Skip to main content
Tag

Out-Of-Band Update

||

Windows Out-of-Band Update Released to Fix Remote Desktop

By Patch ManagementNo Comments

Windows Out-of-Band Update Released to Fix Remote Desktop

Microsoft has released an emergency security update to fix a Remote Desktop vulnerability in Windows Server running Remote Desktop.

Microsoft Issues Emergency Update for Remote Desktop

Microsoft has released an emergency security update to fix a Remote Desktop vulnerability in Windows Server running Remote Desktop. There is a known issue that might prevent you from using Remote Desktop to reach the server.  In some circumstances, the server might stop responding. The screen might also appear black, and general performance and signing in might be slow.

Rob Brown, Head of Customer Success for Syxsense said, “This is not available via the usual Windows Update or Microsoft update channel / Windows Update for Business or Windows Server Update Service (WSUS), which can make resolving this vulnerability more difficult unless you are using a solution like Syxsense. Alternatively, you may download this patch manually via the Microsoft Catalogue.”

Windows Out-of-Band Updates

For instructions on how to install this update for your operating system, see the KB for your OS listed below:

As always we recommend full testing be performed prior to live deployment to your device, these are now available within the Syxsense Console.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Windows Out-of-Band Update Released to Fix Kerberos

By Patch ManagementNo Comments

Windows Out-of-Band Update Released to Fix Kerberos

Microsoft has released an emergency security update to fix a Kerberos OOB vulnerability in Windows.

Microsoft Issues Emergency Update for Kerberos

Microsoft has released an emergency security update to fix a Kerberos OOB vulnerability in Windows Server running Domain Controller services.  Anyone impacted by this vulnerability will not be able to sign into services or applications using the affected DC, whether this was Premise or Cloud.  This also impacts anyone using SSO.

Rob Brown, Head of Customer Success for Syxsense said, “This vulnerability is impacting all Windows Server OS from 2008 through to 2019 and should be a particular concern as this was identified by a very well-known Antivirus partner. Therefore, the assumption is to believe this was being used in malware, other ransomware attacks, or full loss of service if exploited.”

Windows Out-of-Band Updates

As always we recommend full testing be performed prior to live deployment to your device, these are now available within Syxsense.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Windows Out-of-Band Update Released to Fix PrintNightmare Vulnerability

By Blog, Patch ManagementNo Comments

Windows Out-of-Band Update Released to Fix PrintNightmare Vulnerability

Microsoft released an emergency update to fix the Weaponized PrintNightmare zero-day vulnerability in the Windows Print Spooler service.

Microsoft Releases Emergency Patch for PrintNightmare Flaw

Microsoft has released an emergency security update to fix the Weaponized PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all versions of Windows, including Windows 7 and Windows Server 2008 R2.

Improper input validation within the RpcAddPrinterDriverEx() function allows this vulnerability to be weaponized, as has been confirmed by Microsoft. A remote user can send a specially-crafted request to the Windows Print Spooler and execute arbitrary code with SYSTEM privileges.

Syxscore Risk Alert

  1. Vendor Severity: Critical
  2. CVSS Severity: 9.9 (Critical)
  3. Attack Vector: Network
  4. Attack Complexity: Low
  5. Privileges Required: Low
  6. User Interaction: None
  7. Scope (Jump Point): Yes

“This is one of the highest priorities of the year to date,” said Rob Brown, Head of Customer Success for Syxsense. “Not only does this impact almost every single operating system by Microsoft, if this is weaponized within your environment, there is the real possibility of those hackers jumping into another technology or applications within your network. Microsoft have also taken the rare step of releasing this update for Windows 7 even if you do not have an ESU extended license.”

How Syxsense Can Help

As always, we recommend full testing be performed prior to live deployment to your device. These are now available within the Syxsense Console.

Syxsense provides that first line of defense against vulnerabilities by automating the patching of all systems. Experience the power of IT managementpatch management, and security vulnerability scanning in one powerful solution.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Windows 10 Out-of-Band Update Released to Fix PDF Issue

By News, Patch ManagementNo Comments

Windows 10 Out-of-Band Update Released to Fix PDF Issue

Microsoft has released KB5004760, marked as an optional non-security Windows 10 update that includes quality improvements out of band to fix issues opening PDF documents.

Emergency Windows 10 Update Fixes PDF-Breaking Bugs

Microsoft has released KB5004760, marked as an optional non-security Windows 10 update that includes quality improvements out of band to fix issues opening PDF documents.

