Skip to main content
Tag

Patch Management

May 2023 3rd Party Roundup Webinar

By Patch Management, Patch Tuesday, Video, WebinarsNo Comments

Don’t miss out on May’s powerful Patch Management Update.

Fill out the form to the right to watch as we dive into May’s bulletins and show you strategies for tackling the latest and most important Patch updates. Our IT industry expert, Jon Cassell, Syxsense’s Senior Solutions Architect, covers all of the latest updates.

Syxsense spots critical threats early and deploys instantly, with curated patch content that includes risk assessment, patch prioritization, and dedicated Patch scheduling for simple deployment every month.

Our experts have deployed over 100 million patches. Join us as we tackle this month’s updates and then get your own customized demo to see how Syxsense can help you manage Patch vulnerabilities and more.

Watch the Webinar

Jon_Cassell

Hosted By: Jon Cassell, Syxsense Senior Solutions Architect

Jon is currently Senior Solutions Architect at Syxsense and has been working in the IT and Infrastructure industries for the last 15 years. Before working at Syxsense, he was an IT Manager for a large financial services firm and has a background in Accounting and Tax consultation. He currently holds an MCSA in Server Infrastructure, A+, Network+, Security+, and Server+ certifications.

May Spotlight Webinar: Deploying Real Time Device Attestation and Configuration Compliance with Syxsense Cortex

By Spotlight Webinar, Video, WebinarsNo Comments

The Syxsense Spotlight Webinar Series is dedicated to teaching the fundamentals of cybersecurity.

In May’s class Syxsense’s Pre-Sales Manager, Graham Brooks, demonstrates how to deploy and manage device trust using Syxsense Cortex.

Webinar on Demand

Graham Brooks

Hosted by: Graham Brooks, Syxsense Pre-Sales Manager

Graham is currently a Pre-Sales Manager at Syxsense and has been working in the IT and Security industries for the last 7 years. Before working at Syxsense he was an IT Analyst for a major DOE and DOD Security manufacturing company. He currently holds the RHCSA and Security Plus certifications.

Microsoft Patch Tuesday Update | May 2023

By Patch Management, Patch Tuesday, Video, WebinarsNo Comments

Watch May’s Microsoft Patch Tuesday Forecast On Demand

Dive into this month’s bulletins and strategies for tackling the latest and most important Patch Tuesday updates.  Syxsense’s Chief Customer Success Officer, Rob Brown, covers all of the latest updates live.

Watch the Webinar

syxsense - patch management, cybersecurity, mobile device management, security scanning, remediation

Hosted by Rob Brown, Chief Customer Success Officer

During his 17 years at Syxsense, Rob’s role has evolved from onsite technical consultant through providing solutions around Patch Management, Vulnerability Management and Security Best Practices. His team have deployed over 100M patches to our global customers over the last decade.

syxsense - patch management, cybersecurity, mobile device management, security scanning, remediation

Why Combine Vulnerability Management, Patch Management, Zero Trust, and Mobile Device Management?

By Blog

IT and security management have so many facets and nuances that most organizations are running dozens of different cybersecurity applications and tools. To stay on top of things, IT hops from console to console to manage device enrollment, patches, and anti-virus and firewall rules. Meanwhile, cybersecurity teams are monitoring Security Information and Event Management (SIEM) logs, scanning for vulnerabilities, and trying to manage cyber risk.

Now, factor in enterprise digital transformation and remote work, as well as the rise of ransomware and security initiatives such as zero trust. IT and security teams are being asked to deploy yet another tool for mobile device management (MDM), a ransomware protection package, or one or more applications that promise to deliver zero trust.

While some believe this complexity can help their security posture, the unlikely truth is that it creates a greater attack surface. It actually makes more sense to simplify your business environment and IT infrastructure by leveraging a platform or product that unifies multiple applications.

Here are some of the top reasons why it is best to combine vulnerability scanning, patch management, zero trust, and MDM in one comprehensive package.

1. Single Console

The combination of patch management, vulnerability scanning, and MDM saves IT and security teams so much time and energy, as personnel can view everything in the same tool versus downloading data into a spreadsheet to send to another department to review and/or correct and so on. Instead of moving to one tool to deal with vulnerability scanning, another to address patches, and yet another to manage mobile devices, having everything in one unified product speeds time-to-detect and time-to-remediate. Security weaknesses such as open ports, disabled firewalls, ineffective user account policies, and out-of-date patches are easier to spot and fix.

