Skip to main content
Tag

Patch Management

Unified Endpoint Management Enters the Mainstream

By BlogNo Comments

Unified Endpoint Management Enters the Mainstream

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Once upon a time, there was anti-virus. Then anti-spam, adware, malware protection, ransomware protection, mobile device protection, and on and on. As new threats appeared, the vendor community came out with a fix.

According to Gartner, the big trend these days is to bring all, or many, of these tools together in one integrated package. Known as Unified Endpoint Management (UEM), Gartner analyst Dan Wilson says UEM is entering the mainstream. It has achieved a market penetration of between 20% and 50%, depending on the vertical and the size of the organization.

“Unified endpoint management (UEM) tools provide agent-based and agentless management of computers and mobile devices through an employee-centric view of endpoint devices running Windows, Google Android and Chrome OS, Apple macOS, iPadOS, and iOS,” said Wilson. “UEM tools apply for data protection, device configuration and usage policies using telemetry from identities, apps, connectivity and devices. They also integrate with identity, security and remote access tools to support zero trust.”

In essence, UEM consolidates a disparate collection of tools to bring greater simplicity to endpoint management. It streamlines a great many manually intensive tasks and processes across multiple devices, platforms, and operating systems. And the field continues to evolve. Beyond unified management of a few tools, it is heading more closely towards complete integration of identity, security and remote access services while beginning to a role in support for zero-trust security initiatives. Further, analytics, machine learning, and Artificial Intelligence (AI) are also gradually being incorporated to further the goals of end-to-end automation of scanning, deployment of agents, software, updates, and patches, and remediation of threats and other issues. This not only reduces IT overhead, it helps to improve the overall employee experience while greatly improving the organizational security profile.

Gartner listed some of the advantages:
• Location-agnostic endpoint management and patching.
• Enabling the anywhere workforce.
• Reduced total cost of ownership (TCO) of managing endpoint devices.
• Simplification of device management and support processes.
• Reduced security risk through support for more device types and OSs
• Enhances policy management.
• Integration with identity, security, and remote access tools.

“IT looks to simplify and streamline endpoint deployment, management and patching to enable provisioning of new devices for remote employees, improve device performance and reliability as well as visibility across the endpoint estate, and reduce security risk,” said Wilson.

Market Evolution
There are signs, though, that the market is evolving yet again. Two distinct branches are appearing.

• UEM tools focused on endpoint management and bringing together a diverse range of tools.
• Unified Endpoint Security to unify multiple security tools under one umbrella.

Syxsense Enterprise takes things a stage further. It unified UEM and UES to create the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints. This represents the future of threat prevention as it brings everything needed for endpoint management and protection onto one console. Breaches can be detected and remediated within a single solution. The Syxsense platform can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.
For more information, visit …

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

6 Simple Rules for Securing Your Endpoints

By Patch ManagementNo Comments

6 Simple Rules for Securing Your Endpoints

It's never been more critical to manage and secure your endpoints. Here are six important rules for protecting your organization from IT security threats.

1. Always Be Patching

Managing software updates—and specifically patching endpoints—secures your organization from known threats. The appearance of new endpoint types—such as Internet of Things (IoT), Bring Your Own Device (BYOD), and other operating system and software vulnerabilities—requires countless patches. Always be patching if you want to stay ahead of the bad actors.

2. Seek Out All Endpoints

Think about your company’s network—how many devices are out there? Is the number of staggering? You had better give it some thought, because endpoints account for the vast majority of security breaches—estimates put the number at about 70 percent. And if you don’t know you have them, you can’t secure them.

3. Stay Current

You must adapt to the increasing complexity of hackers and their cyberattacks. Bad actors never sleep—they continually work to improve their cyberattacks, constantly evolving the threat landscape. Your organization, therefore, must deploy endpoint security solutions that will keep up with the deluge of malware that can be expected in the future.

4. Be Resilient

Experts suggest that companies must aim to be resilient, assuming that breaches are inevitable. Since endpoints are said to account for about 70 percent of all breaches, being able to find and fix an attack at an endpoint while continuing to operate your business effectively is the key to resilience. A threat or breach to an endpoint must not be allowed to demobilize your entire business.

5. Be Strategic

Many organizations have an inconsistent approach to endpoint security. Companies, today, must manage endpoint security strategically and begin to fully comprehend the risks associated with all endpoints. Not doing so can result in inadequacies in processes and procedures leaving endpoints open to attack and breaches.

6. Make It a Priority

Overall, endpoint security and cybersecurity need to become a priority in your organization’s business plans. Endpoint security doesn’t just protect your business—it preserves your reputation, reassures your customers, and streamlines your business processes. Without the necessary prioritization that cybersecurity demands, your endpoint security will most likely fail.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Four Top Endpoint Protection Trends

By BlogNo Comments

Four Top Endpoint Protection Trends

Endpoint protection has always been a vibrant marketplace. From the early days of intense anti-virus competition to the security package wars between McAfee, Symantec, and Trend Micro, this has never been a dull area. And as the security threat horizon continually shifts in unforeseen directions, endpoint protection has stayed in the spotlight.

Endpoint protection now takes in a wide range of tools including anti-malware, spam filtering, endpoint detection and response (EDR), patch management, data loss protection, vulnerability management, mobile threat defense, ransomware protection, and others. Some vendors offer several of these tools inside their packages; others try to provide them all.

Here are four of the top trends in endpoint protection

Smartphone and BYOD Support

The latest endpoint protection tools and platforms now offer much better smartphone and Bring Your Own Device (BYOD) support than they ever did. As a result, BYOD policies have gotten stronger, enabling more efficient and streamlined workflows between mobile and enterprise applications.

Some tools, for example, make it possible to deploy apps and accounts securely to personal devices, as well as give IT some management and enablement features for end users.

Endpoint Management Meets Patch Management

IT managers are so pushed for time and so limited in resources that they don’t have time to move from screen to screen and app to app as they address the different facets of endpoint management. They need automation and efficiency. That’s why it is now possible to find patch management and endpoint protection being combined in Syxsense and other tools.

This is good news for IT. Folding patch management into device management ultimately means better security as endpoint patching no longer remains an area of neglect.

Platforms Converge

This trend of endpoint management being combined with patch management is part of a larger convergence trend within the world of IT management and security. With threats becoming so virulent ransomware forever changing the cybersecurity landscape, and threats becoming increasingly blended, it is not enough to address one area such as endpoint anti-virus or patch management of devices.

Convergence is driving the market and is leading to all-encompassing packages that bring together patch management, vulnerability scanning, remediation of threats, general IT management, and Mobile Device Management (MDM).

Such platforms are particularly needed in light of recent vulnerabilities such as PrintNightmare. To remediate this threat, IT had to conduct a series of unifying actions: patch endpoints and then remediate two separate security misconfigurations before the issue was fully resolved. IT no longer has the time to fiddle with several systems to accomplish such tasks. They want to have one automated system that takes care of all of it.

Convergence to the Nth Degree

If anything, the tendency toward convergence is accelerating. Gartner is struggling to come up with enough acronyms to cover the amount of change and convergence taking place right now. There is Unified Endpoint Management (UEM), Unified Endpoint Security (UES), and some are now coining terms such as Unified Security and Endpoint Management (USEM), which brings together the best of UEM and UES in one package.

This new class of USEM tools offers management of computers and mobile devices through an employee-centric view of endpoint devices running Windows, Google, Android, Chrome OS, Apple macOS, iPadOS, and iOS. They enable IT to apply data protection, device configuration, and usage policies that simplify endpoint management. By consolidating disparate tools and streamlining processes across devices and operating systems, deeper integration and greater protection are achieved while reducing the total cost of ownership (TCO) of endpoint device management and security.

Syxsense Enterprise brings the best of UEM and UES together. It is the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints. This represents the future of threat prevention. Breaches can now be detected and remediated within one endpoint solution. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. Syxsense Enterprise can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

May Patch Tuesday 2022 Addresses 74 Critical Issues

By Patch Management, Patch TuesdayNo Comments

Watch our May Patch Tuesday 2022 webcast for all the details on the most important vulnerabilities of the month.

Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats

There are 7 Rated Critical and 66 are rated Important with the remaining 1 marked as Low.  Microsoft Windows and Windows Components, .NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office and Office Components, Windows Hyper-V, Windows Authentication Methods, BitLocker, Windows Cluster Shared Volume (CSV), Remote Desktop Client, Windows Network File System, NTFS, and Windows Point-to-Point Tunnelling Protocol have all been updated.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “One of the most serious characteristics of a vulnerability is the Scope; which we call the Jump Point.  It suggests that should a hacker expose a specific vulnerability, they would be able to jump from that specific technology and hop into another, which is exactly what they did with the Solar Winds hack.  In this release Microsoft is resolving 11 vulnerabilities which have an exposed Jump Point.”

Top May 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2022-26925: Windows LSA Spoofing Vulnerability

An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.  This security update detects anonymous connection attempts in LSARPC and disallows it.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.1
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-22713: Windows Hyper-V Denial of Service Vulnerability

Successful exploitation of this vulnerability requires an attacker to win a race condition.

Syxscore

  • Vendor Severity: Important
  • CVSS: 5.6
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

3. CVE-2022-26937: Windows Network File System Remote Code Execution Vulnerability

This bug could allow remote, unauthenticated attackers to execute code in the context of the Network File System (NFS) service on affected systems.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: Yes – This vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV2 and NFSV3.

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

Reference Description Vendor Severity CVSS Score Public Aware Weaponised Countermeasure Syxsense Recommended
CVE-2022-26925 Windows LSA Spoofing Vulnerability Important 8.1 Yes Yes No Yes
CVE-2022-29972 Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver Critical N/A Yes No No Yes
CVE-2022-22713 Windows Hyper-V Denial of Service Vulnerability Important 5.6 Yes No No Yes
CVE-2022-26937 Windows Network File System Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2022-22012 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No No Yes
CVE-2022-29130 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No Yes – This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. Yes
CVE-2022-26923 Active Directory Domain Services Elevation of Privilege Vulnerability Critical 8.8 No No Yes – A system is vulnerable only if Active Directory Certificate Services is running on the domain. Yes
CVE-2022-22017 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-29108 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-22019 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-30129 Visual Studio Code Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-26927 Windows Graphics Component Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29133 Windows Kernel Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2022-22013 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-22014 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29128 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29129 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29131 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29137 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29139 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29141 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21978 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2022-26932 Storage Spaces Direct Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2022-21972 Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2022-23270 Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2022-29109 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29110 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29105 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29148 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-26926 Windows Address Book Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29113 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-29115 Windows Fax Service Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29104 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-29132 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-29103 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-26931 Windows Kerberos Elevation of Privilege Vulnerability Critical 7.5 No No No
CVE-2022-23267 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-29117 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-29145 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-26913 Windows Authentication Security Feature Bypass Vulnerability Important 7.4 No No No
CVE-2022-26938 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-26939 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29126 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23279 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29135 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29150 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29151 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29138 Windows Clustered Shared Volume Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29106 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29142 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-22016 Windows Play To Manager Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29125 Windows Push Notifications Apps Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-26940 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29120 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29122 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29123 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29134 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-26934 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29112 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-22015 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-26936 Windows Server Service Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29121 Windows WLAN AutoConfig Service Denial of Service Vulnerability Important 6.5 No No No
CVE-2022-26935 Windows WLAN AutoConfig Service Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29107 Microsoft Office Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2022-29102 Windows Failover Cluster Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-22011 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-26933 Windows NTFS Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29114 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29140 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-26930 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29116 Windows Kernel Information Disclosure Vulnerability Important 4.7 No No No
CVE-2022-29127 BitLocker Security Feature Bypass Vulnerability Important 4.2 No No No
CVE-2022-24466 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.1 No No No
CVE-2022-30130 .NET Framework Denial of Service Vulnerability Low 3.3 No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Start a Free Trial

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

April Patch Tuesday 2022 Addresses Over 120 Security Fixes

By Patch Management, Patch TuesdayNo Comments

April Patch Tuesday 2022 Addresses Over 120 Security Fixes

April Patch Tuesday 2022 has arrived. Tackle the latest Microsoft updates, critical patches, and vulnerabilities of the month.

Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats

There are 10 Rated Critical and 115 patches rated Important with the remaining marked Moderate. This includes:

  • Microsoft Windows and Windows Components
  • Microsoft Defender and Defender for Endpoint
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Exchange Server
  • Office and Office Components
  • SharePoint Server
  • Windows Hyper-V, DNS Server
  • Skype for Business
  • .NET and Visual Studio
  • Windows App Store
  • Windows Print Spooler Components

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month as well.

Robert Brown, Head of Customer Success for Syxsense said, “We have an increase of patches fixed in this release which matches what we had released last year, and is almost twice as many as last month.  There is both a weaponized threat and a Public Aware threat so right away you have updates to prioritize this month.  We also have an increase of Critical updates this month, increasing from 3 last month to 10 this month.”

Top April 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2022-24521: Windows Common Log File System Driver Elevation of Privilege Vulnerability

The vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: Yes
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-26904: Windows User Profile Service Elevation of Privilege Vulnerability

The vulnerability exists due to a race condition in Windows User Profile Service. A local user can exploit the race and escalate privileges on the system.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.0
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

3. CVE-2022-26809: Remote Procedure Call Runtime Remote Code Execution Vulnerability

The vulnerability could allow a remote attacker to executed code at high privileges on an affected system. Since no user interaction is required, these factors combine to make this wormable, at least between machine where RPC can be reached.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

||

March Patch Tuesday 2022 Resolves 71 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

March Patch Tuesday 2022 Resolves 71 Vulnerabilities

March Patch Tuesday 2022 has officially arrived — tackle the latest Microsoft updates and vulnerabilities for this month.

Microsoft Releases 71 Fixes This Month Including 3 Public Aware Threats

There are 3 patches rated Critical and 68 are rated Important.  Microsoft Windows and Windows Components, Azure Site Recovery, Microsoft Defender for Endpoint and IoT, Intune, Edge (Chromium-based), Windows HTML Platforms, Office and Office Components, Skype for Chrome, .NET and Visual Studio, Windows RDP and SMB Server have all been updated.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “Public Aware threats do not often go to Weaponized, but do you want to be the IT Manager who didn’t prioritize these updates? There are very few Critical severity patches this month for the release, but that doesn’t mean some of the Important updates should be ignored.  Your patching strategy should be based on the risk you are prepared to take, and if the risk if too high then deploy those patches.”

 

Top March 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend our customers enter the CVE numbers below into your patch management solution and deploy as soon as possible.

1. CVE-2022-21990: Remote Desktop Client Remote Code Execution Vulnerability

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

This vulnerability is ‘More Likely’ to be used as an entry point as suggested by Microsoft.  Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-24459: Windows Fax and Scan Service Elevation of Privilege Vulnerability

Vulnerabilities details are unknown at this time but an attacker who successfully exploited the vulnerability could run arbitrary code. Keep an eye on this for changes in severity or priority.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

3. CVE-2022-24508: Windows SMBv3 Client/Server Remote Code Execution Vulnerability

The vulnerability allows a remote attacker to execute arbitrary code on the target system and is ‘More Likely’ to be used as an entry point as suggested by Microsoft.  Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Syxscore

  • Vendor Severity: Network
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes – see here

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Countermeasure Syxsense Recommended
CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-21990 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No Yes No Yes
CVE-2022-24459 Windows Fax and Scan Service Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2022-24512 .NET and Visual Studio Remote Code Execution Vulnerability Important 6.3 No Yes No Yes
CVE-2022-24508 Windows SMBv3 Client/Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-23285 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-23294 Windows Event Tracing Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-24469 Azure Site Recovery Elevation of Privilege Vulnerability Important 8.1 No No No Yes
CVE-2022-22006 HEVC Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-24501 VP9 Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-24457 HEIF Image Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-22007 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23301 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24452 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24453 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24456 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23266 Microsoft Defender for IoT Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24461 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24509 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24510 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23282 Paint 3D Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23295 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-23300 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24451 VP9 Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2022-24507 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24455 Windows CD-ROM Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23291 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23293 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23290 Windows Inking COM Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23296 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-23299 Windows PDEV Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24454 Windows Security Support Provider Interface Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-24464 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-24522 Skype Extension for Chrome Information Disclosure Vulnerability Important 7.5 No No No
CVE-2022-24467 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24468 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24470 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24471 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24517 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-24520 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-23265 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2022-23284 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.2 No No No
CVE-2022-21967 Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24460 Tablet Windows User Interface Application Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23283 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23287 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24505 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23286 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23288 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23298 Windows NT OS Kernel Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24525 Windows Update Stack Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-24506 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2022-24515 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2022-24518 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2022-24519 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2020-8927 Brotli Library Buffer Overflow Vulnerability Important 6.5 No No No
CVE-2022-24463 Microsoft Exchange Server Spoofing Vulnerability Important 6.5 No No No
CVE-2022-23253 Point-to-Point Tunnelling Protocol Denial of Service Vulnerability Important 6.5 No No No
CVE-2022-24526 Visual Studio Code Spoofing Vulnerability Important 6.1 No No No
CVE-2022-23278 Microsoft Defender for Endpoint Spoofing Vulnerability Important 5.9 No No No
CVE-2022-24511 Microsoft Office Word Tampering Vulnerability Important 5.5 No No No
CVE-2022-24462 Microsoft Word Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2022-23281 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-21973 Windows Media Center Update Denial of Service Vulnerability Important 5.5 No No No
CVE-2022-23297 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-24503 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 5.4 No No No
CVE-2022-21975 Windows Hyper-V Denial of Service Vulnerability Important 4.7 No No No
CVE-2022-22010 Media Foundation Information Disclosure Vulnerability Important 4.4 No No No
CVE-2022-24502 Windows HTML Platforms Security Feature Bypass Vulnerability Important 4.3 No No No
CVE-2022-21977 Media Foundation Information Disclosure Vulnerability Important 3.3 No No No
CVE-2022-24465 Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability Important 3.3 No No No

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February Patch Tuesday 2021

February Patch Tuesday 2022 Fixes 51 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

February Patch Tuesday 2022 Fixes 51 Vulnerabilities

The second Patch Tuesday of 2022 has arrived — tackle the latest Microsoft updates and vulnerabilities for the month of February.

Microsoft Releases 51 fixes this month including 1 Public Aware threat

here are 50 Important fixes in this release and 1 Moderate.  Microsoft Windows and Windows Components, Azure Data Explorer, Kestrel Web Server, Microsoft Edge (Chromium-based), Windows Codecs Library, Microsoft Dynamics, Microsoft Dynamics GP, Microsoft Office and Office Components, Windows Hyper-V Server, SQL Server, Visual Studio Code, and Microsoft Teams.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “This is the first year we have a Microsoft release which has not consisted of a Critical severity vulnerability rated by the Vendor.  This is the reason it is essential to compare different severity systems instead of relying on a single source of truth, in this case the vendor rated severity.  There are still extremely important vulnerabilities to remediate this month, the lack of a Critical vulnerabilities does not allow you to relax just yet.”

 

Top February 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend our customers enter the CVE numbers below into your patch management solution and deploy as soon as possible.

1. CVE-2022-21989: Windows Kernel Elevation of Privilege Vulnerability

Windows does not properly impose security restrictions in Windows Kernel, which leads to security restrictions bypass and privilege escalation.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponised: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

2. CVE-2022-21984: Windows DNS Server Remote Code Execution Vulnerability

This patch fixes a remote code execution bug in the Microsoft DNS server.  An attacker could completely take over your DNS and execute code with elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: Yes – The server is only affected if dynamic updates are enabled, but this is a relatively common configuration. 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No

3. CVE-2022-21995: Windows Hyper-V Remote Code Execution Vulnerability

This patch fixes a guest-to-host escape in Hyper-V server and successful exploitation of this vulnerability may result in complete compromise of the system.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.9
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Adjacent
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Yes
  • Scope (Jump Point): No

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Title Vendor Severity CVSS Score Countermeasure Publicly Aware Weaponised Highly Recommended
CVE-2022-21989 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Yes No Yes
CVE-2022-21984 Windows DNS Server Remote Code Execution Vulnerability Important 8.8 Yes No No Yes
CVE-2022-22005 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No Yes
CVE-2022-23274 Microsoft Dynamics GP Remote Code Execution Vulnerability Important 8.3 No No Yes
CVE-2022-23256 Azure Data Explorer Spoofing Vulnerability Important 8.1 No No Yes
CVE-2022-23272 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important 8.1 No No Yes
CVE-2022-21991 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability Important 8.1 No No Yes
CVE-2022-21987 Microsoft SharePoint Server Spoofing Vulnerability Important 8 No No Yes
CVE-2022-21995 Windows Hyper-V Remote Code Execution Vulnerability Important 7.9 No No Yes
CVE-2022-21844 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21926 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21927 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-22004 Microsoft Office ClickToRun Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-22003 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21988 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-22715 Named Pipe File System Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21974 Roaming Security Rights Management Services Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-23276 SQL Server for Linux Containers Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22709 VP9 Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21996 Win32k Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21981 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22000 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21994 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21992 Windows Mobile Device Management Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21999 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22718 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22001 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21971 Windows Runtime Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-23263 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 7.7 No No Yes
CVE-2022-21986 .NET Denial of Service Vulnerability Important 7.5 No No
CVE-2022-21965 Microsoft Teams Denial of Service Vulnerability Important 7.5 No No
CVE-2022-21993 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important 7.5 No No
CVE-2022-21957 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Important 7.2 No No
CVE-2022-23273 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important 7.1 No No
CVE-2022-21997 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.1 No No
CVE-2022-22717 Windows Print Spooler Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-23269 Microsoft Dynamics GP Spoofing Vulnerability Important 6.9 No No
CVE-2022-23271 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important 6.5 No No
CVE-2022-23262 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 6.3 No No
CVE-2022-23255 Microsoft OneDrive for Android Security Feature Bypass Vulnerability Important 5.9 No No
CVE-2022-22712 Windows Hyper-V Denial of Service Vulnerability Important 5.6 No No
CVE-2022-22716 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-23252 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-22710 Windows Common Log File System Driver Denial of Service Vulnerability Important 5.5 No No
CVE-2022-21998 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21985 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-22002 Windows User Account Profile Picture Denial of Service Vulnerability Important 5.5 No No
CVE-2022-23280 Microsoft Outlook for Mac Security Feature Bypass Vulnerability Important 5.3 No No
CVE-2022-23261 Microsoft Edge (Chromium-based) Tampering Vulnerability Moderate 5.3 No No
CVE-2022-23254 Microsoft Power BI Elevation of Privilege Vulnerability Important 4.9 No No
CVE-2022-21968 Microsoft SharePoint Server Security Feature Bypass Vulnerability Important 4.3 No No

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

January Patch Tuesday 2022 Fixes 96 Critical Issues

By News, Patch Management, Patch TuesdayNo Comments

January Patch Tuesday 2022 Fixes 96 Critical Issues

With 96 new bugs, Microsoft is kicking off the first Patch Tuesday of 2022 with a bang. There are 8 Critical and 88 Important fixes.

Microsoft Patch Tuesday Released with 96 Fixes

There are 8 Critical (one more than last month) and 88 Important fixes in this release. Updates were included for Microsoft Windows and Windows Components, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop. 

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month. Next month you need to renew for a third ESU if you are still using Windows 7 or 2008 R2.

The first Patch Tuesday of the year has arrived with a bang, and just in time for many of our customers who are ending their change freeze following the New Year holidays.  We do not have any confirmed Weaponized threats to deal with this month so far, however we do have 6 confirmed Public Aware threats which could be weaponized at any minute.”

Syxsense Recommendations

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as possible.

Top January 2022 Patches and Vulnerabilities

1. CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability

The vulnerability exists due to a boundary error within the HTTP Trailer Support feature in HTTP Protocol Stack (http.sys). A remote attacker can send a specially crafted HTTP request to the web server, trigger a buffer overflow and execute arbitrary code on the system. Microsoft recommends prioritizing the patching of affected devices because it is suspected to be wormable.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2022-21849: Windows IKE Extension Remote Code Execution Vulnerability

The vulnerability exists due to insufficient validation of user-supplied input Windows IKE Extension. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack. In an environment where Internet Key Exchange (IKE) version 2 is enabled, a remote attacker could trigger multiple vulnerabilities without being authenticated.

Syxscore

  • Vendor Severity: Important
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

3. CVE-2022-21912: DirectX Graphics Kernel Remote Code Execution Vulnerability

The vulnerability allows a local user to execute arbitrary code on the target system, and successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The authenticated attacker could take advantage of a vulnerability in dxgkrnl.sys to execute an arbitrary pointer dereference in kernel mode. What makes this even worse is an attacker with non-admin credentials can potentially carry out an exploit using this vulnerability.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 7.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month; please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Countermeasure Highest Priority
CVE-2022-21907 HTTP Protocol Stack Remote Code Execution Vulnerability Critical 9.8 No No Yes Yes
CVE-2022-21849 Windows IKE Extension Remote Code Execution Vulnerability Important 9.8 No No No Yes
CVE-2022-21846 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9 No No No Yes
CVE-2022-21855 Microsoft Exchange Server Remote Code Execution Vulnerability Important 9 No No No Yes
CVE-2022-21969 Microsoft Exchange Server Remote Code Execution Vulnerability Important 9 No No No Yes
CVE-2022-21901 Windows Hyper-V Elevation of Privilege Vulnerability Important 9 No No No Yes
CVE-2022-21857 Active Directory Domain Services Elevation of Privilege Vulnerability Critical 8.8 No No No Yes
CVE-2022-21840 Microsoft Office Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-21850 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21851 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21893 Remote Desktop Protocol Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21922 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21920 Windows Kerberos Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2022-21837 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.3 No No No Yes
CVE-2022-21912 DirectX Graphics Kernel Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-21898 DirectX Graphics Kernel Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-21917 HEVC Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-21833 Virtual Machine IDE Drive Elevation of Privilege Vulnerability Critical 7.8 No No No Yes
CVE-2022-21836 Windows Certificate Spoofing Vulnerability Important 7.8 No Yes No Yes
CVE-2022-21874 Windows Security Center API Remote Code Execution Vulnerability Important 7.8 No Yes No Yes
CVE-2022-21919 Windows User Profile Service Elevation of Privilege Vulnerability Important 7 No Yes No Yes
CVE-2022-21884 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21910 Microsoft Cluster Port Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21835 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21841 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21842 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21858 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21916 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21897 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21852 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21902 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21878 Windows Geolocation Service Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21908 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21888 Windows Modern Execution Server Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21885 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21914 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21895 Windows User Profile Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21891 Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability Important 7.6 No No No
CVE-2022-21932 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability Important 7.6 No No No
CVE-2022-21911 .NET Framework Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21904 Windows GDI Information Disclosure Vulnerability Important 7.5 No No No
CVE-2022-21880 Windows GDI+ Information Disclosure Vulnerability Important 7.5 No No No
CVE-2022-21843 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21883 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21848 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21889 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21890 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21839 Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability Important 6.1 No Yes No
CVE-2022-21869 Clipboard User Service Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21865 Connected Devices Platform Service Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21871 Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21870 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21861 Task Flow Data Engine Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21873 Tile Data Repository Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21882 Win32k Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21887 Win32k Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21859 Windows Accounts Control Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21860 Windows App Contracts API Server Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21862 Windows Application Model Core API Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21868 Windows Devices Human Interface Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21896 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21872 Windows Event Tracing Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21903 Windows GDI Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21881 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21867 Windows Push Notifications Apps Elevation Of Privilege Vulnerability Important 7 No No
CVE-2022-21863 Windows State Repository API Server file Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21875 Windows Storage Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21866 Windows System Launcher Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21864 Windows UI Immersive Server API Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21834 Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21892 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21958 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21959 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21960 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21961 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21962 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21918 DirectX Graphics Kernel File Denial of Service Vulnerability Important 6.5 No No
CVE-2022-21915 Windows GDI+ Information Disclosure Vulnerability Important 6.5 No No
CVE-2022-21847 Windows Hyper-V Denial of Service Vulnerability Important 6.5 No No
CVE-2022-21963 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.4 No No
CVE-2022-21928 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.3 No No
CVE-2022-21970 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 6.1 No No
CVE-2022-21964 Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21877 Storage Spaces Controller Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21876 Win32k Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21838 Windows Clean up Manager Elevation of Privilege Vulnerability Important 5.5 No No
CVE-2022-21906 Windows Defender Application Control Security Feature Bypass Vulnerability Important 5.5 No No
CVE-2022-21899 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Important 5.5 No No
CVE-2022-21879 Windows Kernel Elevation of Privilege Vulnerability Important 5.5 No No
CVE-2022-21913 Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass Important 5.3 No No
CVE-2022-21925 Windows Backup Key Remote Protocol Security Feature Bypass Vulnerability Important 5.3 No No
CVE-2022-21924 Workstation Service Remote Protocol Security Feature Bypass Vulnerability Important 5.3 No No
CVE-2022-21900 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.6 No No
CVE-2022-21905 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.6 No No
CVE-2022-21894 Secure Boot Security Feature Bypass Vulnerability Important 4.4 No No
CVE-2022-21921 Windows Defender Credential Guard Security Feature Bypass Vulnerability Important 4.4 No No

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

November Patch Tuesday 2021 Addresses 55 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

November Patch Tuesday 2021 Fixes 55 Flaws

November Patch Tuesday 2021 is officially here. See the latest Microsoft updates, vulnerabilities, and critical patches of the month.

Microsoft Releases November 2021 Patch Tuesday Fixes

There are 6 Critical (double than last month) and 49 Important fixes in this release. Updated were included Microsoft Windows and Windows components, 3D Viewer, Azure, Azure RTOS and Sphere, Microsoft Dynamics, Microsoft Office, and Visual Studio and Visual Studio Code and Windows 11 has its second security patch. 

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.  We are really close to the need to review for a third and final year of ESU if you are still using Windows 7 or 2008.

  1. Windows 7 – 1 Critical and 10 Important fixes
  2. Windows 2008 R2 – 1 Critical and 14 Important fixes

Robert Brown, Head of Customer Success for Syxsense said, “Overall, this year we have seen a massive drop in the number of fixes addressed by the Patch Tuesday security updates. This is most likely down to the extended support of the Windows 10 Feature Updates throughout 2021, however as Microsoft have launched another business operating system that number is likely to rise again.”

Our suggestion would be to choose which Operating System (10 vs. 11) your business will use for 2022 and stick with it. If your company policy is to stick with Windows 10, we recommend implementing such procedures to stop users from accidentally upgrading their device to Windows 11.

Top November 2021 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible. 

1. CVE-2021-3711: OpenSSL: SM2 Decryption Buffer Overflow

A malicious attacker who is able to present SM2 content for decryption to an application could cause the attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behavior or causing the application to crash.

This vulnerability was released before November but has been reviewed and rescored by NVD.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2021-26443: Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability

A remote code execution vulnerability exists when a VM guest fails to properly handle communication on a VMBus channel. To exploit the vulnerability, an authenticated attacker could send a specially crafted communication on the VMBus channel from the guest VM to the Host. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.0
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Changed

3. CVE-2021-38666: Remote Desktop Client Remote Code Execution Vulnerability

An attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system and has been suggested by Microsoft this vulnerability is “More Likely” to be used in an attack.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

CVE Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Countermeasure Highest Priority
CVE-2021-42321 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8.8 Yes No No Yes
CVE-2021-42292 Microsoft Excel Security Feature Bypass Vulnerability Important 7.8 Yes No No Yes
CVE-2021-43208 3D Viewer Remote Code Execution Vulnerability Important 7.8 No Yes No Yes
CVE-2021-43209 3D Viewer Remote Code Execution Vulnerability Important 7.8 No Yes No Yes
CVE-2021-38631 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 4.4 No Yes No Yes
CVE-2021-41371 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 4.4 No Yes No Yes
CVE-2021-3711 OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow Critical 9.8 No No No Yes
CVE-2021-26443 Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability Critical 9 No No No Yes
CVE-2021-38666 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-42316 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Critical 8.7 No No No Yes
CVE-2021-42298 Microsoft Defender Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-42279 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2021-42275 Microsoft COM for Windows Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42283 NTFS Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2021-41366 Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-40442 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-42276 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-42296 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-41367 NTFS Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-41370 NTFS Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-42322 Visual Studio Code Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-42286 Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-36957 Windows Desktop Bridge Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-41377 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-42285 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-41378 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-41372 Power BI Report Server Spoofing Vulnerability Important 7.6 No No No
CVE-2021-42278 Active Directory Domain Services Elevation of Privilege Vulnerability Important 7.5 No No No
CVE-2021-42282 Active Directory Domain Services Elevation of Privilege Vulnerability Important 7.5 No No No
CVE-2021-42287 Active Directory Domain Services Elevation of Privilege Vulnerability Important 7.5 No No No
CVE-2021-42291 Active Directory Domain Services Elevation of Privilege Vulnerability Important 7.5 No No No
CVE-2021-41356 Windows Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-38665 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 7.4 No No No
CVE-2021-42284 Windows Hyper-V Denial of Service Vulnerability Important 6.8 No No No
CVE-2021-42274 Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability Important 6.8 No No No
CVE-2021-41374 Azure Sphere Information Disclosure Vulnerability Important 6.7 No No No
CVE-2021-42302 Azure RTOS Elevation of Privilege Vulnerability Important 6.6 No No No
CVE-2021-42303 Azure RTOS Elevation of Privilege Vulnerability Important 6.6 No No No
CVE-2021-42304 Azure RTOS Elevation of Privilege Vulnerability Important 6.6 No No No
CVE-2021-41349 Microsoft Exchange Server Spoofing Vulnerability Important 6.5 No No No
CVE-2021-42305 Microsoft Exchange Server Spoofing Vulnerability Important 6.5 No No No
CVE-2021-41368 Microsoft Access Remote Code Execution Vulnerability Important 6.1 No No No
CVE-2021-42300 Azure Sphere Tampering Vulnerability Important 6 No No No
CVE-2021-42288 Windows Hello Security Feature Bypass Vulnerability Important 5.7 No No No
CVE-2021-42277 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important 5.5 No No No
CVE-2021-41373 FS Logix Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-42280 Windows Feedback Hub Elevation of Privilege Vulnerability Important 5.5 No No No
CVE-2021-41379 Windows Installer Elevation of Privilege Vulnerability Important 5.5 No No No
CVE-2021-42319 Visual Studio Elevation of Privilege Vulnerability Important 4.7 No No No
CVE-2021-41375 Azure Sphere Information Disclosure Vulnerability Important 4.4 No No No
CVE-2021-41351 Microsoft Edge (Chrome based) Spoofing on IE Mode Important 4.3 No No No
CVE-2021-26444 Azure RTOS Information Disclosure Vulnerability Important 3.3 No No No
CVE-2021-42301 Azure RTOS Information Disclosure Vulnerability Important 3.3 No No No
CVE-2021-42323 Azure RTOS Information Disclosure Vulnerability Important 3.3 No No No
CVE-2021-41376 Azure Sphere Information Disclosure Vulnerability Important 2.3 No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

October Patch Tuesday 2021 Fixes 71 Flaws and Weaponized Threat

By Patch Management, Patch TuesdayNo Comments

October Patch Tuesday 2021 Fixes 71 Flaws and Weaponized Threat

October Patch Tuesday 2021 is officially here. See the latest Microsoft updates, vulnerabilities, and critical patches of the month.

Microsoft Releases October 2021 Patch Tuesday Fixes

There are 3 Critical, 67 Important and a single Low fix in this October Patch Tuesday. Fixes include Microsoft Windows and Windows components, Microsoft Edge, Azure, Office and Office Components, SharePoint Server, Microsoft Windows DNS, and the Windows 11 has its first every security patch.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month, with one currently Weaponized.

