Skip to main content
Tag

Patch Management

||

September Patch Tuesday 2021 Fixes 66 Flaws and Weaponized Threat

By Patch Management, Patch TuesdayNo Comments

September Patch Tuesday 2021 Fixes 66 Flaws and Weaponized Threat

September Patch Tuesday 2021 is officially here. See the latest Microsoft updates, vulnerabilities, and critical patches of the month.

[vc_empty_space]
[vc_single_image image=”77236″ img_size=”full”]

Microsoft Releases September 2021 Patch Tuesday Fixes

There are 3 Critical, 62 Important and a single Moderate fix in this September Patch Tuesday. Fixes include Microsoft Windows and Windows components, Microsoft Edge, Azure, Office and Office Components, SharePoint Server, Microsoft Windows DNS, and the Windows Subsystem for Linux.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month, with one currently Weaponized.

  1. Windows 7 – 2 Critical and 20 Important vulnerabilities fixed
  2. Windows 2008 R2 – 2 Critical and 20 Important vulnerabilities fixed

Top September 2021 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible. 

1. CVE-2021-40444: Microsoft MSHTML Remote Code Execution Vulnerability

The vulnerability exists due to improper input validation within the MSHTML component. A remote attacker can create a specially crafted Office document with a malicious ActiveX control inside, trick the victim into opening the document and execute arbitrary code on the system.

The best course of action is to ensure your staff know what to do when unsolicited emails arrive, and how to escalate to your security teams when such emails are received.

There are several workarounds you can implement here.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): No

 

[dt_divider style=”thin” /]

 

2. CVE-2021-38647: Open Management Infrastructure Remote Code Execution Vulnerability

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. This vulnerability requires no user interaction or privileges, so an attacker can run their code on an affected system just by sending a specially crafted message to an affected system.

An attacker could send a specially crafted message via HTTPS to port 5986 on a vulnerable system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

 

[dt_divider style=”thin” /]

 

3. CVE-2021-36954: Windows Bind Filter Driver Elevation of Privilege Vulnerability

The vulnerability allows a local user to escalate privileges on the system. After the privilege escalation, an attacker can then perform other acts of attacks or even affects resources outside of the original attack vector – Solar Winds spring to mind?

Syxscore

  • Vendor Severity: Important
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes
[vc_single_image image=”38151″ img_size=”full” onclick=”custom_link” link=”https://www.syxsense.com/start-a-free-trial-of-syxsense/”]

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

 

CVE Reference Description Vendor Severity CVSS Score Countermeasure Publicly Aware Weaponized Syxsense Recommended
CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability Important 8.8 Yes Yes Yes Yes
CVE-2021-38647 Open Management Infrastructure Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-36954 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2021-36965 Windows WLAN AutoConfig Service Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-26435 Windows Scripting Engine Memory Corruption Vulnerability Critical 8.1 No No No Yes
CVE-2021-36967 Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability Important 8 No No No Yes
CVE-2021-36968 Windows DNS Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-36975 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-38639 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-36963 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-36955 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-38633 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-38671 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-38661 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38655 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38644 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38646 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38658 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38660 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38659 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38653 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38654 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38656 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38645 Open Management Infrastructure Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-38648 Open Management Infrastructure Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26434 Visual Studio Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-36952 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-38628 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-38638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-36964 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-38630 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-38625 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-38626 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-38667 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-40447 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-36973 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-36974 Windows SMB Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-36966 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-38650 Microsoft Office Spoofing Vulnerability Important 7.6 No No No
CVE-2021-38651 Microsoft SharePoint Server Spoofing Vulnerability Important 7.6 No No No
CVE-2021-38652 Microsoft SharePoint Server Spoofing Vulnerability Important 7.6 No No No
CVE-2021-36960 Windows SMB Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-38634 Microsoft Windows Update Client Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2021-38649 Open Management Infrastructure Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-38629 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-38624 Windows Key Storage Provider Security Feature Bypass Vulnerability Important 6.5 No No No
CVE-2021-38669 Microsoft Edge (Chromium-based) Tampering Vulnerability Important 6.4 No No No
CVE-2021-40448 Microsoft Accessibility Insights for Android Information Disclosure Vulnerability Important 6.3 No No No
CVE-2021-26436 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 6.1 No No No
CVE-2021-38641 Microsoft Edge for Android Spoofing Vulnerability Important 6.1 No No No
CVE-2021-38642 Microsoft Edge for iOS Spoofing Vulnerability Important 6.1 No No No
CVE-2021-38657 Microsoft Office Graphics Component Information Disclosure Vulnerability Important 6.1 No No No
CVE-2021-38632 BitLocker Security Feature Bypass Vulnerability Important 5.7 No No No
CVE-2021-26437 Visual Studio Code Spoofing Vulnerability Important 5.5 No No No
CVE-2021-36959 Windows Authenticode Spoofing Vulnerability Important 5.5 No No No
CVE-2021-36961 Windows Installer Denial of Service Vulnerability Important 5.5 No No No
CVE-2021-36962 Windows Installer Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-36969 Windows Redirected Drive Buffering Sub System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-38635 Windows Redirected Drive Buffering Sub System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-38636 Windows Redirected Drive Buffering Sub System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-36972 Windows SMB Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-38637 Windows Storage Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-40440 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability Important 5.4 No No No
CVE-2021-36930 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 5.3 No No No
CVE-2021-26439 Microsoft Edge for Android Information Disclosure Vulnerability Moderate 4.6 No No No
CVE-2021-36956 Azure Sphere Information Disclosure Vulnerability Important 4.4 No No No
[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

10 Vulnerabilities You Should Be Scanning For

By Patch ManagementNo Comments

10 Vulnerabilities You Should Be Scanning with Syxsense

Are you scanning for these vulnerabilities in your environment? We have selected the most urgent security gaps that you should remediate.

[vc_empty_space]
[vc_single_image image=”146225″ img_size=”full”]

Vulnerabilities Have Rapidly Increased in 2021

The latest intelligence confirms ransomware attacks are on the rise. Not only are attacks getting more sophisticated, the ransom demands are constantly growing.

One third of all incidents this year are attributed to ransomware attacks or attempts to gain access to a network or intellectual property. In order to stop attackers from demanding payment for an encryption key, it’s never been more important to start scanning for security gaps.

Top 10 Vulnerabilities

These 10 security vulnerabilities should be scanned for within your environment.

These are based on the current threats we see being exposed and what has been weaponized or used to gain entry over the past year.

[vc_single_image image=”84930″ img_size=”full” css_animation=”fadeIn” css=”.vc_custom_1602218454042{padding-right: 20px !important;padding-left: 20px !important;}”]

Additionally, we have also recommended some of our scripts to run on your devices using Syxsense Secure to see if any of these have been found, and if so we recommend remediating these as soon as possible.

1. Autoplay

Some of the worst types of attack were transported using the simplest form of delivery: USB, mapped drive, or CD/DVD drive. One such virus known as Down ‘n Up or Conficker would infect a mapped drive and every user who logged on would automatically become infected and pass on the virus.

With many users still working from home, it is entirely possible the micro SD from the camera, or the USB drive used for school work could easily infect your system.

We recommend the following scripts be scanned on every device, and the features disabled where found:

  • Autoplay enabled for non-volume devices
  • Autoplay feature enabled for all drives
  • Autorun enabled

2. Simple Passwords

One of the trickiest issues to identify is the vast number of local accounts on your devices which are not using hardened passwords, or local accounts which do not require the password to be changed regularly.

We recommend the following scripts be scanned on every device in order to improve your local user hygiene:

  • Password complexity requirements is disabled
  • User password never expires
  • User password not required

We also know users like to keep the same password for everything, and unless you protect those local accounts with a minimum password age, nothing stops the users from cycling through to their favorite password.

  • Minimum password age less than 1 day
[vc_single_image image=”38756″ img_size=”full” onclick=”custom_link” css_animation=”fadeIn”]

3. Peer-to-Peer Software

Although owning peer-to-peer sharing is not illegal, it can be used to download illegal software, music and videos. You never can tell what you are downloading, especially since a lot of software downloaded from peer-to-peer sites are actually counterfeit, or worse, obfuscated rootkits and viruses.

We recommend the following scripts be scanned on every device to identify where peer-to-peer software or peer-to-peer binaries are installed which could act as a gateway to downloading ransomware:

  • Peer-to-peer application detected
  • Peer-to-peer binary detected

4. Windows Firewall

The basic Windows Firewall, if implemented correctly, can protect a system from many forms of attack, especially ransomware. The firewall comes with the operating system and should be enabled and configured if you have no other firewall in place.

We recommend the following scripts be scanned on every device:

  • Firewall Disabled (Windows)
  • Firewall Disabled (non-Windows)

5. Windows File Extensions

Your users build habits when running their applications and saving documents to their drives. Would your users know the difference between an icon logo which looks like Outlook, Word, Excel, and the one they use every day if it was located on the user’s desktop?

We recommend the following scripts be scanned on every device to help your users avoid opening suspicious files and applications that are in fact ransomware in disguise:

  • File Extensions Hidden
[vc_single_image image=”38151″ img_size=”full” onclick=”custom_link” link=”https://www.syxsense.com/start-a-free-trial-of-syxsense”]

6. Browser Extensions

A recent announcement by Google suggested they had detected 295 browser extensions on their platform which were caught collecting user keystrokes, clipboard content, cookies, and more. Browser extensions have become extremely popular recently with many offering monetary benefits like voucher codes. These browser extensions run within the browser, and simply await the user to run their payload.

We recommend the following scripts be scanned on every device to protect your browser from these kinds of attacks:

  • Malicious Chrome Extension (Google)
  • Malicious Chrome Extension (Edge)
  • Malicious Chrome Extension (Opera)

7. Remote Desktop Services

Remote Desktop and Remote Access is one the favorite avenues to attack for many hackers. Often devices are visible from the internet and are not sufficiently protected that over a single weekend, those devices are identified and by Monday, your network is under siege.

We recommend the following scripts to be run to ensure these are protected:

  • RDC use 3389 default port for connections
  • RDP connection encryption not set to High

We would also recommend scanning the following security vulnerability for all internet facing devices after every weekend to see if any attempts have been made:

  • Account Locked
  • Multiple Logins Attempted

8. Antivirus

Ensuring your Antivirus is running should be simple, however there are also known issues with the antivirus software itself that are often overlooked (such as memory leaks). Your antivirus is the last line of defense against the most sophisticated of ransomware attacks, so ensuring it is healthy should be one of your top priorities.

We recommend the following scripts be scanned on every device to verify your antivirus is trustworthy to protect your devices:

  • Antivirus Not Detected
  • Antivirus Definition over 21 Days
  • AV Disabled
  • AV Engine Not Up-to-Date

9. SMB

The US National Cybersecurity & Communications Integrations Center (NCCIC) recently issued advice that all organizations should block outbound Server Message Block (SMB) traffic at the perimeter firewall: Ports 137/139/445. If you are not able to block this traffic for whatever reason, you should at least ensure the protocol is using the highest level of security algorithm.

We recommend the following scripts be scanned on every internet facing device to verify the safety of SMB:

  • SMB v1 protocol enabled

10. Legacy / Obsolete / Out of Support Software

Our number one vulnerability is obsolete operating systems and software. It is widely recommended by both Syxsense and other security advisories such as US Homeland Security and the UK National Cyber Security Centre to ensure all software used is up to date, that includes operating systems.

Any software which is obsolete, and therefore no longer supported by the vendor, should be upgraded or uninstalled. Infection from ransomware is much easier if the vendor is no longer fixing security bugs which are publicly aware.

We recommend the following scripts be scanned on every device to identify legacy software:

  • Legacy Software Found

How Syxsense Can Help

Syxsense lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features.

In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

[vc_separator]

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1590698033746{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

August Patch Tuesday 2021 Fixes 44 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

August Patch Tuesday 2021 Fixes 44 Vulnerabilities Including Weaponized Threat

August Patch Tuesday 2021 is officially here. See the latest Microsoft updates, vulnerabilities, and critical patches of the month.

[vc_empty_space]
[vc_single_image image=”39653″ img_size=”full”]

Microsoft Releases August 2021 Patch Tuesday Fixes

There are 7 Critical and 37 Important fixes in this August Patch Tuesday for Microsoft Windows and Windows components, Office, .NET Core and Visual Studio, Windows Defender, Windows Update and Update Assistant, Azure, and Microsoft Dynamics.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month, with one currently Weaponized.

  1. Windows 7 – 4 Critical and 8 Important vulnerabilities fixed
  2. Windows 2008 R2 – 4 Critical and 9 Important vulnerabilities fixed

Robert Brown, Head of Customer Success for Syxsense said, “There are a number of extremely serious threats to deal with this month, and although there are less than half the number we have been facing just a couple months ago, it has never been more important to deploy these update to protect your environment.”

Top August 2021 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible. 

1. CVE-2021-36948: Windows Update Medic Service Elevation of Privilege Vulnerability

The vulnerability allows a local user to escalate privileges on the system, due to a boundary error within the Windows Update Medic Service. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

We are also extremely concerned as this was discovered by Microsoft Security Response Center (MSRC) / Microsoft Threat Intelligence Center which could indicate this would be turned into a ransomware attack.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: Yes
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2021-34535: Remote Desktop Client Remote Code Execution Vulnerability

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

In the case of Hyper-V, a malicious program running in a guest VM could trigger guest-to-host RCE by exploiting this vulnerability in the Hyper-V Viewer when a victim running on the host connects to the attacking Hyper-V guest.

Microsoft advise this exploit is more likely.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): No

3. CVE-2021-36936: Windows Print Spooler Remote Code Execution Vulnerability

The vulnerability allows a remote attacker to execute arbitrary code on the target system and successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Microsoft advise this exploit is more likely.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 8.8
  • Weaponised: No
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No
[vc_single_image image=”38151″ img_size=”full” onclick=”custom_link” link=”https://www.syxsense.com/start-a-free-trial-of-syxsense/”]

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

CVE Reference Description Vendor Severity CVSS Score Weaponized Public Aware Countermeasure Syxsense Recommended
CVE-2021-36948 Windows Update Medic Service Elevation of Privilege Vulnerability Important 7.8 Yes No No Yes
CVE-2021-36936 Windows Print Spooler Remote Code Execution Vulnerability Critical 8.8 No Yes No Yes
CVE-2021-36942 Windows LSA Spoofing Vulnerability Important 7.5 No Yes No Yes
CVE-2021-34535 Remote Desktop Client Remote Code Execution Vulnerability Critical 9.9 No No No Yes
CVE-2021-34480 Scripting Engine Memory Corruption Vulnerability Critical 6.8 No No No Yes
CVE-2021-34530 Windows Graphics Component Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-34534 Windows MSHTML Platform Remote Code Execution Vulnerability Critical 6.8 No No No Yes
CVE-2021-26432 Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-26424 Windows TCP/IP Remote Code Execution Vulnerability Critical 9.9 No No No Yes
CVE-2021-34524 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Important 8.1 No No No Yes
CVE-2021-34537 Windows Bluetooth Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-36947 Windows Print Spooler Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-26423 .NET Core and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-34485 .NET Core and Visual Studio Information Disclosure Vulnerability Important 5 No No No
CVE-2021-34532 ASP.NET Core and Visual Studio Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-33762 Azure Cycle Cloud Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-36943 Azure Cycle Cloud Elevation of Privilege Vulnerability Important 4 No No No
CVE-2021-26430 Azure Sphere Denial of Service Vulnerability Important 6 No No No
CVE-2021-26429 Azure Sphere Elevation of Privilege Vulnerability Important 7.7 No No No
CVE-2021-26428 Azure Sphere Information Disclosure Vulnerability Important 4.4 No No No
CVE-2021-36949 Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability Important 7.1 No No No
CVE-2021-36950 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 5.4 No No No
CVE-2021-36946 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability Important 5.4 No No No
CVE-2021-34478 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-36940 Microsoft SharePoint Server Spoofing Vulnerability Important 7.6 No No No
CVE-2021-34471 Microsoft Windows Defender Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2021-36941 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34536 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-36945 Windows 10 Update Assistant Elevation of Privilege Vulnerability Important 7.3 No No No
CVE-2021-36938 Windows Cryptographic Primitives Library Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-36927 Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26425 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34486 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34487 Windows Event Tracing Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-34533 Windows Graphics Component Font Parsing Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-36937 Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34483 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26431 Windows Recovery Environment Agent Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26433 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-36926 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-36932 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-36933 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-26426 Windows User Account Profile Picture Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-34484 Windows User Profile Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-30590 Chromium: CVE-2021-30590 Heap buffer overflow in Bookmarks High N/A No No No
CVE-2021-30591 Chromium: CVE-2021-30591 Use after free in File System API High N/A No No No
CVE-2021-30592 Chromium: CVE-2021-30592 Out of bounds write in Tab Groups High N/A No No No
CVE-2021-30593 Chromium: CVE-2021-30593 Out of bounds read in Tab Strip High N/A No No No
CVE-2021-30594 Chromium: CVE-2021-30594 Use after free in Page Info UI High N/A No No No
CVE-2021-30596 Chromium: CVE-2021-30596 Incorrect security UI in Navigation Medium N/A No No No
CVE-2021-30597 Chromium: CVE-2021-30597 Use after free in Browser UI Medium N/A No No No
[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Microsoft Issues Urgent Fix for PetitPotam

By BlogNo Comments

Microsoft Issues Urgent Fix for PetitPotam

Microsoft has reclassified the vulnerability known as “PetitPotam” as an official Security Advisory as attacks continue to rise.

[vc_empty_space]
[vc_single_image image=”365536″ img_size=”full”]

New PetitPotam Attack Lets Cybercriminals Take Over Windows Domains

On July 28, Microsoft have reclassified the vulnerability known as “PetitPotam” as an official Security Advisory, and have marked this as Public Aware.

This means the precise method to expose this vulnerability is available to find on the internet, and there may attempts right now trying to take advantage of the bug effecting all versions of Windows Server.

What is PetitPotam?

PetitPotam is a classic NTLM Relay Attack, and such attacks have been previously documented by Microsoft along with numerous mitigation options to protect customers.

To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authentication make use of protections such as Extended Protection for Authentication (EPA) or signing features such as SMB signing. PetitPotam takes advantage of servers where Active Directory Certificate Services (AD CS) is not configured with protections for NTLM Relay Attacks.

Rob Brown, Head of Customer Success said, “If an attacker was able to expose this bug, this will give the attacker an authentication certificate that can be used to access domain services and compromise the entire Active Directory domain. This includes the creation / deletion of user accounts, or the changing of passwords.”

You are potentially vulnerable to this attack if you are using Active Directory Certificate Services (AD CS) with any of the following services:

  1. Certificate Authority Web Enrollment
  2. Certificate Enrollment Web Service

On any of the following operating systems:

  1. Windows Server 2008 R2
  2. Windows Server 2012 R2
  3. Windows Server 2016
  4. Windows Server 2019
  5. Windows Server 2004
  6. Windows Server 20H2

Solutions and Mitigations

  1. Disable NTLM Authentication on your Windows domain controller.
  2. Disable NTLM on any AD CS Servers in your domain using the group policy Network security: Restrict NTLM: Incoming NTLM traffic. To configure this GPO, open Group Policy and go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options and set Network security: Restrict NTLM: Incoming NTLM traffic to Deny All Accounts or Deny All domain accounts. If needed, you can add exceptions as necessary using the setting Network security: Restrict NTLM: Add server exceptions in this domain.
  3. Disable NTLM for Internet Information Services (IIS) on AD CS Servers in your domain running the “Certificate Authority Web Enrollment” or “Certificate Enrollment Web Service” services.

How Syxsense Can Help

Customers using Syxsense Secure can detect this vulnerability by scanning our security script called “LanMan authentication level is not NTLMv2”.

Syxsense provides that first line of defense against vulnerabilities by automating the patching of all systems. Experience the power of IT managementpatch management, and security vulnerability scanning in one powerful solution.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

3 Reasons Why Patching is the Weakest Link in Organizational Security

By Blog, Patch ManagementNo Comments

3 Reasons Why Patching is the Weakest Link in Organizational Security

What is the weakest link in the organizational security arsenal? A strong argument could be put forward that patching is the clear winner.

[vc_empty_space]
[vc_single_image image=”365527″ img_size=”full”]

What’s the weakest link in your organization?

It’s been said many times that people are the weakest link in the security arsenal. Phishing scams enjoy success primarily due to the gullibility or inattention of people. All it takes is one clueless employee clicking on a malicious link or attachment and the entire network can be compromised.

But whether it is a virtual environment like a computer network or a physical environment like defending a castle, people have always been the weak link. In the old days, all it took was one person selling out to the enemy for a few coins. Later that night, the gate is left unlocked and the portcullis isn’t dropped.

Therefore, let’s take people out of the discussion, recognizing that there will always be a human element to address. What, then, is the weakest link among the many components of the organizational security arsenal? A strong argument could be put forward that patching is the clear winner. Here are three reasons why.

1. Vital Patches Don’t Get Deployed

Think about some of the recent breaches impacting the enterprise such as Microsoft Exchange Server, Adobe Flash Player, the Fortinet VPN, and VMware vSphere. Serious security holes were discovered. Urgent patches were issued, news stories abounded about the need to deploy these patches at once, otherwise ransomware and other cyber-scourges lurked.

Yet systems are still being discovered almost five months later that have yet to shore up their Exchange Servers. The FBI even got in on the act, breaking into corporate systems to remove malware. To make matters worse, critical security patches from May of 2019 such as those fixing the Fortinet VPN hole have been found undeployed.

2. The Bad Guys Search Out Unpatched Systems

Yes, there are a few criminal hacking geniuses out there who devise new and ingenious ways of breaking into systems or who can find a hole no one else ever spotted. But that accounts for a minuscule number of actual hacks. Almost all take advantage of known security issues, most of them having patches readily available.

Talk about making it easy for the criminal! The bad guys scan for instances of obsolete OSes, or insecure applications. Where they find Windows XP, Windows 7, Internet Explorer, or Adobe Flash Player, for example, they rub their hands in glee. Similarly, they search around for systems that haven’t deployed patches such as Exchange, VMware, or Fortinet. When they find one, they know they are onto a sure thing. From that point, they can infiltrate confidential data or initiative a ransomware attack.

3. Manual Patching Leads to Backlogs

Many organizations still take care of patching manually. They evaluate each patch and determine if and when it is to be installed. This inevitably leads to errors, delays, and heightened risk.

Another area where manual processes tend to bog down patch deployment is testing. Organizations want to verify that a patch won’t break other systems. They establish procedures to test patches before deployment. Unfortunately, many patches stack up in backlogs. Urgent patches go undeployed while someone in IT tests low-priority patches to verify their integrity.

How Syxsense Can Help

Syxsense eliminates the many reasons why patches don’t get deployed. It lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features.

In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution. Don’t tempt fate by relying on manual patching processes.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

July Patch Tuesday 2021 Fixes Massive 117 Vulnerabilities

By Patch ManagementNo Comments

July Patch Tuesday 2021 Fixes Massive 117 Vulnerabilities

July Patch Tuesday 2021 is officially here. See the latest Microsoft updates, vulnerabilities, and critical patches of the month.

[vc_empty_space]
[vc_single_image image=”39253″ img_size=”full”]

Microsoft Releases Huge July Patch Tuesday Update

There are  13 Critical, 103 Important and 1 Moderate fixes this month for Microsoft Windows, Dynamics, Exchange Server, Microsoft Office, Windows Storage Spaces Controller, Bing, SharePoint Server, Internet Explorer (IE), Visual Studio, and Open Enclave.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month, with one currently Weaponized.

  1. Windows 7 – 3 Critical and 27 Important vulnerabilities fixed
  2. Windows 2008 R2 – 3 Critical and 27 Important vulnerabilities fixed

Robert Brown, Head of Customer Success for Syxsense said, “The vulnerability known as PrintNightmare is causing a lot of confusion and anxiety as patch deployment is needed urgently, but also some registry keys need to be verified also. If those keys exist then you are not safe.

There are also Weaponized vulnerabilities for Windows Kernel which need addressing urgently.”

Top July 2021 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible. 

1. CVE-2021-34527: Windows Print Spooler Remote Code Execution Vulnerability

The vulnerability exists due to improper input validation within the RpcAddPrinterDriverEx() function. A remote user can send a specially crafted request to the Windows Print Spooler and execute arbitrary code with SYSTEM privileges.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.5 / 8.8
  • Weaponiz
  • ed: Yes
  • Public Aware: Yes
  • Countermeasure: Yes 

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

2. CVE-2021-31979 & CVE-2021-33771: Windows Kernel Elevation of Privilege Vulnerability

A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8 / 8.4
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: Yes 

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

3. CVE-2021-34458: Windows Kernel Remote Code Execution Vulnerability

This bug impacts systems hosting virtual machines with single root input/output virtualization (SR-IOV) devices. If you have virtual machines in your environment, test and patch quickly.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8 / 8.4
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: Yes 

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes
[vc_single_image image=”38151″ img_size=”full” onclick=”custom_link” link=”https://www.syxsense.com/start-a-free-trial-of-syxsense/”]

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

Reference Description Vendor Severity CVSS Score Countermeasure Public Weaponised Syxsense Recommended
CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability Critical 8.8 Yes Yes Yes Yes
CVE-2021-31979 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No Yes Yes
CVE-2021-33771 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No Yes Yes
CVE-2021-34448 Scripting Engine Memory Corruption Vulnerability Critical 6.8 No No Yes Yes
CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9.1 No Yes No Yes
CVE-2021-34523 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 9 No Yes No Yes
CVE-2021-33781 Active Directory Security Feature Bypass Vulnerability Important 8.1 No Yes No Yes
CVE-2021-33779 Windows ADFS Security Feature Bypass Vulnerability Important 8.1 No Yes No Yes
CVE-2021-34492 Windows Certificate Spoofing Vulnerability Important 8.1 No Yes No Yes
CVE-2021-34458 Windows Kernel Remote Code Execution Vulnerability Critical 9.9 No No No Yes
CVE-2021-34494 Windows DNS Server Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-33780 Windows DNS Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-34525 Windows DNS Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-33749 Windows DNS Snap-in Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-33750 Windows DNS Snap-in Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-33752 Windows DNS Snap-in Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-33756 Windows DNS Snap-in Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-34450 Windows Hyper-V Remote Code Execution Vulnerability Critical 8.5 No No No Yes
CVE-2021-34469 Microsoft Office Security Feature Bypass Vulnerability Important 8.2 No No No Yes
CVE-2021-33767 Open Enclave SDK Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2021-34520 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.1 No No No Yes
CVE-2021-33786 Windows LSA Security Feature Bypass Vulnerability Important 8.1 No No No Yes
CVE-2021-34474 Dynamics Business Central Remote Code Execution Vulnerability Critical 8 No No No Yes
CVE-2021-33768 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8 No No No Yes
CVE-2021-34470 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8 No No No Yes
CVE-2021-33746 Windows DNS Server Remote Code Execution Vulnerability Important 8 No No No Yes
CVE-2021-33754 Windows DNS Server Remote Code Execution Vulnerability Important 8 No No No Yes
CVE-2021-34446 Windows HTML Platform Security Feature Bypass Vulnerability Important 8 No No No Yes
CVE-2021-34464 Microsoft Defender Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-34522 Microsoft Defender Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-34439 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-34503 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-33740 Windows Media Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-34497 Windows MSHTML Platform Remote Code Execution Vulnerability Critical 6.8 No No No Yes
CVE-2021-34489 DirectWrite Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31947 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-33775 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-33776 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-33777 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-33778 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34501 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34518 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34479 Microsoft Visual Studio Spoofing Vulnerability Important 7.8 No No No
CVE-2021-34441 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34452 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34521 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34460 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34510 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34512 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34513 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34477 Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34528 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34529 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34516 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34504 Windows Address Book Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34459 Windows App Container Elevation Of Privilege Vulnerability Important 7.8 No No No
CVE-2021-33784 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34488 Windows Console Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34461 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-33759 Windows Desktop Bridge Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34455 Windows File History Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34438 Windows Font Driver Host Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-34498 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34511 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34514 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34508 Windows Kernel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-33743 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-33761 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-33773 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34445 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-34456 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-33758 Windows Hyper-V Denial of Service Vulnerability Important 7.7 No No No
CVE-2021-31206 Microsoft Exchange Server Remote Code Execution Vulnerability Important 7.6 No No No
CVE-2021-31984 Power BI Remote Code Execution Vulnerability Important 7.6 No No No
CVE-2021-34476 Bowser.sys Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-33785 Windows AF_UNIX Socket Provider Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-34442 Windows DNS Server Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-33788 Windows LSA Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-31183 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-33772 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-34490 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-33766 Microsoft Exchange Information Disclosure Vulnerability Important 7.3 No No No
CVE-2021-31196 Microsoft Exchange Server Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2021-34467 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.1 No No No
CVE-2021-34468 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.1 No No No
CVE-2021-33751 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-34449 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-34462 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-33774 Windows Event Tracing Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-34447 Windows MSHTML Platform Remote Code Execution Vulnerability Important 6.8 No No No
CVE-2021-34493 Windows Partition Management Driver Elevation of Privilege Vulnerability Important 6.7 No No No
CVE-2021-33745 Windows DNS Server Denial of Service Vulnerability Important 6.5 No No No
CVE-2021-34444 Windows DNS Server Denial of Service Vulnerability Important 6.5 No No No
CVE-2021-34499 Windows DNS Server Denial of Service Vulnerability Important 6.5 No No No
CVE-2021-34507 Windows Remote Assistance Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-33755 Windows Hyper-V Denial of Service Vulnerability Important 6.3 No No No
CVE-2021-34500 Windows Kernel Memory Information Disclosure Vulnerability Important 6.3 No No No
CVE-2021-33765 Windows Installer Spoofing Vulnerability Important 6.2 No No No
CVE-2021-31961 Windows Install Service Elevation of Privilege Vulnerability Important 6.1 No No No
CVE-2021-33764 Windows Key Distribution Center Information Disclosure Vulnerability Important 5.9 No No No
CVE-2021-34466 Windows Hello Security Feature Bypass Vulnerability
||

June Patch Tuesday 2021 Includes 50 Fixes and 6 Weaponized Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

June Patch Tuesday 2021 Includes 50 Fixes and 6 Weaponized Vulnerabilities

June Patch Tuesday 2021 has arrived with 50 vulnerabilities and 6 zero-days exploited. Tackle the latest Microsoft updates, critical patches, and vulnerabilities of the month.

[vc_empty_space]
[vc_single_image image=”38813″ img_size=”full”]

Microsoft Releases 50 Fixes Including 6 Weaponized Vulnerabilities

There are 5 Critical and 45 Important fixes this month for Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code – Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month, with one currently Weaponized.

  1. Windows 7 – 2 Critical and 12 Important vulnerabilities fixed
  2. Windows 2008 R2 – 1 Critical and 11 Important vulnerabilities fixed

Both Windows 7 and 2008 are vulnerable to CVE-2021-33742, Windows MSHTML Platform Remote Code Execution Vulnerability which is currently Weaponized. It carries a CVSS score of 7.5 and can be exploited over any network without privileges.

Robert Brown, Head of Customer Success for Syxsense said, “We are very concerned about CVE-2021-31948, CVE-2021-31950, CVE-2021-31964 which are all related to Microsoft SharePoint Server. These spoofing vulnerabilities carry a CVSS score of 7.6 but if exploited can be used to jump into another technology running on the system. These should be urgently resolved.”

Top June 2021 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible. 

1. CVE-2021-33739 Microsoft DWM Core Library Elevation of Privilege Vulnerability

The vulnerability exists due to improper privilege management within the Microsoft DWM Core Library. A remote attacker can trick the victim to run a specially crafted executable or script and execute arbitrary code on the system.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.4
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2021-33742 MSHTML Platform Remote Code Execution Vulnerability

The vulnerability exists due to a boundary error when processing HTML content within Windows MSHTML Platform. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 7.5
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): No

3. CVE-2021-31977 Windows Hyper-V Denial of Service Vulnerability

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.  By sending a specially crafted message to the Hyper-V host virtualization stack, a guest VM could cause a reference count in the host virtualization stack to be leaked.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.6
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Yes
[vc_single_image image=”38151″ img_size=”full” onclick=”custom_link” link=”https://www.syxsense.com/start-a-free-trial-of-syxsense/”]

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Countermeasure Syxsense Recommended
CVE-2021-33739 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 8.4 Yes Yes No Yes
CVE-2021-31956 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 Yes No No Yes
CVE-2021-33742 Windows MSHTML Platform Remote Code Execution Vulnerability Critical 7.5 Yes Yes No Yes
CVE-2021-31955 Windows Kernel Information Disclosure Vulnerability Important 5.5 Yes No No Yes
CVE-2021-31199 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Important 5.2 Yes No No Yes
CVE-2021-31201 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Important 5.2 Yes No No Yes
CVE-2021-31968 Windows Remote Desktop Services Denial of Service Vulnerability Important 7.5 No Yes No Yes
CVE-2021-31962 Kerberos App Container Security Feature Bypass Vulnerability Important 9.4 No No No Yes
CVE-2021-31977 Windows Hyper-V Denial of Service Vulnerability Important 8.6 No No No Yes
CVE-2021-33741 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2021-31980 Microsoft Intune Management Extension Remote Code Execution Vulnerability Important 8.1 No No No Yes
CVE-2021-31954 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-31948 Microsoft SharePoint Server Spoofing Vulnerability Important 7.6 No No No Yes
CVE-2021-31950 Microsoft SharePoint Server Spoofing Vulnerability Important 7.6 No No No Yes
CVE-2021-31964 Microsoft SharePoint Server Spoofing Vulnerability Important 7.6 No No No Yes
CVE-2021-31985 Microsoft Defender Remote Code Execution Vulnerability Critical 7.8 No No No
CVE-2021-31967 VP9 Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No
CVE-2021-31942 3D Viewer Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31943 3D Viewer Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31939 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31940 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31941 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31945 Paint 3D Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31946 Paint 3D Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31983 Paint 3D Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31969 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31953 Windows Filter Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31973 Windows GPSVC Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31951 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31952 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1675 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31974 Server for NFS Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-31975 Server for NFS Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-31976 Server for NFS Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-31958 Windows NTLM Elevation of Privilege Vulnerability Important 7.5 No No No
CVE-2021-31938 Microsoft Vs Code Kubernetes Tools Extension Elevation of Privilege Vulnerability Important 7.3 No No No
CVE-2021-31966 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2021-31963 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical 7.1 No No No
CVE-2021-26420 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.1 No No No
CVE-2021-31971 Windows HTML Platform Security Feature Bypass Vulnerability Important 6.8 No No No
CVE-2021-31949 Microsoft Outlook Remote Code Execution Vulnerability Important 6.7 No No No
CVE-2021-31959 Scripting Engine Memory Corruption Vulnerability Critical 6.4 No No No
CVE-2021-31957 .NET Core and Visual Studio Denial of Service Vulnerability Important 5.9 No No No
CVE-2021-31965 Microsoft SharePoint Server Information Disclosure Vulnerability Important 5.7 No No No
CVE-2021-31972 Event Tracing for Windows Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-31978 Microsoft Defender Denial of Service Vulnerability Important 5.5 No No No
CVE-2021-31960 Windows Bind Filter Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-31970 Windows TCP/IP Driver Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2021-31944 3D Viewer Information Disclosure Vulnerability Important 5 No No No
CVE-2021-26414 Windows DCOM Server Security Feature Bypass Important 4.8 No No No
[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
|

MacOS Zero-Day Exploited in Malware Attacks

By News, Patch ManagementNo Comments

MacOS Zero-Day Exploited in Malware Attacks

A MacOS zero-day was used to take unauthorized screenshots of an end user’s active session to harvest sensitive information.

[vc_empty_space]
[vc_single_image image=”365018″ img_size=”full”]

MacOS Vulnerability Used to Target Developers

On Monday, Apple released macOS 11.4 which included a patch for the macOS vulnerability CVE-2021-30713.  This CVE was used to take unauthorized screenshots of an end user’s active session to harvest sensitive information.

The exploit was found by researchers at Jamf through the dissection of the XCSSET malware which employs this vulnerability. XCSSET was first caught in the wild between June and July of last year, and functions as a trojan spyware. Trojans are a type of malware which masquerade as authentic software (and generally do provide utility to the victim) but perform a malicious action on the end user’s computer. The XCSSET trojan is a purpose build malware used to exfiltrate data and user information.

How Does the MacOS Exploit Work?

CVE-2021-30713 relies on a previously unknown vulnerability in the MacOS operating system. Apple requires software packages to undergo an approval check by the end user or an administrator prior to initializing.

This process is called Transparency Consent and Control (TCC) protection. As part of the approval process, an alert is sent to the user, communicating the types of permissions which the software wants.

Below is an example of the Security & Privacy panel in MacOS, where various permissions and privacy settings are configured. As shown, each application on the computer has an individual permission setting for screen recording.

[vc_single_image image=”365343″ img_size=”full” css_animation=”fadeIn” css=”.vc_custom_1622569489698{padding-right: 160px !important;padding-left: 160px !important;}”]

In CVE-2021-30713, the Trojan application does not appear in this list. Nor does it prompt the end user or administrator for approval before it captures content from the end user. Instead, it silently activates and begins collecting data to report back to the orchestrators of the attack.

CVE-2021-30713 bypasses the security checks in MacOS by piggybacking the permissions of a currently approved software and masquerading as that application at the time of execution. Specifically, the exploit uses an AppleScript module named “screen_sim.applescript” to capture the list of currently approved screen capturing applications.

Then, the malware creates an additional AppleScript which it injects into the approved application. Using the inherited permissions from the approved application, XCSSET is then able to perform restricted actions on the endpoint. Data which XCSSET collects is then exfiltrated to a command-and-control server hosted by the attackers.

Further analyses by the researchers revealed that the scope of permissions compromised by XCSSET were not limited to just screen capturing, and that XCSSET could also infect browsers to collect sensitive information from online accounts.

The Malware

The XCSSET Trojan has been found using unverified Xcode plugins as it’s transportation and appears to be targeted at the software development industry. When an unsuspecting programmer installs an infected Xcode plugin with the XCSSET malware imbedded, the malware then deploys itself to the device.

During that deployment, XCSSET uses CVE-2021-30713 to bypass the TCC authorization process and enable its monitoring process. Although XCSSET has only been found in Xcode plugins, because of how XCSSET is architected, any maliciously modified application can be used to deploy XCSSET. Therefore, it is not safe to assume that the malware can only be deployed through Xcode plugins.

At the time of writing, there have been around 400 documented endpoints infected by XCSSET. While this number is small, there are multiple contingent factors which elevate the risk posed by XCSSET. First, the malware has been used to explicitly target developers, which in turn raises questions about the overall safety of the software development supply chain.

Secondly, the 380 reported devices impacted by XCSSET are simply that, the reported devices. The total impact of XCSSET is still totally unknown, and many researchers expect the impact to be significantly larger. At the time of writing, one of the three command-and-control domains used by XCSSET are no longer active. The other two are set to expire later this year.

How to Resolve the Vulnerability

On Monday, Apple released MacOS 11.4. This version of MacOS improves on the current list of supported graphics cards, provides multiple feature updates, and most critically, resolves the CVE-2021-30713 vulnerability, among others. While this update comes 9 – 10 months after the vulnerability was first weaponized, Apple provided limited protection against this vulnerability as early as July 14th, 2020 (The first non-verified positive report of the vulnerability was on June 13th, 2020).  Their protection checked against Xcode projects for signatures consistent with the XCSSET malware. With the advent of MacOS 11.4, not only is the XCSSET malware less sticky in the MacOS ecosystem, but its primary method of exploitation is now invalidated.

How Syxsense Can Help

Syxsense Secure provides an expansive vulnerability library which we scan against. All MacOS devices under management with Syxsense Secure are monitored in real time for vulnerabilities just like (and including) CVE-2021-30713. If any critical vulnerability is detected, an automated notification alerts your security operations team of the threat.

Additionally, Syxsense Secure also provides integration with Apple’s update service to deliver critical updates to your Apple devices on a schedule you choose. With Syxsense Cortex (included in Syxsense Secure), vulnerability scanning, alerting, and patching can all be combined into a smart, fully automated workflow.

Syxsense Score

CVSS Score: 5.5/10

Weaponized: True

Attack Vector: Local

Attach Complexity: Low

Privileges Required: Low

User Interaction: None

Scope (Jump Point): No

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Have Unpatched Systems Become the Biggest Security Liability?

By Patch ManagementNo Comments

Have Unpatched Systems Become the Biggest Security Liability?

Breaches caused by unpatched systems are becoming more common. This is often due to patch overwhelm and attackers are taking full advantage.

[vc_empty_space]
[vc_single_image image=”365325″ img_size=”full”]

Have Unpatched Systems Become the Biggest Security Liability?

Breaches due to unpatched systems are big news these days. Six weeks after Microsoft issued a patch for Exchange server, almost 10% of enterprises had yet to install the patch – and hackers are taking advantage.

Even older patches are also being heavily exploited in high volume. A 2019 patch from Fortinet for Fortigate VPN servers continues to be a hot ticket for ransomware attacks. It seems there is no end to the number of ignored security patches wreaking havoc in enterprise IT.

Patch Overwhelm

How could it be that such obvious gaping holes are left unattended? Apart from negligence, one reason could be patch overwhelm. In the past week or so, three of the largest players in IT issued a slew of new patches.

Microsoft found a total of five zero-day vulnerabilities in one week. The patches that followed fixed 110 vulnerabilities, with as many as 19 classified as critical. Another 88 of the vulnerabilities were classified as important. These impacted a number of platforms including the Edge browser, Azure, Azure DevOps Server, Microsoft Office, SharePoint Server, Hyper-V, Team Foundation Server, Visual Studio, and Exchange Server. Perhaps the most critical flaw disclosed is one dealing with Win32k elevation of privilege that enables hacker to avoid sandboxes and gain system privileges. Meanwhile, the National Security Agency issued an alert about four more critical Exchange Server vulnerabilities.

Not to be outdone, Adobe provided patches for 10 security bugs, seven of which were considered critical. Google, too, just released the latest version of its Chrome browser. It contained seven security fixes, including one for a zero-day vulnerability.

Addressing Patch Overwhelm with Automation

Faced with this barrage of patches and updates (there are many more from a great many other sources), it is easy to see how IT could get behind. Patch backlogs can easily build up. IT may even be tempted to devalue their urgency if they see announcements about critical patches, yet no apparent damage appears to result. It sometimes takes the occurrence of a serious security breach before understanding prevails about the importance of patching.

By then, however, it’s too late. What is needed is a renewed emphasis on patch diligence and patch velocity. In many cases, that requires a complete overhaul of security and patching processes.

The time-worn habit of testing every patch and then installing each one manually is no longer workable. It is a rare organization that can note the presence of a new critical patch, review it, test it, and deploy it in a timely manner. Most organizations take several days to do this. Some take weeks. And as the Fortinet VPN and Microsoft Exchange Server exploits show, some never get around to it.

IT Automation with Syxsense

The best way to deal with this new era of patching volume is to automate the process. Trouble is inevitable unless the organization can provide an abundance of trained resource who meticulously review every patch announcement from every vendor, test them, and issue them immediately to all endpoints. The best approach is to outsource the function to a trusted vendor – one that has the manpower to corral all patches the moment they are issued, verify their authenticity, test them, and issue them.

Syxsense reviews, verifies, tests, and issues all patches within three hours of issuance. Its software can automatically deploy those patches to all users and devices. It also contains a patch rollback function in one of the rare instances when a problem arises due to a new patch. This represents the most efficient way to deal with the onslaught of new patches. It also frees up IT and security personnel to take care of other urgent areas of security for the enterprise.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

May Patch Tuesday 2021 Fixes 55 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

May Patch Tuesday 2021 Fixes 55 Vulnerabilities

May Patch Tuesday 2021 has arrived. Tackle the latest Microsoft updates, critical patches, and vulnerabilities of the month.

[vc_empty_space]
[vc_single_image image=”365130″ img_size=”full”]

Patch Tuesday Addresses 55 New Flaws, Including Public Aware Threats

There are 2 Critical, 50 Important and 1 Moderate fixes this month for Microsoft Windows, .NET Core and Visual Studio, Internet Explorer (IE), Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month, a shadow of what was released last month.

  1. Windows 7 – 1 Critical and 10 Important vulnerabilities fixed
  2. Windows 2008 R2 – 1 Critical and 9 Important vulnerabilities fixed

Robert Brown, Head of Customer Success for Syxsense said, “May sees almost half the updates fixed over April. This is great news as deployment payload could be as low as 1GB per device (or less). Adobe released just 10 fixes less than Microsoft this month, so this is the month to ensure you are prioritizing both Microsoft and Adobe to protect your devices. This month also sees the last supported patches for Feature Update 1809.”

Top May 2021 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability

The vulnerability exists due to improper input validation in HTTP Protocol Stack. A remote attacker can execute arbitrary code on the target system. Microsoft recommends prioritizing this patch because it could become wormable.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2021-28476: Hyper-V Remote Code Execution Vulnerability

The vulnerability exists due to improper input validation in the Hyper-V on most Microsoft operating systems. A remote authenticated attacker can execute arbitrary code on the target system. This is particularly dangerous as an exploit may compromise the entire system, and with a Scope (Jump Point) of yes, it is possible to jump from Hyper-V to another technology on the system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.9
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

3. CVE-2021-31204: .NET Core and Visual Studio Elevation of Privilege Vulnerability

With many staff around the world still working from home, it is likely they have a Visual Studio system on their home system. The vulnerability exists due to application does not properly impose security restrictions in .NET and Visual Studio, which leads to security restrictions bypass and privilege escalation.

Although this vulnerability requires local access and user interaction, a user can become a victim if they access a specially designed website which tricks the end user into clicking the link.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.3
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: Required
  • Scope (Jump Point): No
[vc_single_image image=”38151″ img_size=”full” onclick=”custom_link” link=”https://www.syxsense.com/start-a-free-trial-of-syxsense/”]

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

Reference Description Vendor Severity CVSS Score Publicly Aware Weaponised Countermeasure Syxsense Recommended
CVE-2021-31204 .NET Core and Visual Studio Elevation of Privilege Vulnerability Important 7.3 Yes No No Yes
CVE-2021-31200 Common Utilities Remote Code Execution Vulnerability Important 7.2 Yes No No Yes
CVE-2021-31207 Microsoft Exchange Server Security Feature Bypass Vulnerability Moderate 6.6 Yes No No Yes
CVE-2021-28476 Hyper-V Remote Code Execution Vulnerability Critical 9.9 No No No Yes
CVE-2021-31166 HTTP Protocol Stack Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-31194 OLE Automation Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-26419 Scripting Engine Memory Corruption Vulnerability Critical 6.4 No No No Yes
CVE-2021-28455 Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-31181 Microsoft SharePoint Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28474 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-27068 Visual Studio Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-31198 Microsoft Exchange Server Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31180 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31175 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31176 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31177 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31179 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31214 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31211 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31213 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28465 Web Media Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31190 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31165 Windows Container Manager Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31167 Windows Container Manager Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31168 Windows Container Manager Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31169 Windows Container Manager Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31208 Windows Container Manager Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31170 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31188 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31192 Windows Media Foundation Core Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-31193 Windows SSDP Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-31187 Windows WalletService Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28478 Microsoft SharePoint Spoofing Vulnerability Important 7.6 No No No
CVE-2021-31936 Microsoft Accessibility Insights for Web Information Disclosure Vulnerability Important 7.4 No No No
CVE-2021-31186 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 7.4 No No No
CVE-2021-26422 Skype for Business and Lync Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2021-31182 Microsoft Bluetooth Driver Spoofing Vulnerability Important 7.1 No No No
CVE-2021-31172 Microsoft SharePoint Spoofing Vulnerability Important 7.1 No No No
CVE-2021-31195 Microsoft Exchange Server Remote Code Execution Vulnerability Important 6.5 No No No
CVE-2021-31209 Microsoft Exchange Server Spoofing Vulnerability Important 6.5 No No No
CVE-2021-26421 Skype for Business and Lync Spoofing Vulnerability Important 6.5 No No No
CVE-2020-24587 Windows Wireless Networking Information Disclosure Vulnerability Important 6.5 No No No
CVE-2020-24588 Windows Wireless Networking Spoofing Vulnerability Important 6.5 No No No
CVE-2020-26144 Windows Wireless Networking Spoofing Vulnerability Important 6.5 No No No
CVE-2021-28461 Dynamics Finance and Operations Cross-site Scripting Vulnerability Important 6.1 No No No
CVE-2021-31174 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-31178 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-31184 Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-28479 Windows CSC Service Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-31185 Windows Desktop Bridge Denial of Service Vulnerability Important 5.5 No No No
CVE-2021-31191 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-31173 Microsoft SharePoint Server Information Disclosure Vulnerability Important 5.3 No No No
CVE-2021-26418 Microsoft SharePoint Spoofing Vulnerability Important 4.6 No No No
CVE-2021-31205 Windows SMB Client Security Feature Bypass Vulnerability Important 4.3 No No No
CVE-2021-31171 Microsoft SharePoint Information Disclosure Vulnerability Important 4.1 No No No
[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]