2. Eliminate the Need for Scripting

The patch management and vulnerability management lifecycle involves a lot of tedious, repetitive tasks. It can be time-consuming to access a series of logs on different systems to zero in on potential problems. Once the issues are isolated, fixing them is also manual, and many times requires IT to know how to code to develop scripts to support operational processes. In the case of the patching of a virtual server, IT might have to take care of different tasks such as patching a VM, rebooting, patching the host then another reboot. The number of scripts needed to automate some of these tasks takes time to build, while other vulnerabilities go unaddressed. Scripting must be replaced by drag-and-drop tools.

3. Automation

With a unified device management and security platform, automation can be used to streamline workflows. Instead of a series of manual tasks across different products, automation makes it possible to: “set and forget” processes such as scanning endpoints to see which patches are missing and sending the right patches to the right devices; detect the presence of mobile devices that return to the office to quarantine them, check them for compliance, and remediate any issues before allowing them to connect to the corporate network; scan for and apply mitigations to vulnerabilities, including updating configurations if there are no updates available; and more.

4. Compliance and Reporting

Most endpoint management and security reports list endless risks or issues, without differentiating the most urgent threats adequately. On top of that, most compliance reports are outdated because they report on a recent, but not necessarily current, state of the enterprise. Accurate, targeted compliance reports play a vital role in ensuring an organization is meeting industry security requirements and regulations, such as HIPAA, SOX, and PCI DSS. With real-time data connections to endpoints, a single unified product that can report on the current state of patches and vulnerabilities across an organization is a must have for compliance and audit purposes.

5. Reaching Zero Trust

The concept of zero trust is a cybersecurity strategy that assumes all access is unsecure. Just because they were once configured to be trusted does not mean that they should still be trusted. That means all user accounts and devices are seen as likely compromised. A zero trust approach, then, requires that users and devices prove that they are up to date and secure before they are given access to the systems they need. While many technology providers are offering zero trust products, a key element of implementation must be the ability to evaluate and compare if a device has a trusted profile – that is, does it have up to date patches; does it have the latest antivirus signatures; etc. – and what can be done to bring the device into a trusted state. With a unified security and endpoint management platform, this trust evaluation can be easier to implement because the data and information is all captured in a single product.

Syxsense Simplifies IT and Security Operations

For those looking for a unified security and endpoint management product, Syxsense can help you. As the only cloud-native, unified security and endpoint management (USEM) solution on the market, it provides enterprises with all the capabilities needed for automated patch management, vulnerability scanning and remediation, mobile device management, and more. With a zero trust evaluation engine, enterprises can easily build trusted profiles based on policies and evaluate endpoints in real-time to determine if the endpoints should be given access to corporate networks and applications.

May 2023 Patch Tuesday Updates

May Patch Tuesday 2023 Microsoft releases 38 fixes this month including 7 Critical and 1 Weaponised Threat

By Blog, Patch Management, Patch TuesdayNo Comments

Microsoft releases 38 fixes this month including 7 Critical and 1 Weaponised Threat