This bug may prevent you from opening PDFs using Internet Explorer 11 or apps that use the 64-bit version of the WebBrowser control. Additionally, a PDF might render as just a gray background when using the Adobe Acrobat plug-in.

At present this update is not available via Windows Update or Windows Update for Business.

Affected Platforms

  • Windows 10 servicing stack update – 19041.1081, 19042.1081, and 19043.1081
  • Windows 10, version 21H1
  • Windows 10, version 20H2
  • Windows 10, version 2004

How Syxsense Can Help

As always, we recommend full testing be performed prior to live deployment to your device. These are now available within your Syxsense Console.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Microsoft Releases Out-of-Band Updates for Windows 10

By News, Patch Management, Patch TuesdayOne Comment

Microsoft Releases Out-of-Band Updates for Windows 10

Microsoft has released out-of-band updates which should be deployed to resolve last week's Blue-Screen-of-Death (BSOD) issues.

Microsoft Issues Updates to Fix Widespread Blue Screen of Death

Last week, Microsoft released their March Patch Tuesday updates to fix 89 security bugs.

Within those updates were several fixes for printers which have caused widespread Blue Screen of Death (BSOD). These have since been recalled.

Those problematic patches include:

  1. KB5000802 Windows 10, version 2004 and 20H2
  2. KB5000808 Windows 10, version 1909
  3. KB5000822 Windows 10, version 1809

KB5000808 Still Offered by Windows Update

Microsoft admitted to the issues and have since released a solution for the problematic update KB500080, replacing it with KB5001566.  Although Microsoft removed this bad patch from SCCM and WSUS, users are still able to download it as part of Windows Update.

To make matters worse, the original problematic update is seen as a ‘Critical’ severity update. It is offered as an automatic install, but the patch released to solve this major printing issue has been released to Windows Update as an ‘Optional’ update. Depending on your settings, this may not update at all.

Out-of-Band Updates

Microsoft released the following out-of-band updates:

  1. KB5001567 Windows 10 Version 2004 and 20H2
  2. KB5001566 Windows 10 Version 1909
  3. KB5001568 Windows 10 Version 1809 (Enterprise/Education/LTSC)
  4. KB5001565 Windows 10 Version 1803 (Enterprise/Education)

How Syxsense Can Help

Syxsense remains committed to assisting customers who have been effected by this BSOD disruption. We have left the uninstaller within the Syxsense Secure console so these updates can be uninstalled.

However until Microsoft addresses the issues above, the content will not be available for public deployment.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Windows Kerberos Bug Fixed in November Out-of-Band Update

By Patch ManagementNo Comments

Windows Kerberos Bug Fixed in November Out-of-Band Update

Microsoft has fixed a bug for a bypass vulnerability in the Kerberos Key Distribution Center (KDC) security feature.

Kerberos Authentication Bug

A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).  The update known as CVE-2020-17049  addresses this vulnerability by changing how the KDC validates service tickets used with KCD.

Once deployment of the patch has been made, the following manual steps are then available to fully resolve the vulnerability:

Post-Patch Action

Registry subkey HKEY_LOCAL_MACHINESystemCurrentControlSetServicesKdc

Reboot required: No

Value: PerformTicketSignature

Data type: REG_DWORD

  • 0 – This disables ticket signatures and your domains are not protected. Important Do not use this setting until further notice. There is a known issue that could cause the S4USelf feature of Kerberos to become non-functional.
  • 1 – The fix is enabled on the domain controller but the DC does not require that tickets conform to the fix.
  • 2 – This enables the fix in required mode where all domains must be patched and all DCs require tickets with signatures.

Microsoft does not recommend using the 0 setting due to known issues with the S4USelf feature of Kerberos.

How does this patch affect third-party Kerberos clients?

When the registry key is set to 1, patched domain controllers will issue service tickets and Ticket-Granting Tickets (TGT)s that are not renewable and will refuse to renew existing service tickets and TGTs. Windows clients are not impacted by this since they never renew service tickets or TGTs.

Third-party Kerberos clients may fail to renew service tickets or TGTs acquired from unpatched DCs. If all DCs are patched with the registry set to 1, third-party clients will no longer receive renewable tickets.

Customers using Syxsense Manage or Syxsense Secure will be able to find this patch by searching for CVE-2020-17049.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo