Skip to main content
Tag

Microsoft Updates

|

October Patch Tuesday: Silent But Deadly

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Should Third-Party Really Be your Second Priority?

If you have a patching strategy delivering Microsoft updates on a routine basis, you should extend that capacity to include third-party updates.

Just a couple weeks ago, we discovered a massive compromise in one of the world’s largest business and personal computer utilities, “CCleaner” by Piriform.

Version 5.33.6162 was released with injected malicious code which would expose any system to hackers remotely gaining access to that system. To make matters worse, CCleaner does not come with an automatic update capability so remediating these issues requires a toolset which can remotely deploy or patch third-party software. Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12, with a new, uncompromised version of CCleaner being released the same day.

Robert Brown, Director of Services for Verismic said, “Your patch management strategy must include both the operating system and any software or third-party updates to be reassured of your environment’s safety. Deploying only Windows updates is not closing the holes used by hackers in the current wave of ever increasing sophisticated hacks.

Syxsense includes both Microsoft, Linux and the most popular third-party vendors so you can be reassured everything is covered.”

Source: TechPowerUp

[vc_single_image image=”12852″ img_size=”200×200 px”]

What takes 206 days?

Cyberattacks are an increasingly serious risk for organizations, but many executives believe their organization won’t be targeted. They claim their organization is too small to be on the attackers’ radars or that they have nothing worth stealing.

Many cybercriminals are indiscriminate in their attacks and can always find something of interest. However, companies that believe they’re safe may already be penetrated – they just don’t know it yet.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

A study found that US companies took an average of 206 days to detect a data breach. This is an increase on the previous year (201 days) where a survey showed 20 percent of employees showed a lack of awareness for safe social media posting, choosing risky actions such as posting on their personal social media accounts. Data breaches are contained sooner if they’re detected by a staff member when conducting routine assessments of potential vulnerabilities within their organization.

“This is why it is important to have a proactive stance when it comes to patch management,” said Brown. “How long will it take before you realize you have been compromised?”

Ransomware is the fastest growing security threat, yet most companies are unprepared to deal with it, says a new study. Companies and government agencies are overwhelmed by frequent, severe attacks, according to the 2017 Ransomware Report commissioned by Cybersecurity Insiders and conducted by Crowd Research. That illustrates why ransomware damages are expected to hit $6,000,000,000 this year.

[vc_separator]

October Patch Tuesday Release

Microsoft published its monthly security updates on October 10, 2017, addressing 62 vulnerabilities in Windows, Internet Explorer, Edge, and Office. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service. View details of the complete Security Update Guide here.

We have selected the updates to prioritize this month. Our recommendation has been made using evidence from industry experts, anticipated business impact and the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium, and 0-3.9 are Low.

ID Vulnerability Alert CVSS Base Score Recommended
CVE-2017-11779 Microsoft Windows DNSAPI Arbitrary Code Execution Vulnerability 9.8 Yes
CVE-2017-11786 Microsoft Skype for Business Elevation of Privilege Vulnerability 8.3 Yes
CVE-2017-8717 Microsoft Windows JET Database Engine Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-8718 Microsoft Windows JET Database Engine Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-11771 Microsoft Windows Search Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-11781 Microsoft Windows Server Message Block Denial of Service Vulnerability 7.5 Yes
CVE-2017-11819 Microsoft Windows Shell Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11782 Microsoft Windows Server Message Block Privilege Escalation Vulnerability 7.4 Yes
CVE-2017-11783 Microsoft Windows Privilege Escalation Vulnerability 7.4 Yes
CVE-2017-11780 Microsoft Windows Server Message Block Arbitrary Code Execution Vulnerability 7.3 Yes
CVE-2017-8689 Microsoft Windows Kernel-Mode Driver Privilege Escalation Vulnerability 7 Yes
CVE-2017-8694 Microsoft Windows Kernel-Mode Driver Privilege Escalation Vulnerability 7 Yes
CVE-2017-11824 Microsoft Windows Graphics Component Privilege Escalation Vulnerability 7 Yes
CVE-2017-8703 Microsoft Windows Subsystem for Linux Denial of Service Vulnerability 6.8 Yes
CVE-2017-11776 Microsoft Windows Universal Outlook Information Disclosure Vulnerability 6.5 Yes
CVE-2017-11815 Microsoft Windows Server Message Block Information Disclosure Vulnerability 6.4
CVE-2017-11784 Microsoft Windows Kernel Information Disclosure Vulnerability 6.1
CVE-2017-11785 Microsoft Windows Kernel Information Disclosure Vulnerability 6.1
CVE-2017-11772 Microsoft Windows Search Service Information Disclosure Vulnerability 5.9
CVE-2017-11816 Microsoft Windows Graphics Device Interface+ Information Disclosure Vulnerability 5.7
CVE-2017-11829 Microsoft Windows Update Delivery Optimization Privilege Escalation Vulnerability 5.5
CVE-2017-11775 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-11777 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-11820 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-8693 Microsoft Windows Graphics Information Disclosure Vulnerability 5.3
CVE-2017-8715 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3
CVE-2017-11765 Microsoft Windows Kernel Information Disclosure Vulnerability 5.3
CVE-2017-11814 Microsoft Windows Kernel Information Disclosure Vulnerability 5.3
CVE-2017-11823 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3
CVE-2017-11817 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11818 Microsoft Windows Storage Security Feature Bypass Vulnerability 4.5
CVE-2017-11790 Microsoft Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2017-11794 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-8726 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8727 Microsoft Windows Shell Memory Corruption Vulnerability 4.2
CVE-2017-11762 Microsoft Windows Graphics Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11763 Microsoft Windows Graphics Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11769 Microsoft Windows TRIE Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11774 Microsoft Outlook Security Feature Bypass Vulnerability 4.2
CVE-2017-11792 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11793 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11796 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11797 Microsoft ChakraCore Memory Corruption Vulnerability 4.2
CVE-2017-11798 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11799 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11800 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11801 Microsoft ChakraCore Memory Corruption Vulnerability 4.2
CVE-2017-11802 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11804 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11805 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11806 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11807 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11808 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11809 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 4.2
CVE-2017-11810 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11811 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11812 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11813 Microsoft Internet Explorer Memory Corruption Vulnerability 4.2
CVE-2017-11821 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11822 Microsoft Internet Explorer Memory Corruption Vulnerability 4.2
CVE-2017-11825 Microsoft Office Memory Corruption Vulnerability 4.2
CVE-2017-11826 Microsoft Office Memory Corruption Vulnerability 4.2
[vc_separator][dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START FREE SYXSENSE TRIAL[/dt_default_button]
|||

September Patch Tuesday: Escaping the Equi-Hack

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Money Well Spent

Every dollar of fraud to merchants and firms in the retail and financial services sector is estimated to cost $2.66 on average, said a new fraud report.

The LexisNexis Fraud Multiplier estimates the total amount of loss a business incurs, based on chargebacks, fees, interest, merchandise replacement and redistribution.

The study also investigates fraud costs as a percentage of revenues, as reported by survey respondents, to be nearly 2 percent (1.90 percent) across retail, e-commerce, financial services and digital lending businesses. Businesses that sell digital goods and/or conduct transactions primarily through remote channels take an even harder hit to their bottom line at 2.51 percent of revenues.

Robert Brown, Director of Services for Verismic says, “It’s astonishing how much money is being lost because critical systems are not being kept up to date. Updating critical systems is so easy using Syxsense. We recommend starting a trial to see how it can work for you.” Full article can be found here.

As recent as last Wednesday, a U.S. government website was hosting malicious ransomware. It has been wildly speculated that either the site was hacked, or it possibly stores attachments from government officials’ emails and the downloader was archived.

[vc_single_image image=”13032″ img_size=”200×200 px”]

The ransomware had similarities to the Blank Slate spam campaign which earlier this year was spreading Cerber. Emails in that campaign contained only a double-zip archive with the second containing either a malicious JavaScript file or a malicious Microsoft Word document. The emails contain no text, and experts believed then that all of this combined to evade detection.

Researcher Ankit Anubhav of NewSky Security tweeted the discovery Wednesday, and within hours, the malware link was taken down. It’s unknown whether anyone was infected through the site, full article can be found here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Check your Equifax Credit Report and Score Now

Victims of the massive Equifax breach may have to wait days to find out if they were impacted. Americans who either applied for new jobs, loans, or just wanted to check their credit score via Equifax are having a difficult time getting answers as to whether they are part of the breach of 143 million records that occurred Thursday.

Details of how this breach happened is still very unclear, however with companies suffering the same fate over the past year, the root cause is likely to be via a sophisticated cyberattack exposed using vulnerable software or operating systems.

Robert Brown, Director of Services for Verismic says, “We recommend clients download our ‘5 Biggest Patch Mistakes‘ whitepaper.

Microsoft published its monthly security updates on September 12, 2017. Microsoft addressed 81 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, and Microsoft Office. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service. Full details of the complete Security Update Guide can be found here.

Microsoft Updates

We have chosen a few updates to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

ID Vulnerability Alert CVSS Score Recommended
CVE-2017-8686 Microsoft Windows DHCP Server Remote Code Execution Vulnerability 9.8 Yes
CVE-2017-8630 Microsoft Office Memory Corruption Vulnerability 9.6 Yes
CVE-2017-8631 Microsoft Office Memory Corruption Vulnerability 9.6 Yes
CVE-2017-8632 Microsoft Office Memory Corruption Vulnerability 9.6 Yes
CVE-2017-8725 Microsoft Office Publisher Arbitrary Code Execution Vulnerability 9.6 Yes
CVE-2017-9417 Microsoft Windows HoloLens Wireless Network Driver Arbitrary Code Execution Vulnerability 8.8 Yes
CVE-2017-8567 Microsoft Office Arbitrary Code Execution Vulnerability 8.6 Yes
CVE-2017-8744 Microsoft Office Memory Corruption Vulnerability 8.6 Yes
CVE-2017-8682 Microsoft Windows Graphics Component Remote Code Execution Vulnerability 8.4 Yes
CVE-2017-8742 Microsoft PowerPoint Arbitrary Code Execution Vulnerability 8.3 Yes
CVE-2017-8743 Microsoft PowerPoint Arbitrary Code Execution Vulnerability 8.3 Yes
CVE-2017-0161 Microsoft Windows NetBIOS Packet Processing Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-8628 Microsoft Windows Bluetooth Driver Spoofing Vulnerability 8.1 Yes
CVE-2017-8714 Microsoft Windows Remote Desktop Virtual Host Arbitrary Code Execution Vulnerability 7.8 Yes
CVE-2017-8720 Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability 7.8 Yes
CVE-2017-8759 Microsoft .NET Framework Arbitrary Code Execution Vulnerability 7.8 Yes
CVE-2017-8695 Microsoft Windows Uniscribe Component Information Disclosure Vulnerability 7.5 Yes
CVE-2017-8696 Microsoft Windows Uniscribe Component Arbitrary Code Execution Vulnerability 7.5 Yes
CVE-2017-8702 Microsoft Windows Privilege Escalation Vulnerability 7.5 Yes
CVE-2017-8747 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-8749 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-8750 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-8706 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8707 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8711 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8712 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8713 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8675 Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability 7 Yes
CVE-2017-8699 Microsoft Windows Shell Command Arbitrary Code Execution Vulnerability 6.4
CVE-2017-8758 Microsoft Exchange Cross-Site Scripting Vulnerability 6.1
CVE-2017-8677 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8678 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8679 Microsoft Windows Kernel Information Disclosure Vulnerability 5.5
CVE-2017-8680 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8681 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8683 Microsoft Windows Graphics Component Information Disclosure Vulnerability 5.5
CVE-2017-8684 Microsoft Windows Win32k Graphics Component Information Disclosure Vulnerability 5.5
CVE-2017-8685 Microsoft Windows Win32k Graphics Component Information Disclosure Vulnerability 5.5
CVE-2017-8687 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8688 Microsoft Windows Graphics Device Interface Information Disclosure Vulnerability 5.5
CVE-2017-8629 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-8745 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-8704 Microsoft Windows Hyper-V Denial of Service Vulnerability 5.3
CVE-2017-8746 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3
CVE-2017-11761 Microsoft Exchange Information Disclosure Vulnerability 5.3
CVE-2017-8692 Microsoft Windows Uniscribe Component Arbitrary Code Execution Vulnerability 5
CVE-2017-8716 Microsoft Windows Security Feature Bypass Vulnerability 4.9
CVE-2017-8708 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8709 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8719 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8710 Microsoft Windows Kernel Information Disclosure Vulnerability 4.4
CVE-2017-8597 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.3
CVE-2017-8643 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-8648 Microsoft Edge Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-8723 Microsoft Edge Security Bypass Vulnerability 4.3
CVE-2017-8724 Microsoft Edge Spoofing Vulnerability 4.3
CVE-2017-8733 Microsoft Internet Explorer Spoofing Vulnerability 4.3
CVE-2017-8735 Microsoft Edge Spoofing Vulnerability 4.3
CVE-2017-8736 Microsoft Edge and Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2017-8739 Microsoft Edge Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-8649 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8660 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8728 Microsoft Windows PDF Document Processing Arbitrary Code Execution Vulnerability 4.2
CVE-2017-8729 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8731 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8734 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8737 Microsoft Windows PDF Document Processing Arbitrary Code Execution Vulnerability 4.2
CVE-2017-8738 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8740 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8741 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8748 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8751 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8752 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8753 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8754 Microsoft Edge Security Bypass Vulnerability 4.2
CVE-2017-8755 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8756 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8757 Microsoft Edge Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11764 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11766 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8676 Microsoft Windows Graphics Device Interface Information Disclosure Vulnerability 3.3
[vc_separator]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]

March Patch Tuesday: Patching Chaos

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

The Eye of the Patch Storm

Two months have passed since the beginning of the year where we saw one of the smallest releases of patch content for the past couple of years, to then having an entire baseline cancelled at the last minute in February.

Some IT managers may have counted their lucky stars for the reduction in their workload so far this year – that is until they see this massive release.

Microsoft have released eighteen updates this month, nine are rated Critical with the remaining rated Important. Last week Microsoft also released 17 KB updates covering Office version 2013 and 2016. Full details of that release can be found here.

Last year we raised our concerns about rolling patches together, and last month only two months since Microsoft adopted this strategy were our concerns realized. Because of a single bad patch, the entire baseline was cancelled. 

Don’t get us wrong, we understand the benefit of rolling content into single cumulative updates, but we also appreciate the level of testing needed to ensure a safe combination of updates when rolling them together. That same level of care should be adopted when deploying updates in your environment to ensure bad updates do not cause business outages.

A school study at the University of Maryland was the first to quantify the near-constant rate of hacker attacks of computers with Internet access—every 39 seconds on average.

[vc_single_image image=”11077″ img_size=”medium”]

Robert Brown, Director of Services said “Perception as to the current threat to a company’s network should not be founded on the content released by vendors such as Microsoft alone. There are multiple perimeters you can secure to protect your assets, but remember to also look at the tool you are using to secure your environment. In the past few weeks, IBM have released over 20 security updates for their premise and cloud based patch management tools, meaning your toolset should have a perimeter of its own.”

According to the SANS Institute, 95 percent of all attacks on enterprise networks start with a successful spear phishing attack. Full details of this article can be found here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Microsoft Updates

We have chosen a few updates to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly, the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

Number

Bulletin ID

Description

Impact

Restart Requirement

Publically Disclosed

Exploited

Severity

CVSS Score

Recommended High Priority

1

MS17-006

Cumulative Security Update for Internet Explorer (4013073)

 

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Remote Code Execution

Yes

Yes

Yes

Critical

8.8

Yes

2

MS17-007

Cumulative Security Update for Microsoft Edge (4013071)

 

This security update resolves vulnerabilities in Microsoft Edge. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Remote Code Execution

Yes

Yes

No

Critical

8.8

Yes

3

MS17-008

Security Update for Windows Hyper-V (4013082)

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

Remote Code Execution

Yes

Yes

No

Critical

8.8

 

4

MS17-009

Security Update for Microsoft Windows PDF Library (4010319)

 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.

Remote Code Execution

Yes

No

No

Critical

8.8

 

5

MS17-010

Security Update for Microsoft Windows SMB Server (4013389)

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

Remote Code Execution

Yes

No

No

Critical

9.8

Yes

6

MS17-011

Security Update for Microsoft Uniscribe (4013076)

 

This security update resolves vulnerabilities in Windows Uniscribe. The most severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Remote Code Execution

Yes

No

No

Critical

7.8

 

7

MS17-012

Security Update for Microsoft Windows (4013078)

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker runs a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server.

Remote Code Execution

Yes

Yes

No

Critical

9.8

Yes

8

MS17-013

Security Update for Microsoft Graphics Component (4013075)

 

This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Remote Code Execution

Yes

No

Yes

Critical

8.4

Yes

9

MS17-014

Security Update for Microsoft Office (4013241)

 

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Remote Code Execution

Maybe

Yes

No

Important

7.8

 

10

MS17-015

Security Update for Microsoft Exchange Server (4013242)

 

This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.

Remote Code Execution

Yes

No

No

Important

5.4

 

11

MS17-016

Security Update for Windows IIS (4013074)

 

This security update resolves a vulnerability in Microsoft Internet Information Services (IIS). The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL which is hosted by an affected Microsoft IIS server. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user’s browser to obtain information from web sessions.

Remote Code Execution

Yes

No

No

Important

6.1

 

12

MS17-017

Security Update for Windows Kernel (4013081)

 

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application.

Elevation of Privilege

Yes

Yes

No

Important

7.8

 

13

MS17-018

Security Update for Windows Kernel-Mode Drivers (4013083)

 

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

Elevation of Privilege

Yes

No

No

Important

7.8

 

14

MS17-019

Security Update for Active Directory Federation Services (4010320)

 

This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.

Information Disclosure

Yes

No

No

Important

4.3

 

15

MS17-020

Security Update for Windows DVD Maker (3208223)

 

This security update resolves an information disclosure vulnerability in Windows DVD Maker. The vulnerability could allow an attacker to obtain information to further compromise a target system.

Information Disclosure

Yes

No

No

Important

2.8

 

16

MS17-021

Security Update for Windows DirectShow (4010318)

 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

Information Disclosure

Yes

No

No

Important

3.3

 

17

MS17-022

Security Update for Microsoft XML Core Services (4010321)

 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.

Information Disclosure

Yes

No

Yes

Important

3.5

 

18

MS17-023

Security Update for Adobe Flash Player (4014329)

 

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

Remote Code Execution

Yes

NA

NA

Critical

 

Yes

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]

February Patch Tuesday: No Love From Microsoft

By Patch Management, Patch TuesdayNo Comments
[vc_separator]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]

The Best of 2016: Our Year in Review

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Our Year In Review

2016 was a big year for Syxsense. As a company, we are constantly growing, adding new features and always focused on our customers.

IT systems management is frequently changing and it’s crucial to keep up with the latest news, strategies and updates. Every month, we share the latest Microsoft and third-party patches, explaining which to prioritize and how to implement the most effective patch strategy.

With plenty of changes on the way for 2017, be sure to stay on top of patching and IT systems management in the new year. Even when other tasks fill up your to-do-list and seem more important, prioritizing patching is the best New Year’s resolution for any IT manager. Explore the highlights and some of our favorite content from the past year.

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START FREE TRIAL[/dt_default_button]

Patch Tuesday: January Patches Bring February Headaches

By Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

New year, new steer for Microsoft patching professionals

Microsoft has released four bulletins in total of which two are rated Critical and 2 rated Important. Last week, they released 22 KB non-security updates for Office 2013 / 16 and an update for Word Viewer.

Overall, this is a fairly uneventful release for the first month of 2017 with Microsoft seemingly winding down in preparation for the newly launched Security Updates Guide database that will become the monthly patch Tuesday resource as of next month.

This move on the face of things looks like a good idea, but how will this be perceived by businesses that are used to choosing their updates? This new practice changes the way information is referenced and will most certainly cause a headache for IT administrators who will have to rethink their whole patch management procedure.

James Rowney, Service Manager for Verismic said, “When I first read about this last year, I couldn’t believe that Microsoft were taking such a valiant step towards forcing updates. This really feels like Microsoft is taking an intermediary step towards mimicking the Apple approach of just applying a updates / patches without notification. While this approach does seem to work for Apple I am not so sure that Microsoft has an OS stable enough to follow this practice just yet.”

Chrome coming into its own

Google announced at the end of 2016 that they would be marking web pages as unsecure if the page is not served using HTTPS and holds personal data like login details or financial input tables. These changes will only apply from Chrome revision 56 onwards so we can expect to see this take gradual effect as browsers update as opposed to a flick of a switch scenario.

[vc_single_image image=”11077″]

These changes go hand in hand with Google’s plan to encourage its users to adopt secure login methods. There are obvious pitfalls here as HTTPS doesn’t keep certificates or TLS liberties up to date and webmasters could also see negative movement on their Google rankings. However, this is generally a positive step forward.

Google recently announced that they hit a milestone where more than 50% of their desktop pages now load over HTTPS. Further information and the official notification can be referenced here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Microsoft Updates

To help your IT Security Officers, we have chosen one update from this Patch Tuesday to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly the independent CVSS score for the vulnerability.

MS17-003 – Late comer to this month’s releases is this security update to Adobe Flash Player, research indicates that this could have been a Zero Day release later in the week and affects all supported versions of Windows. The urgency to get this out shows the importance of this update, we recommend that this patch is rolled out with high priority at your earliest convenience.

The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

Bulletin ID

Description

Impact

Restart Requirement

Severity

CVSS Score

MS17-001

Security Update for Microsoft Edge (3199709)

This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow an elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited this vulnerability could gain elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges

Elevation of Privilege

Requires restart

Important

6.1

MS17-002

Security Update for Microsoft Office (3214291)

This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Remote Code Execution

May require restart

Critical

7.8

MS17-003

Security Update for Adobe Flash Player (3214628)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016

Remote Code Execution

May require restart

Critical

9.3

MS17-004

Security Update for Local Security Authority Subsystem Service (3216771)

A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system’s LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.

Remote Code Execution

Denial of Service

Important

7.5

2016: The Year of Ransomware

By Patch ManagementNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Rise of the Cybercriminal

Ever watch the end of year “World’s dumbest criminals?” You know the ones: the handsome gentleman caught on camera robbing a convenience store while his sidekick fills out a lottery form complete with name and address.

Unfortunately, cybercriminals aren’t quite so easy to catch. With ransomware incomes hitting almost $1 billion in 2016, what you can expect in 2017 is continued reinvention and more growth in the world of cybercrime.

Kaspersky declared 2016 to be the year of ransomware. This financial malware victimizes users and forces them to pay significant amounts of money to release systems from a locked state. Small businesses faced eight times more ransomware attacks in the third quarter of 2016 than in the same quarter of the prior year. Hardly a day goes by without a new ransomware attack or variant making headlines. Witness just a few of the attacks in 2016:

  • October, San Francisco public transportation ticketing machines and transit stations taken offline.
  • Hollywood Presbyterian Medical Center in Los Angeles had its ambulances diverted and access to medical records, x-rays, and CT scans denied.
  • Madison County, Indiana, suffered a widespread ransomware attack that shut down virtually all county services.
  • In May, The University of Calgary was attacked by a ransomware that locked staff, students and faculty out of their emails.

If anything, cybercriminals are getting smarter. In late December 2016, federal prosecutors charged hackers with insider trading. Using data garnered from the computer systems of U.S. law firms that handle mergers, hackers manipulated the stock market to generate more than $4 million in illegal profits.

Many cyber-attacks could be avoided if IT departments adopted a regular patch-deployment process. What difference can a small patch make? What was once a small crack in defenses transforms into computer crashes, data leaks, and corruption. Zero-day attacks are cyber-attacks against software flaws that are previously unknown.

The wily hacker searches for and ultimately finds an error, a loop hole, made by the programmer. Whether the programmer worked on the Windows operating system, your internet browser, Flash, or the myriad of other programs you rely on every day, coders are bound to make mistakes. Criminals love it. Zero-day loop holes exploit that human error.

[vc_single_image image=”11077″]

Because they rely on known entities like malware signatures or URL reputation, standard organizational defenses like virus protection or firewalls are powerless against zero-day threats.

The cybercriminal leverages the unknown and uses the time between when the loophole is found, and the leak is patched to do as much irreparable damage as possible.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big”]START FREE TRIAL[/dt_default_button][vc_empty_space]

Usually, these types of threats are possible only with some end-user permission, such as clicking OK or downloading a file. In 2016, Adobe announced a bug that affected customers by exploiting a vulnerability in a browser’s Flash plug-in. In this case, infection occurred by simply looking at an infected Web page. Breathing easy because you don’t use Windows? Don’t. Updates are required for OS X and Linux operating systems, too.

Terrifying to think a single employee could click a link, access a website, or download software and expose the entire organization to risk.

Among the predictions for next year from an Intel Security McAfee Labs report are an increase in attempts of dronejackings, more intrusive mobile phone hackings and malware aimed at exploiting the Internet of Things. Hackers will become increasingly adept at bypassing existing corporate defenses, and ransomware remains a top concern. Other threats growing in 2017?

  • Watering hole attacks, laser focused attacks on high valued targets
  • Class action lawsuits against companies that fail to protect customer’s personal data
  • Distributed Denial of Service (DDoS) attacks like the ones that temporarily took down Amazon, Twitter,Netflix and others

In its fourth annual “Data Breach Industry Forecast” white paper, security company Experian says it takes constant vigilance to stay ahead of emerging threats and increasingly sophisticated cybercriminals. “While some tried and true attacks continue to serve as go-to methods for hackers, there are evolving tools and targets that are likely to become front-page news in 2017. Organizations can’t wait until an attack happens to ensure they are protected—they need to look at the signs early on to start preparing for new types of security threats,” the report said.

With the 2017 onslaught of vulnerabilities, you’ll need a wall of defenses – combating attacks on multiple fronts. Patch and keep operating systems, antivirus, browsers, Adobe Flash Player, Quicktime, Java, and other software up-to-date. According to a Barkly study, common security safeguards including email filtering, firewalls, and antivirus aren’t enough to stop cybercriminals. They found 95 percent of ransomware attacks can bypass firewalls, and 100 % bypassed antivirus protection. Be sure to double down on protection in 2017. Are you using an automated patch management system? Do you have an organized method of discovering, evaluating, and deploying software updates?

What’s one guaranteed prediction for 2017? Programmers will keep making small mistakes, and hackers will continue to turn them into big profits. Someone ends up the victim, don’t let it be your business.

Third Party Patch Updates: When the Wild Things Attack

By Patch ManagementNo Comments
[vc_single_image image=”11045″ img_size=”medium”]

Are You Lost in the IT Wild?

If you aren’t patching your third-party vulnerabilities, your business, your assets, your sales, are just that…. vulnerable. Adobe’s Flash has had a tough month.In October we’ve seen two different critical patches released to shore up security holes where attackers can take control of your devices.

“We are aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.”

These zero-day critical flaws aren’t patched by Windows, you have to know about them, find them, download the content, and then install them.

[vc_btn title=”Start A Patch Management Trial” style=”custom” custom_background=”#ff9900″ custom_text=”#ffffff” shape=”square” size=”lg” link=”url:%2Ftrial-sign-up%2F|||”]

Third-Party Updates

10/26/2016 – Updated debugger and standalone versions of Flash Player. These versions contain fixes for critical vulnerabilities identified in Security Bulletin APSB 16-36. The latest versions are 23.0.0.205 (Win & Mac) and 11.2.202.643 (Linux). All users are encouraged to update to these latest versions.

10/3/2016 – Earlier this this Adobe have released a Security Bulletin APSB16-25 to resolve issues with Flash Player on both Windows, OS X and Linux which allows attackers to execute arbitrary code via unspecified vectors.

Exploited  – Critical Patch Releases
Patch Details
Product: Flash Player

FlashPlayer_Plugin_PPAPI_v23.0.0.205

FlashPlayer_ActiveX_v23.0.0.205
FlashPlayer_Plugin_NPAPI_v23.0.0.205

  • These updates resolve memory corruption vulnerabilities that could lead to code execution
  • These updates resolve a memory leak vulnerability
  • These updates resolve type confusion vulnerabilities that could lead to viral code execution
  • These updates resolve use-after-free vulnerabilities that could lead to code execution
  • These updates resolve a security bypass vulnerability that could lead to information disclosure

Don’t miss the latest upgrades

Every month we see a bevy of new third party updates, and are always enhancing our library of supported vendors. Special requests and additions are welcomed. This month’s releases include: 

Patches with Content Updates, Bug fixes and Feature enhancements
Product Category Patch
Chrome Web Browser Chrome_v53.0.2785.143
Skype Online calls Skype_v7.28.101

Skype_v7.29.0.102

iTunes Music Player
Shockwave Media Player Shockwaveplayer_v12.2.5.195
Firefox Web Browser Web browser:  Firefox_v49.0.2
Notepad++ Source code editor Notepadpp_v7.1
CitrixReceiver File access CitrixReceiver_v4.5.0.14155
WinSCP File browser WinSCP_v5.9.2
Wireshark Network protocol analyzer Wireshark_v2.2.1
Foobar Audio player Foobar2000_1.3.12
Evernote Multi device Note pad Evernote_v6.3.3.3502
Glary Utilities PC cleanup Glary_v5.60

Glary_v5.61

MediaMonkey Media Manager MediaMonkey_v4.1.14.1813
Adobe Air AdobeAIR_v23.0.0.257
AIMP Audio Player AIMP_v4.11.1841

AIMP_v4.11.1839

Filezilla FTP Client FileZilla_v3.22.1

 

Specific details available on 3rd Party Patch releases
Patch Details
Product: Adobe Air

AdobeAIR_v23.0.0.257

  • Adobe has released a security update for Adobe AIR SDK and Compiler. This update adds support for secure transmission of runtime analytics for AIR applications on Android. Developers are encouraged to recompile captive runtime bundles after applying this update.
Product: AIMP Player

AIMP_v4.11.1841

AIMP_v4.11.1839

  • Fixed: Playlist – the “add entire folder if one file is sent” option does not work correctly in some cases (regression)
  • Fixed: Playlist – no ability to select few collapsed groups via keyboard
  • Fixed: music library – table – album thumbnails view – playback that invoked via mouse double click always started from the first track in group
  • Fixed: Music Library – small bugs were fixed
  • Fixed: Plugins – API – an error occurs when calculating the hash code for certain images (regression)
Product: Filezilla FTP Client

FileZilla_v3.22.1

  • Bugfixes and minor changes:
  • OS X: Work around a nasty bug in XCode where programs explicitly compiled for older versions of OS X were silently pulling in features exclusive to the new version, resulting in crashes at runtime
  • Fixed a potential crash when using SFTP
Firefox_v49.0.2
iTunes_v12.5.1
  • Apple has released iTunes v12.5.1 for OS X and Windows and the update has brought an all-new Apple Music design which brings greater clarity and simplicity to every aspect of the experience.
Notepadpp_v7.1
  • Fix x64 crash on macro recording
  • Fix x64 crash on new language dialog of UDL
  • Check plugin architecture (32-bit or 64-bit) before loading
  • Enhance Smart Highlighting feature: 1. match case 2. whole word only 3. use find dialog settings for both
  • Fix poor performance of hex XML entities
  • Reshow CallTip text on separator character
  • Skip Auto-Complete self-closing HTML tags (<br>, <base>, <track>… etc)
  • Fix 2 UI issues for RTL layout
  • Fix Folder as Workspace toolbar button inconsistent behavior
  • Add option to skip word completion on numbers (default: ON)
  • Fix bookmarks toggled off’s bug
  • Sort plugin menu by plugin name
  • Installer: Add 64-bit/32-bit old install detection, and old installation removal ability
  • Installer: Ask user for keeping user data during uninstallation
  • Installer: Fix uninstaller bug to not remove themes files from APPDATA
Opera_v40.0.2308.81
  • Fixes for Opera Stable running on Sierra. We have also fixed the backspace which stubbornly navigated back in history even when the address field was focused. And, now it is again possible to seamlessly import Firefox bookmarks
RevoUnistallerFree_v2.0.1

RevoUnistallerPro_v3.1.7

  • Fixed Minor bugs
  • Improved scanning for leftovers
Thunderbird_v45.4.0
  • Display name was truncated if no separating space before email address.
  • Recipient addresses were shown in red despite being inserted from the address book in some circumstances.
  • Additional spaces were inserted when drafts were edited.
  • Mail saved as template copied In-Reply-To and References from original email.
  • Threading broken when editing message draft, due to loss of Message-ID
  • “Apply columns to…” did not honor special folders
WinSCP_v5.9.2
  • Translations completed: Brazilian Portuguese, Finnish, Kabyle and Ukrainian
  • Lots of usability improvements and bug fixes
|

December Patch Tuesday: Patching Through The Snow

By Patch Management, Patch Tuesday, UncategorizedNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Add Some Layers… To Your Security

Grab your hot chocolate and bundle up: it’s time to stay inside and catch up on the latest Microsoft updates. On this day of December, Microsoft sent to us … 12 bulletins. The holiday month has come around again, and like last year Microsoft have delivered 12 more bulletins to keep us safe.

Of the 12 bulletins, 6 are rated Critical and 6 are rated Important. Last week Microsoft also released 31 KB updates covering Office version 2013 and 2016. Full details of that release can be found here.

What do you know about Microsoft’s Enhanced Mitigation Experience Toolkit (EMET)? Microsoft have announced that on 31st July 2018, it will be no longer supported. Why is EMET important? It’s important because it is a freeware security toolkit for Windows.

It provides a unified interface to enable and fine-tune Windows security features. It can be used as an extra layer of defense against malware attacks, after the firewall and before antivirus software.

[vc_single_image image=”11077″]

Robert Brown, Director of Services for Verismic says, “Microsoft have suggested Windows 10 has all the protection it needs and therefore no longer has a need for another layer of security.

Without EMET, customers will have a need greater than ever before to implement a patching policy. Does Windows 10 offer the same level of security? See for yourself here.”

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big”]START FREE TRIAL[/dt_default_button]

Microsoft Updates

This month to help your IT Security Officer we have chosen a few updates from the Microsoft Patch Tuesday to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly the independent CVSS score for the vulnerability.

MS16-144 – This update addresses the vulnerabilities by correcting how Microsoft browser and affected components handle objects in memory, Microsoft browser checks Same Origin Policy for scripts running inside Web Workers and Scripting engines handle objects in memory. As it is publically disclosed and is used by a great number of our customers, we would recommend this be a priority this month.

MS16-145 – An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. As it is publically disclosed and is used by a great number of our customers, we would recommend this be a priority this month.

MS16-146 – This security update addresses the vulnerabilities by correcting how the Windows GDI component handles objects in memory.

]MS16-154 – The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.

The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

Number Bulletin ID Description Impact Restart Requirement Publically Disclosed Exploited Severity CVSS Score
1 MS16-144 Cumulative Security Update for Internet Explorer (3204059)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Remote Code Execution Yes Yes No Critical 9.3
2 MS16-145 Cumulative Security Update for Microsoft Edge (3204062)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

Remote Code Execution Yes Yes No Critical 9.3
3 MS16-146 Security Update for Microsoft Graphics Component (3204066)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Remote Code Execution Yes No No Critical 9.3
4 MS16-147 Security Update for Microsoft Uniscribe (3204063)

This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

 

Remote Code Execution Yes No No Critical 9.3
5 MS16-148 Security Update for Microsoft Office (3204068)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

 

Remote Code Execution Maybe No No Critical 9.3
6 MS16-149 Security Update for Microsoft Windows (3205655)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application.

 

Elevation of Privilege Yes No No Important 6.8
7 MS16-150 Security Update for Secure Kernel Mode (3205642)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a locally-authenticated attacker runs a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL).

 

Elevation of Privilege Yes No No Important 6.8
8 MS16-151 Security Update for Windows Kernel-Mode Drivers (3205651)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

 

Elevation of Privilege Yes No No Important 7.2
9 MS16-152 Security Update for Windows Kernel (3199709)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows kernel improperly handles objects in memory.

 

Information Disclosure Yes No No Important 1.7
10 MS16-153 Security Update for Common Log File System Driver (3207328)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to bypass security measures on the affected system allowing further exploitation.

 

Information Disclosure Yes No No Important 7.2
11 MS16-154 Security Update for Adobe Flash Player (3209498)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

 

Remote Code Execution Yes NA NA Critical NA
12 MS16-155 Security Update for .NET Framework (3205640)

This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.

 

Information Disclosure Yes Yes No Important 2.1

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
|

November Patch Tuesday: From Science Fiction to Fact

By Patch Management, Patch Tuesday, UncategorizedNo Comments
[vc_single_image source=”featured_image”]

Old School Macros Finally Get Blocked

Today Microsoft have released 14 bulletins in total of which 6 are rated Critical and 8 are rated Important. Last week Microsoft also released 25 KB updates covering Office version 2010, 2013 and 2016.

Full details of that release can be found here. A couple months back we observed a trend where new age hackers were using old school techniques to expose a vulnerability in a system and to use that vulnerability to exploit malicious attacks. One of the newest features of Microsoft Office 2016 allows enterprise administrators to block users from running Macros inside Office documents that have originated from the Internet.

It does appear that Microsoft have also witnessed this trend and have made changes in order to protect their customers. We have also just learned that shortly they will be downgrading that functionality to Office 2013 enabling the same security to work in the same way it does in Office 2016. Robert Brown, Director of Services for Verismic says, “It’s great Microsoft are listening to their customers and their concerns.”

Office 2013 still has a massive market share with customers either unwilling or unable to upgrade quickly, offering this safety feature to Office 2013 will enable those customers to plan their upgrades properly and without the immediate urgency.

Microsoft are also adding detections for the BrowserModifier:Win32/Soctuseer rootkit in this month’s security release, helping to lessen interference to your browsing experience. No matter how it attempts to hide, though, most Soctuseer installations and system modifications will be uncovered and removed by the Microsoft Malicious Software Removal Tool (MSRT). We recommend our customers include this security update this within their monthly patching process, especially since it has been reported this month that one in three cyberattacks result in a security breach.

Twitter and Spotify “Dynied”

Shopping and social media sites were hit with a massive DDoS attack last week which caused three of the big names to be taken offline. Well known social media site Twitter and music sharing site Spotify are among the big names affected with many more suffering service disruptions. The focus of this attack was a company called Dyn who provide internet traffic to company websites as a service. It is believed by security analysts that the attack vector used “internet of things” as its way in.

For those not familiar, the internet of things or IoT is a term used to describe any user device which connects to the internet. Today’s IoT can be washing machines, heating controllers, IP CCTV, cars and even wireless baby monitors. Dyn provide a DNS service to large companies and was attacked using millions of devices commonly known as “bots” (unbeknown to the end user) on a “botnet” which were all infected with the “Mirai” malware.

The majority of these attacks originate in Asia and this DDoS was one was one of the largest out of China this year. Miari is a nasty little bug that trawls web for IoT devices with little or no protection and pre-set factory default access credentials. Once discovered, Mairi enlists the devices into its own botnet and proceeds to bombard targets with an overwhelming amount of requests / messages designed to overload the system and bring the website down. Cyber security expert Brian Krebs knows about this kind of attack all too well. A DDoS attack was launched on his site back in September with data overloads reaching 620 gigabits per second at its peak.

[vc_single_image image=”11071″]

James Rowney, Verismic Services Manager, commented “Attacks like these have been written into science fiction horror for decades, this is no longer science fiction, this is science fact. Be extra vigilant with your IT security.”

Set all network connected devices to use secure UserID and passwords, this is the first step to protecting yourself from being exploited in this manner.. If possible try to disconnect or power off devices that are not in use, might save you some electricity too!”

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Microsoft Updates

This month to help your IT Security Officers we have chosen a few updates from the Microsoft Patch Tuesday to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly the independent CVSS score for the vulnerability.

MS16-129 – The update addresses the vulnerabilities by modifying how Microsoft browsers handles objects in memory, changing how the XSS filter in Microsoft browsers handle RegEx, modifying how the Chakra JavaScript scripting engine handles objects in memory and correcting how Microsoft Edge parses HTTP responses. This vulnerability has been publicly disclosed.

MS16-130 – The security update addresses the vulnerabilities by correcting how the Windows Input Method Editor (IME) loads DLLs requiring hardened UNC paths be used in scheduled tasks

MS16-132 – This update is actively being exploited which is why we recommend this be deployed as a priority this month. The security update addresses the vulnerabilities by correcting how the ATMFD component, the Windows Animation Manager, and the Windows Media Foundation handle objects in memory.

MS16-135 – Although this update is only marked as Important, the CVSS score tells us otherwise. It is also publically disclosed and has active exploits. We believe this should also be your priority this month.

The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

Bulletin ID Description Impact Restart Requirement Publically Disclosed Exploited Severity CVSS Score
MS16-129 Cumulative Security Update for Microsoft Edge (3199057)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

Remote Code Execution Yes Yes No Critical 9.3
MS16-130 Security Update for Microsoft Windows (3199172)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application.

Remote Code Execution Yes No No Critical 9.3
MS16-131 Security Update for Microsoft Video Control (3199151)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.

Remote Code Execution Yes No No Critical 9.3
MS16-132 Security Update for Microsoft Graphics Component (3199120)
This security update resolves vulnerabilities in Microsoft Windows. The most severe being of the vulnerabilities could allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user visits a malicious webpage. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
Remote Code Execution Yes No Yes Critical 9.3
MS16-133 Security Update for Microsoft Office (3199168)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Remote Code Execution Maybe No No Important 9.3
MS16-134 Security Update for Common Log File System Driver (3193706)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit these vulnerabilities by running a specially crafted application to take complete control over the affected system. An attacker who successfully exploits this vulnerability could run processes in an elevated context.

 

Elevation of Privilege Yes No No Important 7.2
MS16-135 Security Update for Windows Kernel-Mode Drivers (3199135)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

 

Elevation of Privilege Yes Yes Yes Important 7.2
MS16-136 Security Update for SQL Server (3199641)

This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. The security update addresses these most severe vulnerabilities by correcting how SQL Server handles pointer casting.

 

Elevation of Privilege Maybe No No Important 9.0
MS16-137 Security Update for Windows Authentication Methods (3199173)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials. An attacker who successfully exploited this vulnerability could elevate their permissions from unprivileged user account to administrator. The attacker could then install programs; view, change or delete data; or create new accounts. The attacker could subsequently attempt to elevate by locally executing a specially crafted application designed to manipulate NTLM password change requests.

 

Elevation of Privilege Yes No No Important 7.2
MS16-138 Security Update to Microsoft Virtual Hard Disk Driver (3199647)

This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability.

 

Elevation of Privilege Yes No No Important NA
MS16-139 Security Update for Windows Kernel (3199720)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information. A locally authenticated attacker could attempt to exploit this vulnerability by running a specially crafted application. An attacker can gain access to information not intended to be available to the user by using this method.

 

Elevation of Privilege Yes No No Important 7.2
MS16-140 Security Update for Boot Manager (3193479)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy.

 

Security Feature Bypass Yes No No Important 1.7
MS16-141 Security Update for Adobe Flash Player (3202790)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

 

Remote Code Execution Yes NA NA Critical NA
MS16-142 Cumulative Security Update for Internet Explorer (3198467)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

 

Remote Code Execution Yes Yes No Critical 9.3
[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.