  1. Windows 7 – 19 Important vulnerabilities fixed
  2. Windows 2008 R2 – 20 Important vulnerabilities fixed

Robert Brown, Head of Customer Success for Syxsense said, “This may be the first time ever that Microsoft released updates for four end user based operating systems (Windows 7, 8.1, 10 & now 11. Over the next couple of months, we could see an increase in the number of vulnerabilities fixed breaching 100 once again. Should that be the case, careful selection of the most important vulnerabilities to resolve will be extremely important.”

Top October 2021 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible. 

1. CVE-2021-40449: Win32k Elevation of Privilege Vulnerability

A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges. They can achieve this due to a boundary error within the Win32k driver in Microsoft Windows kernel.

This vulnerability was discovered by Kaspersky, therefore one may assume this may be used in the next ransomware attack if not resolved quickly.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: Yes
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2021-41335: Windows Kernel Elevation of Privilege Vulnerability

The vulnerability allows a local user to escalate privileges on the system because Windows does not properly impose security restrictions in Windows Kernel.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

3. CVE-2021-36970: Windows Print Spooler Spoofing Vulnerability

A remote attacker can spoof page content because the Windows Print Spooler incorrectly processes user supplied data. This vulnerability is more likely to be targeted by hackers because of the recent report of printing issues which are ongoing.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): No

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

 

CVE Reference Description Vendor Severity CVSS Score Countermeasure Publicly Aware Weaponised Syxsense Recommended
CVE-2021-40449 Win32k Elevation of Privilege Vulnerability Important 7.8 No No Yes Yes
CVE-2021-41335 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-40469 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No Yes No Yes
CVE-2021-41338 Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability Important 5.5 No Yes No Yes
CVE-2021-38672 Windows Hyper-V Remote Code Execution Vulnerability Critical 8 No No No Yes
CVE-2021-40461 Windows Hyper-V Remote Code Execution Vulnerability Critical 8 No No No Yes
CVE-2021-40486 Microsoft Word Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-26427 Microsoft Exchange Server Remote Code Execution Vulnerability Important 9 No No No Yes
CVE-2021-36970 Windows Print Spooler Spoofing Vulnerability Important 8.8 No No No Yes
CVE-2021-41344 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.1 No No No Yes
CVE-2021-40487 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.1 No No No Yes
CVE-2021-41348 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8 No No No Yes
CVE-2021-40464 Windows Nearby Sharing Elevation of Privilege Vulnerability Important 8 No No No Yes
CVE-2021-40470 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40471 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40473 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40474 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40479 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40485 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40480 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-41330 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40478 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40488 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40489 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-26441 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-41345 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40450 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-41357 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-41347 Windows AppX Deployment Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40443 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40466 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40467 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40477 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-41340 Windows Graphics Component Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-41331 Windows Media Audio Decoder Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40462 Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40465 Windows Text Shaping Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40463 Windows NAT Denial of Service Vulnerability Important 7.7 No No No
CVE-2021-40484 Microsoft SharePoint Server Spoofing Vulnerability Important 7.6 No No No
CVE-2021-34453 Microsoft Exchange Server Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-41352 SCOM Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-40476 Windows AppContainer Elevation Of Privilege Vulnerability Important 7.5 No No No
CVE-2021-36953 Windows TCP/IP Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-40457 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability Important 7.4 No No No
CVE-2021-40481 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.1 No No No
CVE-2021-41334 Windows Desktop Bridge Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-26442 Windows HTTP.sys Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-41342 Windows MSHTML Platform Remote Code Execution Vulnerability Important 6.8 No No No
CVE-2021-41350 Microsoft Exchange Server Spoofing Vulnerability Important 6.5 No No No
CVE-2021-41332 Windows Print Spooler Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-40460 Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability Important 6.5 No No No
CVE-2021-41355 .NET Core and Visual Studio Information Disclosure Vulnerability Important 5.7 No No No
CVE-2021-40472 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-40454 Rich Text Edit Control Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-40468 Windows Bind Filter Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-40475 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-38663 Windows exFAT File System Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-38662 Windows Fast FAT File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-41343 Windows Fast FAT File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-40455 Windows Installer Spoofing Vulnerability Important 5.5 No No No
CVE-2021-41336 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-41361 Active Directory Federation Server Spoofing Vulnerability Important 5.4 No No No
CVE-2021-41353 Microsoft Dynamics 365 Sales Spoofing Vulnerability Important 5.4 No No No
CVE-2021-41346 Console Window Host Security Feature Bypass Vulnerability Important 5.3 No No No
CVE-2021-40482 Microsoft SharePoint Server Information Disclosure Vulnerability Important 5.3 No No No
CVE-2021-40456 Windows AD FS Security Feature Bypass Vulnerability Important 5.3 No No No
CVE-2021-41337 Active Directory Security Feature Bypass Vulnerability Important 4.9 No No No
CVE-2021-41339 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 4.7 No No No
CVE-2021-41363 Intune Management Extension Security Feature Bypass Vulnerability Important 4.2 No No No
CVE-2021-41354 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 4.1 No No No
CVE-2021-40483 Microsoft SharePoint Server Spoofing Vulnerability Low 7.6 No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo