No  No
CVE-2018-8608  Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability  Important  No  No
 CVE-2018-8471  Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8485  DirectX Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8554  DirectX Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8561  DirectX Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8562  Win32k Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8572  Microsoft SharePoint Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8581  Microsoft Exchange Server Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8550  Windows COM Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8552  Windows VBScript Engine Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8568  Microsoft SharePoint Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8592  Windows Elevation Of Privilege Vulnerability  Important  No  No
 CVE-2018-8567  Microsoft Edge Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8563  DirectX Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8407  MSRPC Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8454  Windows Audio Service Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8565  Win32k Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8558  Microsoft Outlook Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8408  Windows Kernel Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8545  Microsoft Edge Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8578  Microsoft SharePoint Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8579  Microsoft Outlook Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8256  PowerShell Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8522  Microsoft Outlook Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8576  Microsoft Outlook Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8524  Microsoft Outlook Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8539  Microsoft Word Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8573  Microsoft Word Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8574  Microsoft Excel Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8575  Microsoft Project Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8582  Microsoft Outlook Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8450  Windows Search Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8577  Microsoft Excel Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8570  Internet Explorer Memory Corruption Vulnerability  Important  No  No
 CVE-2018-8417  Microsoft JScript Security Feature Bypass Vulnerability  Important  No  No
 CVE-2018-8549  Windows Security Feature Bypass Vulnerability  Important  No  No
 CVE-2018-8564  Microsoft Edge Spoofing Vulnerability  Important  No  No
 CVE-2018-8547  Active Directory Federation Services XSS Vulnerability  Important  No  No
CVE-2018-8529  Team Foundation Server Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8569  Yammer Desktop Application Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8415  Microsoft Powershell Tampering Vulnerability  Important  No  No
 CVE-2018-8416  .NET Core Tampering Vulnerability  Moderate  No  No
 CVE-2018-8546  Microsoft Skype for Business Denial of Service Vulnerability
[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” btn_width=”btn_full_width” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START FREE TRIAL[/dt_default_button]
||||

October Patch Tuesday: Windows 10 Disappears Files

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Patch Tuesday: The Latest News

Microsoft has released 49 security patches today covering Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office.

12 updates are listed as Critical, 35 are rated Important, one is rated as Moderate and one is rated Low severity.

Windows 10 Feature Updates Paused

The highly anticipated Windows 10 feature update (1809) was hotly awaited by Windows 10 users on October 2 only to find that Microsoft have just halted the release due to a very embarrassing bug. Upon install, 1809 deletes users personal files which cannot be easily restored.

Robert Brown, Director of Services for Verismic said, “We would encourage all of our clients to use our recommended test and deployment strategy for feature updates as they do for normal Windows updates. You have 18 months for each feature update, so there is absolutely no reason to rush into mass deployment without testing the impact on your users first.”

Adobe Fixes Critical Vulnerabilities

Adobe released their monthly patch list early this month, with almost a hundred updates coming out last week. Today a modest four additional updates have been released affecting Flash, Framemaker, Adobe Digital Editions & Adobe Technical Suite.

Vulnerability Requires your Attention

On paper CVE-2018-8453 only carries a severity of Important, however we have learned this is being actively exploited. The most likely exploitation of this type of vulnerability is thought by many experts to be by global malware making this a very serious vulnerability.

We would highly recommend this be a priority for your IT manager this month.

Enhance your approach to patch management with Syxsense. Start your free trial with a cloud-based IT management solution that’s easy to use and powerful.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

[vc_single_image image=”25192″ img_size=”full”]
CVE ID Description Severity Actively Exploited Highly Recommended
CVE-2018-8460 Internet Explorer Memory Corruption Vulnerability Critical No Yes
CVE-2018-8473 Microsoft Edge Memory Corruption Vulnerability Critical No Yes
CVE-2018-8489 Windows Hyper-V Remote Code Execution Vulnerability Critical No Yes
CVE-2018-8490 Windows Hyper-V Remote Code Execution Vulnerability Critical No Yes
CVE-2018-8491 Internet Explorer Memory Corruption Vulnerability Critical No Yes
CVE-2018-8494 MS XML Remote Code Execution Vulnerability Critical No Yes
CVE-2018-8500 Scripting Engine Memory Corruption Vulnerability Critical No Yes
CVE-2018-8505 Chakra Scripting Engine Memory Corruption Vulnerability Critical No Yes
CVE-2018-8509 Microsoft Edge Memory Corruption Vulnerability Critical No Yes
CVE-2018-8510 Chakra Scripting Engine Memory Corruption Vulnerability Critical No Yes
CVE-2018-8511 Chakra Scripting Engine Memory Corruption Vulnerability Critical No Yes
CVE-2018-8513 Chakra Scripting Engine Memory Corruption Vulnerability Critical No Yes
CVE-2018-8453 Win32k Elevation of Privilege Vulnerability Important Yes Yes
CVE-2018-8423 Microsoft JET Database Engine Remote Code Execution Vulnerability Important No Yes
CVE-2018-8497 Windows Kernel Elevation of Privilege Vulnerability Important No Yes
CVE-2018-8531 Azure IoT Device Client SDK Memory Corruption Vulnerability Important No Yes
CVE-2010-3190 MFC Insecure Library Loading Vulnerability Important No
CVE-2018-8265 Microsoft Exchange Server Elevation of Privilege Vulnerability Important No
CVE-2018-8320 Windows DNS Security Feature Bypass Vulnerability Important No
CVE-2018-8329 Linux On Windows Elevation Of Privilege Vulnerability Important No
CVE-2018-8330 Windows Kernel Information Disclosure Vulnerability Important No
CVE-2018-8333 Microsoft Filter Manager Elevation Of Privilege Vulnerability Important No
CVE-2018-8411 NTFS Elevation of Privilege Vulnerability Important No
CVE-2018-8413 Windows Theme API Remote Code Execution Vulnerability Important No
CVE-2018-8427 Microsoft Graphics Components Information Disclosure Vulnerability Important No
CVE-2018-8432 Microsoft Graphics Components Remote Code Execution Vulnerability Important No
CVE-2018-8448 Microsoft Exchange Server Elevation of Privilege Vulnerability Important No
CVE-2018-8472 Windows GDI Information Disclosure Vulnerability Important No
CVE-2018-8480 Microsoft SharePoint Elevation of Privilege Vulnerability Important No
CVE-2018-8481 Windows Media Player Information Disclosure Vulnerability Important No
CVE-2018-8482 Windows Media Player Information Disclosure Vulnerability Important No
CVE-2018-8484 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important No
CVE-2018-8486 DirectX Information Disclosure Vulnerability Important No
CVE-2018-8488 Microsoft SharePoint Elevation of Privilege Vulnerability Important No
CVE-2018-8492 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Important No
CVE-2018-8493 Windows TCP/IP Information Disclosure Vulnerability Important No
CVE-2018-8495 Windows Shell Remote Code Execution Vulnerability Important No
CVE-2018-8498 Microsoft SharePoint Elevation of Privilege Vulnerability Important No
CVE-2018-8501 Microsoft PowerPoint Security Feature Bypass Vulnerability Important No
CVE-2018-8502 Microsoft Excel Security Feature Bypass Vulnerability Important No
CVE-2018-8504 Microsoft Word Security Feature Bypass Vulnerability Important No
CVE-2018-8506 Microsoft Windows Codecs Library Information Disclosure Vulnerability Important No
CVE-2018-8512 Microsoft Edge Security Feature Bypass Vulnerability Important No
CVE-2018-8518 Microsoft SharePoint Elevation of Privilege Vulnerability Important No
CVE-2018-8527 SQL Server Management Studio Information Disclosure Important No
CVE-2018-8530 Microsoft Edge Security Feature Bypass Vulnerability Important No
CVE-2018-8532 SQL Server Management Studio Information Disclosure Important No
CVE-2018-8503 Chakra Scripting Engine Memory Corruption Vulnerability Low No
CVE-2018-8533 SQL Server Management Studio Information Disclosure Moderate No
[vc_btn title=”Start Your Free Trial of Syxsense →” style=”gradient-custom” gradient_custom_color_1=”#f19b2c” gradient_custom_color_2=”#f19b2c” size=”lg” align=”center” button_block=”true” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||”]
|||

September Patch Tuesday: The Final Countdown

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image image=”25005″ img_size=”full”]

Patch Tuesday: The Latest News

Microsoft has released 61 security patches and two advisories covering Internet Explorer (IE), Edge, ChakraCore, Azure, Hyper-V, Windows components, .NET Framework, SQL Server, and Microsoft Office.

In the fallout of the British Airways hack this week, which we have learned was caused by an attack from Magecart, the world waits for the suspected Windows Zero Day exploit to be confirmed as CVE-2018-8440.

If so, we would recommend this update be prioritized this month.

Critical Adobe Updates

Adobe’s Patch Tuesday updates for September address a total of 10 vulnerabilities in Flash Player and with six of those Critical in ColdFusion. Only one Critical security issue has been patched in Flash Player, which is a light reprieve from the usual bucket load.

Microsoft will begin charging for updates in 2020

Windows 7 is estimated to be used by 40% of all devices using a Microsoft operating system, so it is a huge surprise that following the extended support in January 2020, Microsoft will start charging customers to continue receiving their Operating System updates.

Robert Brown, Director of Services for Verismic said, “Our clients still using Windows 7 have 2 very important choices. They chose either to commit to migrating to Windows 10, or they invoke a vigorous patch management strategy to begin updating all Windows 7 devices to the latest updates. The deadline is only 13 months away.”

If you commit to migrating to Windows 10, you can utilize the Feature Updates functionality in Syxsense to make future proofing your environment a reality.

Windows 10 Feature Update Planning

Only one month to go. If you are using Windows 10, version 1703 then you only have one month left to upgrade before it falls out of the standard ‘End of Service’ on October 9, 2018.

Each Windows 10 version will be serviced with quality updates for up to 18 months from availability. It is important that all quality updates are installed to help keep your device secure.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

[vc_single_image image=”25015″ img_size=”full”]
Vendor Name Vendor Severity Title
Microsoft Critical Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB4339093)
Microsoft Critical Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB4339093)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4338819)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4338814)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4338825)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x64-based Systems (KB4338832)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1607 for x86-based Systems (KB4338832)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1607 for x64-based Systems (KB4338832)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1803 for x86-based Systems (KB4338832)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1803 for x64-based Systems (KB4338832)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1803 for ARM64-based Systems (KB4338832)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x86-based Systems (KB4338832)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1709 for ARM64-based Systems (KB4338832)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4338825)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1709 for x86-based Systems (KB4338832)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4338814)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1709 for ARM64-based Systems (KB4338825)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1709 for x64-based Systems (KB4338832)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1803 for ARM64-based Systems (KB4338819)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4338819)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4338826)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1703 for x86-based Systems (KB4338826)
Microsoft Important Security Update for Skype for Business 2016 (KB4022221) 64-Bit Edition
Microsoft Important 2018-07 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Server 2012 R2 for x64 (KB4340558)
Microsoft Important Security Update for Skype for Business 2015 (KB4022225) 32-Bit Edition
Microsoft Important Security Update for Microsoft SharePoint Foundation 2013 (KB4022243)
Microsoft Important Security Update for Microsoft Access 2016 (KB4018338) 64-Bit Edition
Microsoft Important Security Update for Microsoft Access 2016 (KB4018338) 32-Bit Edition
Microsoft Important 2018-07 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 (KB4340556)
Microsoft Important 2018-07 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 (KB4340004)
Microsoft Important 2018-07 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64 (KB4340004)
Microsoft Important Security Update for Microsoft Office Viewers Microsoft Office Compatibility Pack (KB4011202)
Microsoft Important Security Update for Microsoft Access 2013 (KB4018351) 32-Bit Edition
Microsoft Important 2018-07 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64 (KB4340556)
Microsoft Important Security Update for Microsoft Access 2013 (KB4018351) 64-Bit Edition
Microsoft Important 2018-07 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Server 2012 R2 for x64 (KB4340006)
Microsoft Important Security Update for Skype for Business 2016 (KB4022221) 32-Bit Edition
Microsoft Important Security Update for Word Viewer (KB4032214)
Microsoft Important Security Update for Skype for Business 2015 (KB4022225) 64-Bit Edition
Microsoft Important 2018-07 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4338818)
Microsoft Important 2018-07 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4338818)
Microsoft Important 2018-07 Security Only Quality Update for Windows 7 for x64-based Systems (KB4338823)
Microsoft Important 2018-07 Security Only Quality Update for Windows 7 for x86-based Systems (KB4338823)
Microsoft Low Security Update for Microsoft Word 2016 (KB4022218) 64-Bit Edition
Microsoft Low Security Update for Microsoft Word 2010 (KB4022202) 64-Bit Edition
Microsoft Low Security Update for Microsoft Office 2010 (KB4022200) 32-Bit Edition
Microsoft Low Security Update for Microsoft Word 2016 (KB4022218) 32-Bit Edition
Microsoft Low Security Update for Microsoft Office 2010 (KB4022200) 64-Bit Edition
Microsoft Low Security Update for Microsoft Word 2010 (KB4022202) 32-Bit Edition
[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” btn_width=”btn_full_width” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE [/dt_default_button]
|

Patch Tuesday? More Like Patch Doomsday

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

August Patch Tuesday Release

Microsoft have released 60 security patches today covering Internet Explorer (IE), Edge, ChakraCore, Windows components, .NET Framework, SQL Server, as well as Microsoft Office and Office Services.

Out of these 60 CVEs, 19 are listed as Critical, 39 are rated Important, one is rated as Moderate, and one is rated as Low in severity.

Critical Adobe Updates

Adobe have also released 11 fixes today including two critical patches for Acrobat and Reader, CVE-2018-12808 is an out-of-bounds write flaw, while CVE-2018-12799 is an untrusted pointer dereference vulnerability.  IT Managers should be pleased as last month’s release included 100 vulnerability fixes.

WannaCry is Back with a Vengeance

Big hitter falls foul of WannaCry this week; Taiwan Semiconductor Manufacturing who are the largest chip supplier to Apple and other smartphone makers were compromised which disrupted global delays of chip shipments. The damage from the infection has caused serious financial revenue damage in Q3, and could have easily been avoided should a patch centric approach been adopted by their IT Managers. Learn more in our Avoiding Patch Doomsday whitepaper.

Windows 10 Feature Update Planning

If you are using Windows 10, version 1703 then you only have 2 months left to upgrade before it falls out of the standard ‘End of Service’ on October 9, 2018. Each Windows 10 version will be serviced with quality updates for up to 18 months from availability. It is important that all quality updates are installed to help keep your device secure.

Robert Brown, Director of Services for Verismic said, “CVE-2018-8373 (Scripting Engine Memory Corruption Vulnerability) & CVE-2018-8414 (Windows Shell Remote Code Execution Vulnerability) are both publicly disclosed and are actively being exploited.

Although these only carry a CVSS score of 4.8 & 6.7 respectively because these vulnerabilities are being actively being used to expose customer networks, these updates should be prioritized by your IT manager this month.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

CVE Title Severity
CVE-2018-8373 Internet Explorer Memory Corruption Vulnerability Critical
CVE-2018-8273 Microsoft SQL Server Remote Code Execution Vulnerability Critical
CVE-2018-8302 Microsoft Exchange Memory Corruption Vulnerability Critical
CVE-2018-8344 Microsoft Graphics Remote Code Execution Vulnerability Critical
CVE-2018-8345 LNK Remote Code Execution Vulnerability Critical
CVE-2018-8350 Windows PDF Remote Code Execution Vulnerability Critical
CVE-2018-8355 Chakra Scripting Engine Memory Corruption Vulnerability Critical
CVE-2018-8359 Scripting Engine Information Disclosure Vulnerability Critical
CVE-2018-8371 Internet Explorer Memory Corruption Vulnerability Critical
CVE-2018-8372 Chakra Scripting Engine Memory Corruption Vulnerability Critical
CVE-2018-8377 Microsoft Edge Memory Corruption Vulnerability Critical
CVE-2018-8380 Chakra Scripting Engine Memory Corruption Vulnerability Critical
CVE-2018-8381 Chakra Scripting Engine Memory Corruption Vulnerability Critical
CVE-2018-8384 Chakra Scripting Engine Memory Corruption Vulnerability Critical
CVE-2018-8385 Scripting Engine Memory Corruption Vulnerability Critical
CVE-2018-8387 Microsoft Edge Memory Corruption Vulnerability Critical
CVE-2018-8390 Scripting Engine Memory Corruption Vulnerability Critical
CVE-2018-8397 GDI+ Remote Code Execution Vulnerability Critical
CVE-2018-8403 Microsoft Browser Memory Corruption Vulnerability Critical
CVE-2018-8414 Windows Shell Remote Code Execution Vulnerability Important
CVE-2018-0952 Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability Important
CVE-2018-8200 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Important
CVE-2018-8204 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Important
CVE-2018-8253 Cortana Elevation of Privilege Vulnerability Important
CVE-2018-8266 Chakra Scripting Engine Memory Corruption Vulnerability Important
CVE-2018-8316 Internet Explorer Remote Code Execution Vulnerability Important
CVE-2018-8339 Windows Installer Elevation of Privilege Vulnerability Important
CVE-2018-8340 ADFS Security Feature Bypass Vulnerability Important
CVE-2018-8341 Windows Kernel Information Disclosure Vulnerability Important
CVE-2018-8342 Windows NDIS Elevation of Privilege Vulnerability Important
CVE-2018-8343 Windows NDIS Elevation of Privilege Vulnerability Important
CVE-2018-8346 LNK Remote Code Execution Vulnerability Important
CVE-2018-8347 Windows Kernel Elevation of Privilege Vulnerability Important
CVE-2018-8348 Windows Kernel Information Disclosure Vulnerability Important
CVE-2018-8349 Microsoft COM for Windows Remote Code Execution Vulnerability Important
CVE-2018-8351 Microsoft Edge Information Disclosure Vulnerability Important
CVE-2018-8353 Scripting Engine Memory Corruption Vulnerability Important
CVE-2018-8357 Internet Explorer Elevation of Privilege Vulnerability Important
CVE-2018-8358 Microsoft Edge Information Disclosure Vulnerability Important
CVE-2018-8360 .NET Framework Information Disclosure Vulnerability Important
CVE-2018-8370 Microsoft Edge Information Disclosure Vulnerability Important
CVE-2018-8375 Microsoft Excel Remote Code Execution Vulnerability Important
CVE-2018-8376 Microsoft PowerPoint Remote Code Execution Vulnerability Important
CVE-2018-8378 Microsoft Office Information Disclosure Vulnerability Important
CVE-2018-8379 Microsoft Excel Remote Code Execution Vulnerability Important
CVE-2018-8382 Microsoft Excel Information Disclosure Vulnerability Important
CVE-2018-8383 Microsoft Edge Spoofing Vulnerability Important
CVE-2018-8389 Internet Explorer Memory Corruption Vulnerability Important
CVE-2018-8394 Windows GDI Information Disclosure Vulnerability Important
CVE-2018-8396 Windows GDI Information Disclosure Vulnerability Important
CVE-2018-8398 Windows GDI Information Disclosure Vulnerability Important
CVE-2018-8399 Win32k Elevation of Privilege Vulnerability Important
CVE-2018-8400 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important
CVE-2018-8401 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important
CVE-2018-8404 Win32k Elevation of Privilege Vulnerability Important
CVE-2018-8405 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important
CVE-2018-8406 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important
CVE-2018-8412 Microsoft (MAU) Office Elevation of Privilege Vulnerability Important
CVE-2018-8374 Microsoft Exchange Elevation of Privilege Vulnerability Moderate
CVE-2018-8388 Microsoft Edge Elevation of Privilege Vulnerability Low
[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” btn_width=”btn_full_width” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
|||

April Patch Tuesday: Don’t Get Burned Twice

By News, Patch TuesdayNo Comments
[vc_single_image image=”24001″ img_size=”full”]

Manage Your Vulnerabilities

As we explored in our Total Meltdown article, some updates actually made Windows 7 less secure in the last round of Microsoft Patch Tuesday. Even worse, some caused significant performance issues on older hardware models. Many industry experts are recommending you disable Windows updates, or delay any other form of patch management in anticipation of another bad batch of updates.

Robert Brown, Director of Services for Verismic said, “We trust our technology and we trust the experts leading our security teams. Design a patch management release process which includes time for the necessary testing before global deployment. Not doing patch management only helps the hackers who are looking to expose your network.”

Adobe Patches Critical Bugs in Flash

Adobe fixed four critical vulnerabilities in its Flash Player and InDesign products as part of its regularly scheduled release. In all, Adobe released 13 patches for products including Adobe Experience Manager, Adobe InDesign CC, Adobe Digital Editions and the Adobe PhoneGap Push Plugin. According to Adobe, None of these updates have active exploits in the wild for any of the issues addressed in these updates.

Ransomware Attackers are Targeting Servers over Desktops

According to Verizon, ransomware was found in 39% of cases involving malware. Experts believe ransomware has become so prevalent due to easy deployment, even for less skilled cybercriminals. The risks and costs associated with conducting an operation are also relatively small for the attacker.

Cybercriminals have increasingly started using ransomware to target mission-critical systems, such as file servers and databases. This causes more damage to the targeted organization compared to only desktop systems getting compromised. According to the latest DBIR, financially-motivated attacks remain the most common and accounted for 76% of breaches analyzed in 2017. Cyber espionage is the second most common type of attack, accounting for 13% of breaches.

Robert Brown, Director of Services for Verismic said, “When we onboard our clients with Syxsense, we focus not only on protecting the desktops, instead focus on a viable patching strategy which includes all endpoints within the business, including servers. Syxsense has industry experts to help clients protect their environment with a proactive approach to Windows, Linux and Mac OS patch management.”

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

Microsoft addressed 65 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, Microsoft SharePoint, and Microsoft Office. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service (DoS) condition. We have chosen a few updates to prioritize this month, this recommendation has been made using evidence from industry experts (including our own) and anticipated business impact.

[vc_single_image image=”24009″ img_size=”full”]
CVE Number Vulnerability Alert CVSS Score Recommended
CVE-2018-1010 Microsoft Windows Embedded OpenType Font Engine Arbitrary Code Execution Vulnerability 8.8 Yes
CVE-2018-1012 Microsoft Windows Embedded OpenType Font Engine Arbitrary Code Execution Vulnerability 8.8 Yes
CVE-2018-1013 Microsoft Windows Embedded OpenType Font Engine Arbitrary Code Execution Vulnerability 8.8 Yes
CVE-2018-1015 Microsoft Windows Embedded OpenType Font Engine Arbitrary Code Execution Vulnerability 8.8 Yes
CVE-2018-1016 Microsoft Windows Embedded OpenType Font Engine Arbitrary Code Execution Vulnerability 8.8 Yes
CVE-2018-0870 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2018-0956 Microsoft Windows HTTP.sys Denial of Service Vulnerability 7.5 Yes
CVE-2018-0981 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2018-0988 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2018-0996 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2018-0997 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2018-1000 Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability 7.5 Yes
CVE-2018-1001 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2018-1018 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2018-1020 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2018-1028 Microsoft Office Graphics Arbitrary Code Execution Vulnerability 7.5 Yes
CVE-2018-0957 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2018-0964 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2018-1003 Microsoft Windows JET Database Engine Arbitrary Code Execution Vulnerability 7.1 Yes
CVE-2018-0963 Microsoft Windows Kernel Elevation of Privilege Vulnerability 7 Yes
CVE-2018-1008 Microsoft Adobe Type Font Driver Privilege Escalation Vulnerability 7 Yes
CVE-2018-1009 Microsoft DirectX Graphics Kernel Subsystem Privilege Escalation Vulnerability 7 Yes
[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” btn_width=”btn_full_width” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
|||

March Patch Tuesday: Is the IoT Spying on You?

By News, Patch TuesdayNo Comments
[vc_single_image image=”23834″ img_size=”full”]

Are you ready for IoT Patching?

Tech firm Hanwha Techwin is racing to fix 13 critical security holes found in its popular line of SmartCam security cameras. The patch rollout is part of public disclosure of the vulnerabilities set for today by researchers who discovered the bugs.

Flaws range from the use of an insecure HTTP communications protocol to weak credentials that could allow an attacker to take control of the camera or even use the device as a springboard to launch attacks within a connected network. The most serious flaws opens an attack vector where an adversary can root the camera and spoof the DNS server addresses specified in the camera’s settings, which could then be used as a launch pad to conduct additional attacks on devices sharing the same local network.

“The problem with current IoT device security is that everyone thinks there is no need to secure IoT devices such as security cameras, secure door locks because they are not traditionally used as access points for breaching company networks. You need to know which IoT devices you have in your network, so you need to start with a security toolset which can tell you (full article here).”

Malware found at 160 Applebee’s Restaurants across North America

RMH Franchise Holdings, which owns and operates more than 160 Applebee’s stores across the U.S., said that it recently discovered malware infecting its point of sale systems (POS). The malware may have enabled hackers to steal certain guests’ names, credit or debit card numbers, expiration dates and card verification codes processed during limited time periods. Upon learning of a potential incident,

RMH told Threatpost it promptly launched an investigation, obtained the help of leading cyber security forensics firms, and reported the matter to law enforcement. RMH said it operates its point-of-sale systems isolated from the broader Applebee’s network, and this notice applies only to RMH-owned Applebee’s restaurants. In a statement, RMH urged customers to monitor their bankcard statements (full article here).

Robert Brown, Director of Services for Verismic said, “Most viruses and malware exploit environments which do not implement a robust patching process rather than a lack of virus protection. It is always easier to prevent an attack than to clean up after a serious outbreak.”

Alexa, what’s so funny?

Amazon acknowledged on Wednesday that some of its Alexa-enabled devices have developed a new skill: creeping out their owners with unexpected and unwarranted bursts of robotic laughter.

“We’re aware of this and working to fix it,” Amazon said.

People began reporting the problem with their “smart” speakers on social media in recent weeks. After the publication of this article, Amazon announced a fix and apparent explanation for the ghostly laughter. The company suggested in an email that the laughs had occurred “in rare circumstances” because the speaker was picking up a “false positive” for the command “Alexa, laugh.”

Find out how many of these devices you have in your network by starting a trial of Syxsense.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

Microsoft addressed 74 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, Microsoft SharePoint, Microsoft Exchange, Microsoft Office, and Microsoft ASP.NET. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service condition.

We have chosen a few updates to prioritize this month, this recommendation has been made using evidence from industry experts (including our own) and anticipated business impact.

[vc_single_image image=”23833″ img_size=”full” alignment=”center”]
CVE ID Alert Description CVSS Score Recommended
CVE-2018-0808 Microsoft ASP.NET Core Denial of Service Vulnerability 7.5 Yes
CVE-2018-0875 Microsoft ASP.NET Core Denial of Service Vulnerability 7.5 Yes
CVE-2018-0889 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2018-0891 Microsoft Edge and Internet Explorer Information Disclosure Vulnerability 7.5 Yes
CVE-2018-0903 Microsoft Access Arbitrary Code Execution Vulnerability 7.5 Yes
CVE-2018-0935 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2018-0868 Microsoft Windows Installer Privilege Escalation Vulnerability 7.4 Yes
CVE-2018-0888 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2018-0886 Microsoft Windows Arbitrary Code Execution Vulnerability 7.1 Yes
CVE-2018-0815 Microsoft Windows Graphics Privilege Escalation Vulnerability 7 Yes
CVE-2018-0816 Microsoft Windows Graphics Privilege Escalation Vulnerability 7 Yes
CVE-2018-0817 Microsoft Windows Graphics Privilege Escalation Vulnerability 7 Yes
CVE-2018-0877 Microsoft Windows Desktop Bridge Privilege Escalation Vulnerability 7 Yes
CVE-2018-0880 Microsoft Windows Desktop Bridge Privilege Escalation Vulnerability 7 Yes
CVE-2018-0881 Microsoft Windows Video Control Privilege Escalation Vulnerability 7 Yes
CVE-2018-0882 Microsoft Windows Desktop Bridge Privilege Escalation Vulnerability 7 Yes
CVE-2018-0977 Microsoft Windows Win32k Privilege Escalation Vulnerability 7 Yes
CVE-2018-0983 Microsoft Windows Storage Services Privilege Escalation Vulnerability 7 Yes
CVE-2018-0885 Microsoft Windows Hyper-V Denial of Service Vulnerability 5.8
CVE-2018-0811 Microsoft Windows Kernel Information Disclosure Vulnerability 5.5
CVE-2018-0813 Microsoft Windows Kernel Information Disclosure Vulnerability 5.5
CVE-2018-0814 Microsoft Windows Kernel Information Disclosure Vulnerability 5.5
CVE-2018-0919 Microsoft Office Information Disclosure Vulnerability 5.5
CVE-2018-0926 Microsoft Windows Kernel Information Disclosure Vulnerability 5.5
CVE-2018-0787 Microsoft ASP.NET Core Privilege Escalation Vulnerability 5.4
CVE-2018-0909 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0910 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0911 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0912 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0913 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0914 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0915 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0916 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0917 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0921 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0923 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0940 Microsoft Exchange Security Bypass Vulnerability 5.4
CVE-2018-0944 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0947 Microsoft SharePoint Privilege Escalation Vulnerability 5.4
CVE-2018-0884 Microsoft Windows Security Feature Bypass Vulnerability 5.3
CVE-2018-0902 Microsoft Windows Kernel Driver Security Feature Bypass Vulnerability 5.3
CVE-2018-0883 Microsoft Windows Shell Arbitrary Code Execution Vulnerability 5
CVE-2018-0894 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0895 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0896 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0897 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0898 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0899 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0900 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0901 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0904 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0907 Microsoft Office Excel Security Bypass Vulnerability 4.4
CVE-2018-0879 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2018-0927 Microsoft Edge and Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2018-0929 Microsoft Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2018-0932 Microsoft Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2018-0939 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2018-0941 Microsoft Exchange Information Disclosure Vulnerability 4.3
CVE-2018-0872 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0873 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0874 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0876 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0893 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0922 Microsoft Office Memory Corruption Vulnerability 4.2
CVE-2018-0925 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0930 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0931 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0933 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0934 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0936 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0937 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0878 Microsoft Windows Remote Assistance Information Disclosure Vulnerability 3.1
CVE-2018-0924 Microsoft Exchange Information Disclosure Vulnerability 3.1
CVE-2018-0942 Microsoft Internet Explorer Security Bypass Vulnerability 3
[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” btn_width=”btn_full_width” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
|||

February Patch Tuesday: Hackers Say Hello

By News, Patch TuesdayNo Comments
[vc_single_image image=”23738″ img_size=”full”]

Telegram Messenger Exploited Again

Back in March 2017 we saw “Secure” WhatsApp and Telegram messenger applications being exploited by the user receiving a seemingly harmless image file which actually hosts malicious HTML code.

This code directs them to a webpage specifically crafted to harvest personal data from the user device and hijack their accounts.

Today it seems that Telegram did not learn their lesson. The application has been exploited again using the same flaw, this time with the aim of distributing malicious software to harness the users device for mining cryptocurrencies.

The 2018 exploit works is by the hacker again sending an image file to be opened by the user which hosts a malicious VB Script. The file would for example be calledphoto_high_re*U+202E*gnp.js.

Note the U+202E part of the name, this is the RLO character which tells Telegram to display the remaining string in reverse hiding the script and keeping the js file extension.

While this exploit primarily targets home users, it is not limited to this audience. Having a capable systems management tool like Syxsense in your environment can help combat these kind of attacks which are becoming more and more frequent.

IoT devices are being targeted by hackers. In the midst of the WannaCry outbreak reports,  a factory was reportedly exploited even though its devices had no direct internet access at the time. The culprit after investigation was found to be a coffee machine with Wi-Fi capability.

James Rowney, Service Manager for Verismic commented: “In this day and age we are seeing more and more convenience devices that are obviously designed to make our lives easier when in fact we are just leaving ourselves open to attack.”

When looking at such appliances, we need to consider the potential fall out if they were to be exploited especially in the workplace. If a coffee machine can take down a factory then anything is possible.

Be vigilant, stay protected and consider a systems management tool with IoT tracking capabilities like Syxsense.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

“January 2018 was one of the worst months for patching I have seen since I joined Verismic” said Verismic Service Manager, James Rowney. “The vast amount of patches released last month left in its wake a sea of bluescreened machines, broken applications and inactive Web browsers. February seems to be following suite which will cause headaches for IT admins.”

2017 saw a similar trend with the headache months being February and November primarily but on the whole it seems that last year was significantly worse than 2016. This does seem to coincide with the change in the way Microsoft handled their patch releases. Let’s hope the rest of this year is more fruitful or it may be worth Microsoft considering going back to their old release strategy.

Microsoft addressed 49 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore and Adobe Flash. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service condition.

We have chosen a few updates to prioritize this month, this recommendation has been made using evidence from industry experts (including our own) and anticipated business impact.

[vc_single_image image=”23735″ img_size=”full” alignment=”center”]
CVE-ID Vendor Name Title CVSS Recommended
CVE-2018-0825 Microsoft Microsoft Windows StructuredQuery Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2018-0844 Microsoft Microsoft Windows Common Log File System Driver Privilege Escalation Vulnerability 7.8 Yes
CVE-2018-0846 Microsoft Microsoft Windows Common Log File System Driver Privilege Escalation Vulnerability 7.8 Yes
CVE-2018-0840 Microsoft Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2018-0847 Microsoft Microsoft Internet Explorer Information Disclosure Vulnerability 7.5 Yes
CVE-2018-0866 Microsoft Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2018-0742 Microsoft Microsoft Windows Kernel Privilege Escalation Vulnerability 7
CVE-2018-0756 Microsoft Microsoft Windows Kernel Privilege Escalation Vulnerability 7
CVE-2018-0809 Microsoft Microsoft Windows Privilege Escalation Vulnerability 7
CVE-2018-0820 Microsoft Microsoft Windows Kernel Privilege Escalation Vulnerability 7
CVE-2018-0823 Microsoft Microsoft Windows Named Pipe File System Privilege Escalation Vulnerability 7
CVE-2018-0826 Microsoft Microsoft Windows Storage Services Privilege Escalation Vulnerability 7
CVE-2018-0842 Microsoft Microsoft Windows Arbitrary Code Execution Vulnerability 6.7
CVE-2018-0828 Microsoft Microsoft Windows Privilege Escalation Vulnerability 6.6
CVE-2018-0831 Microsoft Microsoft Windows Kernel Privilege Escalation Vulnerability 6.6
CVE-2018-0755 Microsoft Microsoft Windows OpenType Font Information Disclosure Vulnerability 5.5
CVE-2018-0760 Microsoft Microsoft Windows OpenType Font Information Disclosure Vulnerability 5.5
CVE-2018-0761 Microsoft Microsoft Windows OpenType Font Information Disclosure Vulnerability 5.5
CVE-2018-0853 Microsoft Microsoft Office Information Disclosure Vulnerability 5.5
CVE-2018-0855 Microsoft Microsoft Windows OpenType Font Information Disclosure Vulnerability 5.5
CVE-2018-0864 Microsoft Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0869 Microsoft Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2018-0821 Microsoft Microsoft Windows AppContainer Privilege Escalation Vulnerability 5.3
CVE-2018-0827 Microsoft Microsoft Windows Security Feature Bypass Vulnerability 5.3
CVE-2018-0833 Microsoft Microsoft Windows SMB Request Processing Denial of Service Vulnerability 4.8
CVE-2018-0757 Microsoft Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0810 Microsoft Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0829 Microsoft Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0830 Microsoft Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0832 Microsoft Microsoft Windows Information Disclosure Vulnerability 4.7
CVE-2018-0843 Microsoft Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2018-0839 Microsoft Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2018-0850 Microsoft Microsoft Outlook Security BypassVulnerability 4.3
CVE-2018-0763 Microsoft Microsoft Edge Information Disclosure Vulnerability 4.2
CVE-2018-0834 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0835 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0836 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0837 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0838 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0841 Microsoft Microsoft Office Memory Corruption Vulnerability 4.2
CVE-2018-0851 Microsoft Microsoft Office Memory Corruption Vulnerability 4.2
CVE-2018-0852 Microsoft Microsoft Outlook Memory Corruption Vulnerability 4.2
CVE-2018-0856 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0857 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0858 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0859 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2018-0860 Microsoft Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” btn_width=”btn_full_width” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START FREE TRIAL[/dt_default_button]
||

December Patch Tuesday: Bad Winter

By News, Patch TuesdayNo Comments
[vc_single_image image=”13259″ img_size=”full”]

On the 12th day of December, Verismic sent to me … Top 10 Breaches of 2017!

Throughout this year we have been breaking some of the worst IT security breaches of 2017, which have impacted millions of users worldwide.  We continue to advise our clients the single most important decision you can make to achieve a level of protection for your organization is to onboard a tool like Syxsense to automate the detection of all devices and to automate a rigorous patching processes.  If you need help, please download our Avoiding Patch Doomsday whitepaper or get in touch.

Here are our top 10 IT security breaches for 2017: 

  1. TeamViewer Exploited.  A new vulnerability within TeamViewer has been making news across the internet. In an official statement by the company, they revealed that a GitHub user discovered a vulnerability in TeamViewer’s set of permissions.
  2. Worldwide Malware Attack: Exploring WannaCry.  WannaCry is the worst malware attack of 2017.  As computer virus outbreaks go, this ransomware attack is being called one of the biggest cyberattacks in history and continues to spread worldwide.
  3. Equifax Hack – Cyberattack.  Criminals gained access to certain files in Equifax’s system from mid-May to July by exploiting a weak point in website software affecting 143 million customers worldwide.
  4. Hyatt Hack: Major Data Breach.  41 of its hotels spread across 13 countries confirmed unauthorized access to payment card information.  Hyatt suffered a similar breach affecting 250 hotels located in 50 countries back in 2015.
  5. HBO – Game of Thrones series stolen.  The recent HBO hack may have exposed up to 1.5 terabytes of data.  This is 7 times what Sony lost in the 2014 cyberattack.
  6. CIA Hacks.  Wikileaks recently published the article “Vault 7: CIA Hacking Tools Revealed.”   This list of compromised software includes Notepad++.  When Notepad++ is launched, the original scilexer.dll is replaced by a modified scilexer.dll built by the CIA.
  7. BadRabbit: Newest Ransomware to Target Corporate Networks.  The outbreak began in Russia, infecting big Russian media outlets, but it has already spread.  Several US and UK firms, with corporate entities in the Ukraine and Russia, have already been infected.
  8. Hidden Cobra: North Korea’s History of Hacking.  Since 2009, Hidden Cobra actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature.
  9. Invasion of the Body Hackers.  On August 29th, the FDA issued an alert regarding Abbott pacemakers.  Formerly known as St. Jude Medical, the Abbott pacemakers have vulnerabilities in their software.
  10. BitPaymer Ransomware Hits NHS.  The hack caused major disruption, leading to thousands of cancelled appointments.

BREAKING NEWS: 1.4 Billion credentials leaked on the Dark Web!

A huge data dump has been found on the dark web containing 1.4 clear text credentials.  At over 41 gigabytes in size, this will take some time to pass through however you can be assured sophisticated programs will be ready soon to exploit software, apps or websites you are using.  Robert Brown, Director of Services at Verismic said, “No matter how complex your passwords are, it is not going to be complex enough if your password is discovered in this data dump.  Two-factor authentication has been around for years, and Syxsense has been using Two-factor since the beginning to protect our customer identity.  Two-factor authentication within Syxsense requires an additional automatically generated password be entered via email or Google Authenticator ensuring no single password gives you full access to the system.  We would highly encourage our clients to leave it enabled as it is enabled by default.”

Companies Plan to Change Third-Party Vendors that Pose Highest Risks!

Global consulting firm Protiviti and the Shared Assessments Program’s annual Vendor Risk Management Benchmark Study finds that a majority (53 percent) of organizations surveyed are likely to exit or change (de-risk) relationships with some vendors due to heightened risk levels.  The study finds that 71 percent of these organizations will likely change their high-risk relationships over the next 12 months.  Robert Brown, Director of Services for Verismic said, “Deployment of Third-party updates to bring them into compliancy is simple if you are using the right systems management toolset & the right approach to deployment of detected updates.”  The full article can be found here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

[vc_single_image image=”10055″ img_size=”180×180 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

December Patch Tuesday Release

Microsoft addressed 32 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, Microsoft Exchange, Microsoft Excel, Microsoft PowerPoint, and Microsoft SharePoint.  The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service condition.  We have chosen a few updates to prioritise this month, this recommendation has been made using evidence from industry experts (including our own), anticipated business impact & most importantly the independent CVSS score for the vulnerability.  The independent CVSS scores used in the table below range from 0 to 10.  Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium, and 0-3.9 are Low.

 

CVE ID Vulnerability Alert CVSS Base Score Recommended
CVE-2017-11886 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11890 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11894 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11895 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11899 Microsoft Windows Security Feature Bypass Vulnerability 7.5 Yes
CVE-2017-11901 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11903 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11907 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11912 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11913 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11919 Microsoft Edge and Internet Explorer Information Disclosure Vulnerability 7.5 Yes
CVE-2017-11930 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11885 Microsoft Windows RRAS Arbitrary Code Execution Vulnerability 6.6 Yes
CVE-2017-11932 Microsoft Exchange Spoofing Vulnerability 5.4 Yes
CVE-2017-11936 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4 Yes
CVE-2017-11887 Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-11906 Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-11927 Microsoft Windows Information Disclosure Vulnerability 4.3
CVE-2017-11934 Microsoft PowerPoint Information Disclosure Vulnerability 4.3
CVE-2017-11888 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11889 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-11893 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11905 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11908 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11909 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11910 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11911 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11914 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11916 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11918 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11935 Microsoft Excel Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11939 Microsoft Office Information Disclosure Vulnerability 3.1
[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”][dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
|

November Patch Tuesday: High-Speed Malware

By News, Patch TuesdayNo Comments
[vc_single_image image=”13170″ img_size=”full”]

Russia Caught On Top

Towards the end of October, we started to see a flow of ransomware attacks from Russia with called Bad Rabbit.

This epidemic has been targeting organizations and consumers, mostly in Russia but there have also been reports of victims in Ukraine and across Europe. Bad Rabbit was the latest in a wave of recent ransomware attacks sweeping across the globe.

This new exploit reiterated the fact that Microsoft patching alone is not sufficient to protect yourself or your infrastructure from these kind of attacks. This particular exploit needs to be exploited manually, a user is “duped” into thinking they are downloading a seemingly innocent Adobe Flash player update from what looks to be a legitimate website. Once activated Bad Rabbit then triggers the EthernalRomance exploit infection vector to spread within corporate networks in the same way as WannaCry and NotPetya.

James Rowney, Service Manager for Verismic said in an email “Patch management in this day and age is paramount, your platform of choice should be able to protect all major Operating Systems and vendor applications. Syxsense supports updates for Microsoft, Linux, Macintosh and long list of third party vendor applications so with CMS you can be assured that you have the ability to protect yourself.”

Malware speeds its way across the UK

Last week closer to home reports started to come in that fake speeding notices have been sent out across the UK which are being used to deliver malware. This new threat to the public is aimed at home users and is sent in the form of an email entitled Notice of Prosecution which claims to have photographic evidence and supplies a link. Clicking on the link will download banking malware to the victim’s device.

Should you receive an email of this kind the first things to look for are any grammatical errors or spelling mistakes, the mails also tend to have ridiculously high speeds recorded, 90mph in a 30mph zone for example.

Should you receive an email of this kind the first things to look for are any grammatical errors or spelling mistakes, the mails also tend to have ridiculously high speeds recorded, 90mph in a 30mph zone for example.

Police have advised people to delete any mails relating to Notice of Prosecution without opening them as all prosecution notices are send to the registered address of the vehicle by post. There was a similar strategy used in December 2016 so it seems the cyber criminals are out to ruin the holidays for some poor victims again this year.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRAIL[/dt_default_button]

[vc_single_image image=”12852″ img_size=”180×180 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

November Microsoft Patch Tuesday Release

Microsoft published its monthly security updates on November 14, 2017, addressing 53 vulnerabilities in Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ASP.NET Core and .NET Core, Chakra Core. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service. Full details of the complete Security Update Guide can be found here.

We have chosen a few updates to prioritise this month, this recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium, and 0-3.9 are Low.

ID Vulnerability Alert CVSS Base Score Recommended
CVE-2017-11876 Microsoft Project Privilege Escalation Vulnerability 8.8 Yes
CVE-2017-11827 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11855 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11856 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11869 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11847 Microsoft Windows Kernel Privilege Escalation Vulnerability 7 Yes
CVE-2017-11770 Microsoft ASP.NET Core Denial Of Service Vulnerability 5.9  
CVE-2017-11788 Microsoft Windows Search Denial of Service Vulnerability 5.9  
CVE-2017-11830 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3  
CVE-2017-11883 Microsoft ASP.NET Core Request Handling Denial Of Service Vulnerability 5.3  
CVE-2017-11831 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7  
CVE-2017-11832 Microsoft Windows Embedded OpenType Font Engine Information Disclosure Vulnerability 4.7  
CVE-2017-11835 Microsoft Windows Embedded OpenType Font Engine Information Disclosure Vulnerability 4.7  
CVE-2017-11842 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7  
CVE-2017-11849 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7  
CVE-2017-11850 Microsoft Windows Graphics Component Information Disclosure Vulnerability 4.7
CVE-2017-11851 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11852 Microsoft Windows Graphics Component Information Disclosure Vulnerability 4.7
CVE-2017-11853 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11880 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11877 Microsoft Excel Security Feature Bypass Vulnerability 4.4
CVE-2017-8700 Microsoft ASP.NET Core Information Disclosure Vulnerability 4.3  
CVE-2017-11791 Microsoft Edge and Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3  
CVE-2017-11803 Microsoft Edge Information Disclosure Vulnerability 4.3  
CVE-2017-11833 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-11834 Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-11844 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-11848 Microsoft Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2017-11872 Microsoft Edge Security Feature Bypass Vulnerability 4.3
CVE-2017-11879 Microsoft ASP.NET Core URL Redirection Vulnerability 4.3
CVE-2017-11836 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11837 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11838 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11839 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11840 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11841 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11843 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11845 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-11846 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11854 Microsoft Word Memory Corruption Vulnerability 4.2
CVE-2017-11858 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11861 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11862 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11863 Microsoft Edge Security Feature Bypass Vulnerability 4.2
CVE-2017-11866 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11870 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11871 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11873 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11874 Microsoft Edge Security Feature Bypass Vulnerability 4.2
CVE-2017-11878 Microsoft Excel Memory Corruption Vulnerability 4.2
CVE-2017-11882 Microsoft Office Memory Corruption Vulnerability 4.2
CVE-2017-11768 Microsoft Windows Media Player Information Disclosure Vulnerability 2.5
[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”][dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]

March Patch Tuesday: Patching Chaos

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

The Eye of the Patch Storm

Two months have passed since the beginning of the year where we saw one of the smallest releases of patch content for the past couple of years, to then having an entire baseline cancelled at the last minute in February.

Some IT managers may have counted their lucky stars for the reduction in their workload so far this year – that is until they see this massive release.

Microsoft have released eighteen updates this month, nine are rated Critical with the remaining rated Important. Last week Microsoft also released 17 KB updates covering Office version 2013 and 2016. Full details of that release can be found here.

Last year we raised our concerns about rolling patches together, and last month only two months since Microsoft adopted this strategy were our concerns realized. Because of a single bad patch, the entire baseline was cancelled. 

Don’t get us wrong, we understand the benefit of rolling content into single cumulative updates, but we also appreciate the level of testing needed to ensure a safe combination of updates when rolling them together. That same level of care should be adopted when deploying updates in your environment to ensure bad updates do not cause business outages.

A school study at the University of Maryland was the first to quantify the near-constant rate of hacker attacks of computers with Internet access—every 39 seconds on average.

[vc_single_image image=”11077″ img_size=”medium”]

Robert Brown, Director of Services said “Perception as to the current threat to a company’s network should not be founded on the content released by vendors such as Microsoft alone. There are multiple perimeters you can secure to protect your assets, but remember to also look at the tool you are using to secure your environment. In the past few weeks, IBM have released over 20 security updates for their premise and cloud based patch management tools, meaning your toolset should have a perimeter of its own.”

According to the SANS Institute, 95 percent of all attacks on enterprise networks start with a successful spear phishing attack. Full details of this article can be found here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Microsoft Updates

We have chosen a few updates to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly, the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

Number

Bulletin ID

Description

Impact

Restart Requirement

Publically Disclosed

Exploited

Severity

CVSS Score

Recommended High Priority

1

MS17-006

Cumulative Security Update for Internet Explorer (4013073)

 

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Remote Code Execution

Yes

Yes

Yes

Critical

8.8

Yes

2

MS17-007

Cumulative Security Update for Microsoft Edge (4013071)

 

This security update resolves vulnerabilities in Microsoft Edge. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Remote Code Execution

Yes

Yes

No

Critical

8.8

Yes

3

MS17-008

Security Update for Windows Hyper-V (4013082)

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

Remote Code Execution

Yes

Yes

No

Critical

8.8

 

4

MS17-009

Security Update for Microsoft Windows PDF Library (4010319)

 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.

Remote Code Execution

Yes

No

No

Critical

8.8

 

5

MS17-010

Security Update for Microsoft Windows SMB Server (4013389)

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

Remote Code Execution

Yes

No

No

Critical

9.8

Yes

6

MS17-011

Security Update for Microsoft Uniscribe (4013076)

 

This security update resolves vulnerabilities in Windows Uniscribe. The most severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Remote Code Execution

Yes

No

No

Critical

7.8

 

7

MS17-012

Security Update for Microsoft Windows (4013078)

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker runs a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server.

Remote Code Execution

Yes

Yes

No

Critical

9.8

Yes

8

MS17-013

Security Update for Microsoft Graphics Component (4013075)

 

This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Remote Code Execution

Yes

No

Yes

Critical

8.4

Yes

9

MS17-014

Security Update for Microsoft Office (4013241)

 

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Remote Code Execution

Maybe

Yes

No

Important

7.8

 

10

MS17-015

Security Update for Microsoft Exchange Server (4013242)

 

This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.

Remote Code Execution

Yes

No

No

Important

5.4

 

11

MS17-016

Security Update for Windows IIS (4013074)

 

This security update resolves a vulnerability in Microsoft Internet Information Services (IIS). The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL which is hosted by an affected Microsoft IIS server. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user’s browser to obtain information from web sessions.

Remote Code Execution

Yes

No

No

Important

6.1

 

12

MS17-017

Security Update for Windows Kernel (4013081)

 

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application.

Elevation of Privilege

Yes

Yes

No

Important

7.8

 

13

MS17-018

Security Update for Windows Kernel-Mode Drivers (4013083)

 

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

Elevation of Privilege

Yes

No

No

Important

7.8

 

14

MS17-019

Security Update for Active Directory Federation Services (4010320)

 

This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.

Information Disclosure

Yes

No

No

Important

4.3

 

15

MS17-020

Security Update for Windows DVD Maker (3208223)

 

This security update resolves an information disclosure vulnerability in Windows DVD Maker. The vulnerability could allow an attacker to obtain information to further compromise a target system.

Information Disclosure

Yes

No

No

Important

2.8

 

16

MS17-021

Security Update for Windows DirectShow (4010318)

 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

Information Disclosure

Yes

No

No

Important

3.3

 

17

MS17-022

Security Update for Microsoft XML Core Services (4010321)

 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.

Information Disclosure

Yes

No

Yes

Important

3.5

 

18

MS17-023

Security Update for Adobe Flash Player (4014329)

 

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

Remote Code Execution

Yes

NA

NA

Critical

 

Yes

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]