There are 7 Critical and 31 Important fixes this month.  Microsoft Windows, Windows Components, Office and Office Components, SharePoint Server, Visual Studio, SysInternals and Microsoft Teams have all received fixes this month.  This is by far the smallest release from Microsoft for over 18 months.
Robert Brown, Head of Customer Success for Syxsense said, “We have 2 patches that resolve vulnerabilities which have a CVSS score of more than 9 (Critical) and if you count all the individual CVSS scores together, May has a combined CVSS score of 275.3 down from 722.4 last month.  One may assume that updates have not passed internal QA assurances so all IT experts should be wary and expect OOB (Out of Band) updates before the next scheduled Patch Tuesday release.”
Based on the Vendor Severity & CVSS Score, we have made a few recommendations below.  As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.
CVE-2023-29336 – Win32k Elevation of Privilege Vulnerability
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Note:  The vulnerability is being Weaponised
Syxscore
  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponised: Yes
  • Public Aware: No
  • Countermeasure: No
Syxscore Risk
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No
CVE-2023-29325 – Windows OLE Remote Code Execution Vulnerability
In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim’s Outlook application displaying a preview of a specially crafted email . This could result in the attacker executing remote code on the victim’s machine.
Note:  The vulnerability is Publicly Aware
Syxscore
  • Vendor Severity: Critical
  • CVSS: 8.1
  • Weaponised: No
  • Public Aware: Yes
  • Countermeasure: No
Syxscore Risk
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No
CVE-2023-24941 – Windows Network File System Remote Code Execution Vulnerability
This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).
Note:  The vulnerability is More Likely to be Exploited
Syxscore
  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponised: No
  • Public Aware: Yes
  • Countermeasure: No
Syxscore Risk
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No
Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Impact Countermeasure Exploitability Assessment Additional Details
CVE-2023-29336 Win32k Elevation of Privilege Vulnerability Important 7.8 Yes No Elevation of Privilege Exploitation Detected An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-29325 Windows OLE Remote Code Execution Vulnerability Critical 8.1 No Yes Remote Code Execution Exploitation More Likely
CVE-2023-24932 Secure Boot Security Feature Bypass Vulnerability Important 6.7 No Yes Security Feature Bypass Exploitation Less Likely An attacker who successfully exploited this vulnerability could bypass Secure Boot.
CVE-2023-24941 Windows Network File System Remote Code Execution Vulnerability Critical 9.8 No No Remote Code Execution

This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV4.1. This could adversely affect your ecosystem and should only be used as a temporary mitigation.

Warning You should NOT apply this mitigation unless you have installed the May 2022 Windows security updates. Those updates address CVE-2022-26937 which is a Critical vulnerability in NFSV2.0 and NFSV3.0.

Exploitation More Likely This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).
CVE-2023-24943 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Critical 9.8 No No Remote Code Execution Only PGM Server is vulnerable to this vulnerability. To mitigate risk, Microsoft recommends customers deploy newer technologies such as Unicast or Multicast server. Exploitation Less Likely When Windows Message Queuing service is running in a PGM Server environment, a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.
CVE-2023-24947 Windows Bluetooth Driver Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely An unauthorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to remote code execution on the Bluetooth component.
CVE-2023-24903 Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No Remote Code Execution Exploitation Less Likely
CVE-2023-28283 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Critical 8.1 No No Remote Code Execution Exploitation Less Likely
CVE-2023-24902 Win32k Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation More Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-24905 Remote Desktop Client Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely An attacker could host the malicious .rdp file on a file share, a user accessing the .rdp file from the share would be vulnerable to remote code execution.
CVE-2023-24946 Windows Backup Service Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-24949 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation More Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-24953 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-29340 AV1 Video Extension Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-29341 AV1 Video Extension Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-29343 SysInternals Sysmon for Windows Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-29344 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-29324 Windows MSHTML Platform Elevation of Privilege Vulnerability Critical 7.5 No No Security Feature Bypass Exploitation More Likely An attacker who successfully exploited this vulnerability could gain administrator privileges.
CVE-2023-24898 Windows SMB Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2023-24901 Windows NFS Portmapper Information Disclosure Vulnerability Important 7.5 No No Information Disclosure Exploitation Less Likely
CVE-2023-24939 Server for NFS Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2023-24940 Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2023-24942 Remote Procedure Call Runtime Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

April Spotlight Webinar: Vulnerability Management

By Spotlight Webinar, Video, WebinarsOne Comment

The Syxsense Spotlight Webinar Series is dedicated to teaching the fundamentals of cybersecurity.

In April’s class Syxsense’s Pre-Sales Manager, Graham Brooks, demonstrates how Syxsense eliminates “all those red lines” with real-time alerting, immediate device quarantining, automated remediation, and compliance reporting.

Webinar on Demand

Graham Brooks

Hosted by: Graham Brooks, Syxsense Pre-Sales Manager

Graham is currently a Pre-Sales Manager at Syxsense and has been working in the IT and Security industries for the last 7 years. Before working at Syxsense he was an IT Analyst for a major DOE and DOD Security manufacturing company. He currently holds the RHCSA and Security Plus certifications.

April-3rd-Party-Roundup-Webinar

April 2023 3rd Party Roundup Webinar

By Patch Management, Patch Tuesday, Video, WebinarsNo Comments

Don’t miss out on April’s powerful Patch Management Update.

Fill out the form to the right to watch as we dive into April’s bulletins and show you strategies for tackling the latest and most important Patch updates. Our IT industry expert, Jon Cassell, Syxsense’s Senior Solutions Architect, covers all of the latest updates.

Syxsense spots critical threats early and deploys instantly, with curated patch content that includes risk assessment, patch prioritization, and dedicated Patch scheduling for simple deployment every month.

Our experts have deployed over 100 million patches. Join us as we tackle this month’s updates and then get your own customized demo to see how Syxsense can help you manage Patch vulnerabilities and more.

Watch the Webinar

Jon_Cassell

Hosted By: Jon Cassell, Syxsense Senior Solutions Architect

Jon is currently Senior Solutions Architect at Syxsense and has been working in the IT and Infrastructure industries for the last 15 years. Before working at Syxsense, he was an IT Manager for a large financial services firm and has a background in Accounting and Tax consultation. He currently holds an MCSA in Server Infrastructure, A+, Network+, Security+, and Server+ certifications.

April 2023 Patch Tuesday Update with Syxsense

Microsoft Patch Tuesday Update | April 2023

By Patch Management, Patch Tuesday, Video, WebinarsOne Comment

Watch April’s Microsoft Patch Tuesday Forecast On Demand

Fill out the form to the right to view as we dive into this month’s bulletins and show you strategies for tackling the latest and most important Patch Tuesday updates.  Our IT industry expert Rob Brown, Syxsense’s Chief Customer Success Officer, will be covering all of the latest updates live. Rob’s team of IT management experts has deployed over 100 million patches — be sure to register so you don’t miss out on the top patch strategies of the month!

syxsense - patch management, cybersecurity, mobile device management, security scanning, remediation

Hosted by Rob Brown

During his 17 years at Syxsense, Rob’s role has evolved from onsite technical consultant through providing solutions around Patch Management, Vulnerability Management and Security Best Practices. His team have deployed over 100M patches to our global customers over the last decade.

April 2023 Patch Tuesday Update with Syxsense

April Patch Tuesday 2023 Addresses 8 Critical and 90 Important Issues

By Blog, Patch Management, Patch TuesdayNo Comments

Don’t miss our April 2023 Patch Tuesday webcast for all the details on the most important vulnerabilities of the month.

Microsoft releases 98 fixes this month including 8 Critical and 1 Weaponised Threats

There are 8 Critical and 90 Important fixes for Patch Tuesday, April 2023.  Microsoft Windows, Windows Components, Office and Office Components, Windows Defender, SharePoint Server, Windows Hyper-V, PostScript Printer and Microsoft Dynamics have all received fixes this month.

Robert Brown, Head of Customer Success for Syxsense said, “We have a Weaponised vulnerability to fix this month and we also have a second month with a very large number of fixes impacting PostScript and PCL6 Class Printer Drivers.  Careful testing must be done to ensure no printing issues are experienced following patching.  We also have 2 patches that resolve vulnerabilities which have a CVSS score of more than 9 (Critical) and if you count all the individual CVSS scores together, April has a combined CVSS score of 722.4 up from 529.6 last month.”

Top April 2023 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability

This vulnerability has been fixed several times this month, and has been Exploited at least twice before, which indicates to us that they have not fixed the issue yet.  An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Note:  The vulnerability is being actively exploited.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponised: Yes
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

2. CVE-2023-21554 Microsoft Message Queuing Remote Code Execution Vulnerability

According to Microsoft, this vulnerability is More Likely to be Exploited.  The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability.  This feature can be added via the Control Panel.  You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

3. CVE-2023-28250 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

According to Microsoft, this vulnerability is More Likely to be Exploited.  The vulnerability exists due to insufficient validation of user-supplied input in the Windows Pragmatic General Multicast (PGM).  A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

April 2023 CVE Overview

Additional newly identified CVEs and corresponding information can be found below.

Reference Description Vulnerability Impact Vendor Severity CVSS Score Weaponized Publicly Aware Exploitability Assessment Additional Details
CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 Yes No Exploitation Detected An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21554 Microsoft Message Queuing Remote Code Execution Vulnerability Remote Code Execution Critical 9.8 No No Exploitation More Likely
CVE-2023-28250 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Remote Code Execution Critical 9.8 No No Exploitation Less Likely Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:

The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.

You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine.

CVE-2023-28231 DHCP Server Service Remote Code Execution Vulnerability Remote Code Execution Critical 8.8 No No Exploitation More Likely
CVE-2023-28240 Windows Network Load Balancing Remote Code Execution Vulnerability Remote Code Execution Critical 8.8 No No Exploitation Less Likely A workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. The following workaround might be helpful in your situation:

Migrate from Network Load Balancing to Software Load Balancing.

CVE-2023-28291 Raw Image Extension Remote Code Execution Vulnerability Remote Code Execution Critical 8.4 No No Exploitation Less Likely
CVE-2023-28219 Layer 2 Tunnelling Protocol Remote Code Execution Vulnerability Remote Code Execution Critical 8.1 No No Exploitation More Likely
CVE-2023-28220 Layer 2 Tunnelling Protocol Remote Code Execution Vulnerability Remote Code Execution Critical 8.1 No No Exploitation More Likely
CVE-2023-28232 Windows Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Remote Code Execution Critical 7.5 No No Exploitation Less Likely
CVE-2023-21727 Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.
CVE-2023-24884 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24885 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24886 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24887 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24925 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24926 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24927 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24928 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-24929 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-28243 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-28275 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Remote Code Execution Important 8.8 No No Exploitation Less Likely
CVE-2023-28297 Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability Elevation of Privilege Important 8.8 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28296 Visual Studio Remote Code Execution Vulnerability Remote Code Execution Important 8.4 No No Exploitation Less Likely
CVE-2023-28221 Windows Error Reporting Service Elevation of Privilege Vulnerability Elevation of Privilege Important 8.1 No No Exploitation Less Likely
CVE-2023-28244 Windows Kerberos Elevation of Privilege Vulnerability Elevation of Privilege Important 8.1 No No Exploitation Less Likely
CVE-2023-28268 Netlogon RPC Elevation of Privilege Vulnerability Elevation of Privilege Important 8.1 No No Exploitation Less Likely
CVE-2023-23375 Microsoft SQL Server Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-24893 Visual Studio Code Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-24912 Windows Graphics Component Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation More Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-24924 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
CVE-2023-28225 Windows NTLM Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation Less Likely A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.
CVE-2023-28236 Windows Kernel Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28237 Windows Kernel Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28246 Windows Registry Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.
CVE-2023-28248 Windows Kernel Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation Less Likely A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.
CVE-2023-28260 .NET DLL Hijacking Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28262 Visual Studio Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain administrator privileges.
CVE-2023-28272 Windows Kernel Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28274 Windows Win32k Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation More Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28285 Microsoft Office Graphics Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28287 Microsoft Publisher Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28292 Raw Image Extension Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28293 Windows Kernel Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 No No Exploitation Less Likely
CVE-2023-28295 Microsoft Publisher Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28304 Microsoft SQL Server Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28311 Microsoft Word Remote Code Execution Vulnerability Remote Code Execution Important 7.8 No No Exploitation Less Likely
CVE-2023-28309 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Spoofing Important 7.6 No No Exploitation Less Likely Scope = Changed, Jump Point = True
CVE-2023-21769 Microsoft Message Queuing Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely
CVE-2023-24860 Microsoft Defender Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely
CVE-2023-24931 Windows Secure Channel Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely
CVE-2023-28217 Windows Network Address Translation (NAT) Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely Mitigation Available: This vulnerability is limited to attacker traffic inside the NAT firewall. An enterprise perimeter firewall can be used to mitigate this attack. A NAT firewall works by only allowing requested internet traffic to pass through the gateway. Internet routed network traffic cannot attack the Windows Network Address Translation Service for this vulnerability.
CVE-2023-28227 Windows Bluetooth Driver Remote Code Execution Vulnerability Remote Code Execution Important 7.5 No No Exploitation More Likely
CVE-2023-28233 Windows Secure Channel Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely
CVE-2023-28234 Windows Secure Channel Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely
CVE-2023-28238 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability Remote Code Execution Important 7.5 No No Exploitation Less Likely
CVE-2023-28241 Windows Secure Socket Tunnelling Protocol (SSTP) Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely
CVE-2023-28247 Windows Network File System Information Disclosure Vulnerability Information Disclosure Important 7.5 No No Exploitation Less Likely
CVE-2023-28300 Azure Service Connector Security Feature Bypass Vulnerability Security Feature Bypass Important 7.5 No No Exploitation Less Likely
CVE-2023-28302 Microsoft Message Queuing Denial of Service Vulnerability Denial of Service Important 7.5 No No Exploitation Less Likely
CVE-2023-23384 Microsoft SQL Server Remote Code Execution Vulnerability Remote Code Execution Important 7.3 No No Exploitation Less Likely
CVE-2023-28254 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 7.2 No No Exploitation Less Likely
CVE-2023-28222 Windows Kernel Elevation of Privilege Vulnerability Elevation of Privilege Important 7.1 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28224 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability Remote Code Execution Important 7.1 No No Exploitation Less Likely
CVE-2023-24914 Win32k Elevation of Privilege Vulnerability Elevation of Privilege Important 7.0 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28216 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Elevation of Privilege Important 7.0 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28218 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Elevation of Privilege Important 7.0 No No Exploitation More Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28229 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Elevation of Privilege Important 7.0 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.
CVE-2023-28273 Windows Clip Service Elevation of Privilege Vulnerability Elevation of Privilege Important 7.0 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-28235 Windows Lock Screen Security Feature Bypass Vulnerability Security Feature Bypass Important 6.8 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could bypass the Windows Lock Screen security feature.
CVE-2023-28269 Windows Boot Manager Security Feature Bypass Vulnerability Security Feature Bypass Important 6.8 No No Exploitation Less Likely
CVE-2023-28270 Windows Lock Screen Security Feature Bypass Vulnerability Security Feature Bypass Important 6.8 No No Exploitation Less Likely
CVE-2023-28223 Windows Domain Name Service Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-28249 Windows Boot Manager Security Feature Bypass Vulnerability Security Feature Bypass Important 6.6 No No Exploitation Less Likely
CVE-2023-28255 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-28256 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-28278 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-28305 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-28306 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-28307 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-28308 Windows DNS Server Remote Code Execution Vulnerability Remote Code Execution Important 6.6 No No Exploitation Less Likely
CVE-2023-24883 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Information Disclosure Important 6.5 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.
CVE-2023-28267 Remote Desktop Protocol Client Information Disclosure Vulnerability Information Disclosure Important 6.5 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.
CVE-2023-28288 Microsoft SharePoint Server Spoofing Vulnerability Spoofing Important 6.5 No No Exploitation Less Likely
CVE-2023-28312 Azure Machine Learning Information Disclosure Vulnerability Information Disclosure Important 6.5 No No Exploitation Less Likely An attacker who successfully exploited this vulnerability could access the system logs.
CVE-2023-28313 Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability Spoofing Important 6.1 No No Exploitation Less Likely Scope = Changed, Jump Point = True
CVE-2023-28314 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Spoofing Important 6.1 No No Exploitation Less Likely Scope = Changed, Jump Point = True
CVE-2023-28228 Windows Spoofing Vulnerability Spoofing Important 5.5 No No Exploitation Less Likely
CVE-2023-28251 Windows Driver Revocation List Security Feature Bypass Vulnerability Security Feature Bypass Important 5.5 No No Exploitation Less Likely
CVE-2023-28253 Windows Kernel Information Disclosure Vulnerability Information Disclosure Important 5.5 No No Exploitation Less Likely
CVE-2023-28263 Visual Studio Information Disclosure Vulnerability Information Disclosure Important 5.5 No No Exploitation Less Likely
CVE-2023-28266 Windows Common Log File System Driver Information Disclosure Vulnerability Information Disclosure Important 5.5 No No Exploitation More Likely An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.
CVE-2023-28271 Windows Kernel Memory Information Disclosure Vulnerability Information Disclosure Important 5.5 No No Exploitation Less Likely
CVE-2023-28298 Windows Kernel Denial of Service Vulnerability Denial of Service Important 5.5 No No Exploitation Less Likely
CVE-2023-28299 Visual Studio Spoofing Vulnerability Spoofing Important 5.5 No No Exploitation Less Likely
CVE-2023-28226 Windows Enrol Engine Security Feature Bypass Vulnerability Security Feature Bypass Important 5.3 No No Exploitation Less Likely
CVE-2023-28277 Windows DNS Server Information Disclosure Vulnerability Information Disclosure Important 4.9 No No Exploitation Less Likely
CVE-2023-28276 Windows Group Policy Security Feature Bypass Vulnerability Security Feature Bypass Important 4.4 No No Exploitation Less Likely
CVE-2023-21729 Remote Procedure Call Runtime Information Disclosure Vulnerability Information Disclosure Important 4.3 No No Exploitation Less Likely Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
patch management

Patch Management Solutions: What Matters in a Vendor

By Blog, Patch Management

Far too many successful cyberattacks have involved known vulnerabilities that were allowed to go unaddressed.

While it’s clear that no organization can afford to approach patch management haphazardly, the reality is few IT teams have the time or resources to do anything other than pick and choose which urgent tasks will receive their attention. To avoid this conundrum, savvy organizations will look to the various commercially available patch management solutions to help their IT departments take a more comprehensive approach to this highly critical mission.

What are the Hard & Soft Metrics?

It’s important to understand that not all patch management tools are created equal. Careful consideration is essential to ensure that a particular vendor and its solutions will meet an organization’s needs amid a backdrop of ever-evolving cyber threats.

Evaluation should initially focus on the “hard metrics” to determine how a prospective vendor’s core product features stack up against an organization’s key technical criteria. Designating specific criteria – patch coverage, support for third-party patches, ease of deployment, etc. – as “table stakes” will allow an IT team to quickly and easily identify solutions that align with their needs and eliminate other vendors from as the evaluation process progresses.

From there, IT leaders and operations teams can move to reviewing solutions for “soft metrics.”

These include patch coverage and other attributes crucial to comprehensive patch management, as well as the “decision trigger” features that have the potential to impact an organization significantly. For example, many IT teams would find the ability to run patch management from the cloud to be a considerable advantage, especially when devices are dispersed beyond their organization’s network, as is common in today’s remote and hybrid work environments.

What are the Solution’s Reporting Capabilities?

The importance of reporting can’t be overstated when evaluating potential patch management solutions. When reporting is optimal, IT staff will spend far less time compiling documentation for their organization’s Board and other key decision-makers.

Merely reporting a complex list of vulnerabilities can make a report almost unintelligible. The best patch management solutions allow organizations to draw actionable insights from their reporting to drive valuable security improvements. In most cases, unified solutions will enable better reporting. This is especially true when an organization’s coverage needs extend beyond assets that patching would traditionally cover, such as hardware devices on the IOT side

Bottom line: If a choice must be made between key product features and reporting capabilities, organizations will be better served by sacrificing some technical criteria for the sake of optimal reporting.

Where is a Vendor Directing Future Investments?

It’s essential to know if a vendor is investing for the future (they all are), but also whether or not they’re investing in the direction of where market demand is headed and at a pace that will keep up with that demand.

Firmware patch management, for example, is quickly becoming a critical problem within the IOT space, as doing so within its interface and with its reporting simply isn’t scalable because it’s poised to become an essential feature for many – if not most – organizations moving forward, a prospective vendor should already be directing investment toward that area.

It’s also essential to determine whether or not a vendor is striking a good balance between maturing their existing patch management platform and introducing new features, as those that are will be better able to reduce some of the disruptions that can accompany future innovation.

What About Automation and AI?

More than a buzzword, automation has become a significant driver of conversations surrounding patch management. With IT staff constantly being asked to do more with less, organizations are prioritizing anything that will alleviate the load and increase satisfaction in their day-to-day work. By this point and in this environment, every vendor should be focusing on developing automation capabilities that will allow IT teams to spend less time setting up patch deployment and management.

While AI is not currently impacting the patch management space, it is poised to do so in the very near future. Current AI isn’t 100% accurate but does exceptionally well when solving incredibly complex issues where accuracy isn’t important. If it can help move the needle in terms of prioritizing tasks, identifying change, and automating tuning of the dial, patch management would be an ideal space for utilizing AI

Take Away

Patch management should never be left to chance.

By taking the time to identify the right patch management tool and vendor for their needs, organizations will be much better positioned to ward off cyberattacks and ensure business continuity even in the face of ever-evolving security threats.

For more insight on choosing a patch management solution, check out this webinar with GigaOm CTO and research analyst, Howard Holton: Analysts Insights: Gigaom Radar for Patch Management.