Skip to main content
Tag

Patch Management

||

Dell Resolves Vulnerability Affecting Over 100 Million Devices

By Blog, News, Patch ManagementNo Comments

Dell Resolves Vulnerability Affecting Over 100 Million Devices

A Dell driver flaw which could allow a local authenticated attacker to gain elevated privileges on the system has been resolved.

[vc_empty_space]
[vc_single_image image=”365098″ img_size=”full”]

Dell Security Flaw Dates Back to 2009

A Dell driver flaw which could allow a local authenticated attacker to gain elevated privileges on the system has been resolved. The vulnerability was caused by an insufficient access control vulnerability in the dbutil_2_3.sys driver. An attacker could exploit this vulnerability to gain elevated privileges, obtain sensitive information or cause a denial of service due to improper access restrictions within the Dell dbutil driver dbutil_2_3.sys.

Dell has remediated the dbutil driver and has released firmware update utility packages for supported platforms running Windows 10, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent and Dell Platform Tags.

Vulnerability Details

  • CVSS Score: 8.8
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Changed

How Syxsense Can Help

This vulnerability poses a very significant risk as it has a Low Attack Complexity, Low privileges requires and the Scope is Changed.  Scope is what we call a ‘Jump Point’ – which means an active exploit can jump from one technology to another.

Customers of Syxsense Manage and Syxsense Secure can request a custom to detect and remediate your vulnerable devices.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

New Weaponized Big Sur Vulnerability

By Blog, Patch ManagementNo Comments

New Weaponized Big Sur Vulnerability

Apple has published security updates for macOS Big Sur, iOS, iPadOS and watchOS. Four vulnerabilities are being actively weaponized.

[vc_empty_space]
[vc_single_image image=”365092″ img_size=”full”]

New Critical Big Sur Vulnerability

Apple has published security updates for macOS Big Sur, iOS, iPadOS and watchOS.  In total, four vulnerabilities are addressed in the updates, all of which are reported as being actively weaponized in the wild.

Apple has published security updates which take macOS Big Sur to 11.3.1, iOS (for older devices) to 12.5.3, iOS and iPadOS to 14.5.1, and watchOS to 7.4.1. In total, four vulnerabilities are addressed in the updates, one of which is common to all updates. All four vulnerabilities are WebKit issues and are all reported as being actively exploited in the wild. All four vulnerabilities, if successfully exploited, could potentially allow a remote attacker to execute arbitrary code.

Vulnerability Details

  • CVSS Score: 8.8
  • Attack Vector: Network
  • Attack Complexity:  Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged

CVEs

  • CVE-2021-30661
  • CVE-2021-30663
  • CVE-2021-30665
  • CVE-2021-30666

Recommendations: Apply applicable patches, updates, or workarounds as necessary.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||||Microsoft WSUS is Not Enough||||

Why Microsoft WSUS is Not Enough In 2022

By Patch ManagementNo Comments

Why Microsoft WSUS is Not Enough In 2022

With just Microsoft WSUS, can you keep your network and IT infrastructure protected from unpatched software vulnerabilities?

[vc_empty_space]
[vc_single_image image=”38784″ img_size=”full”]

What’s Better than WSUS?

You may already have Microsoft Windows Server Update Services (WSUS) in your IT environment for deploying Microsoft product updates to your Windows workstations. However, have you thought about patching non-Microsoft software that you run on your enterprise computers?

These non-Microsoft software products, such as Oracle, Java, and Adobe Reader, may expose your corporate environment to vulnerability exploits when left unpatched.

Manage Microsoft, Linux, Mac, and Third-Party Applications

Syxsense is a powerful solution for deploying, managing, and reporting on MicrosoftMacLinux and third-party patches on tens of thousands of workstations and servers across your enterprise.

# Features Microsoft WSUS Syxsense
1 Patching Microsoft Software Updates Yes Yes
2 Patching Non-Microsoft third-party Software Updates No Yes – See an industry-leading library of supported third-party products.
3 Visibility into Application Inventory Limited Hardware Inventory; No Software Inventory Yes – Microsoft & other third-party applications, hardware inventory, disk space & other metrics. Inventory history to compare devices state change within time.
4 On-Demand Patching No Yes
5 Reporting Visibility into Patched and Unpatched Systems and Software Limited Yes – HIPAA, SOX, & PCI Reports offer both executive summary and detailed information about the vulnerability status of your environment. No programming necessary.
6 Filtered Views No Yes
7 Scheduled Approvals No Yes
8 Notification of Failed Updates Limited – Does not provide information on why the update failed Yes – Provides information in both reports, dashboards offering a quick path to redeploy.
9 Patch Scheduling Limited – Basic patch scheduling such as choosing a particular hour of the day, and optionally a single day of the week, with the hope the target machine is actually powered on at that time Yes – Push patches at discrete times to accommodate different time zones and network impacts of patching large numbers of endpoints.  Set maintenance windows to automatically maintain a fully patched, secure status.
10 Wake-on LAN for booting target systems for patch management No Yes
11 Third-Party Pre-Built & Tested Packages No Yes – For many common applications
12 Custom Package Creation No Wizard-driven – Package Creation Wizard for complex before and after deployment scenarios
13 Client Health Diagnosis & Remediation No Yes – Device Health
14 Device Quarantine No Yes – It allows isolating potentially vulnerable devices from the network to check and remediate any issues without creating a threat for other endpoints
18 Device Discovery Yes. Yet, discovery takes a lot of time, as endpoint check-in to the WSUS server after a defined interval. Yes – Syxsense shows the system state in real-time, so new devices are discovered immediately.
21 Remote Control Yes – However, the process defers depending on the Windows version, so you have to figure out how to organize remote control every time Yes – And the process is simple and intuitive
23 Detection Logic and Default Patch Supersedence No. WSUS does not automatically decline superseded updates in favor of the new, superseding update. Yes. Patch supersedence is completed by default, so you don’t have to research which updates are required.
25 Software Distribution No Yes
26 Visual Drag-and-Drop Interface For Complex IT Workflows Automation No Yes – An intuitive no-code interface allows you to create and schedule complex workflows in just a few minutes

 

Why Syxsense?

Syxsense maximizes your investment in security and allows you to patch all endpoints with more visibility, control, and reporting from the simplicity of a single, centralized, intuitive interface.

Syxsense gives you key management capabilities that help you simplify the entire patch management process from patch notification, to import/synchronization, publishing, approvals, deployment, scheduling, reboots, and more.

Patch Management

WSUS lacks the ability to patch applications outside of Microsoft products. It also struggles to effectively schedule patches and report on patch status, superseding patches, inventory, and its history.

Additionally, WSUS leverages stale data. With the time between the discovery of a vulnerability and the emergence of an exploit decreasing, threats require immediate responses. Besides, with WSUS, it’s impossible to quarantine the device until the problems with it are solved.

The Syxsense Advantage

Syxsense allows you to:

  • See your full inventory and vulnerability status
  • Prioritize and deploy patches based upon severity, and manage superseding patches effectively
  • Start patching endpoints within minutes
  • Automate complex IT workflows with intuitive no-code interface
  • Discover new devices entering your network in real-time
  • Quarantine the devices that pose a threat to the entire network
  • Distribute software across all the endpoints within maintenance windows

Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across your entire environment. Find peace of mind by trusting your Syxsense and set up a free trial today.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1591217514287{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
|

Apple Patches MacOS Zero-Day Exploit

By Blog, News, Patch ManagementNo Comments

Apple Patches MacOS Zero-Day Exploit

A new MacOS exploit pushes unchecked payloads to devices by bypassing Apple’s security tools when users attempt to use an infected installation package.

[vc_empty_space]
[vc_single_image image=”365018″ img_size=”full”]

Apple Patches MacOS Bug

On Monday, April 26th Apple released MacOS 11.3, a security rollup patch which remediates multiple known attack vectors. Among these vectors is CVE-2021-30657, an exploit which has been used since January to push unchecked payloads to user computers by bypassing Apple’s security tools when a user attempts to use an infected installation package.

Under the Hood

Under normal circumstances, when a MacOS user opens an application installer, the installer is first put through Apple’s anti-malware detection suite. This process contains a multi-functional mesh of security checks and scans.

The first layer of the anti-malware mesh is the File Quarantine tag. Apple first started securing users against tainted downloads in OSX Leopard by implementing file quarantining. This security attribute marks un-identified files as unsafe by applying a quarantine tag to the file’s attributes. When opening files with the quarantine tag, access will either be prompted or denied, depending on the policies applied to the computer.

Iterating on the File Quarantine tags, Apple introduced an additional layer of security in OSX Lion named Gatekeeper. The macOS Gatekeeper checks code-signing information on all new files accessed by the system to ensure that the file conforms to system policies. If the file does not meet the system policy requirement, the access is either revoked or prompted depending on applied policies.

More recently, Apple introduced new functionality in macOS Catalina which requires pre-authorization by Apple before an application is released to the public with a process titled Notarization. With this new tool, software authors provide their software to Apple prior to public release for an automated security scan.

Once the scan completes, Apple provides an attribute tag for the software which verifies its authenticity and safety. If a user attempts to install software without this attribute, the software is flagged by the anti-malware suite and access is either denied or prompted based on computer policy.

Below is the prompt generated by the Notarization, Gatekeeper, and Quarantine processes working in concert to defend against a potentially dangerous executable.

[vc_single_image image=”365024″ img_size=”full” css_animation=”fadeIn” css=”.vc_custom_1619666160130{padding-right: 160px !important;padding-left: 160px !important;}”]

How It Works

CVE-2021-30657 manages to bypass all layers of macOS’s anti-malware suite by re-building it’s payload bundles with specifically mischaracterized property files. When a re-bundled payload is passed through the detection suite, the file contents are not recognized by the File Quarantine and Notarization processes and are default allowed by the anti-malware tools.

Because payloads using the CVE-2021-30657 exploit are default allowed, the Gatekeeper process never gets activated and the user is never given a security prompt. Instead, the payload is quietly executed, and the computer becomes compromised. In its current iteration, the well-known malware suite Shlayer is known to use CVE-2021-30657 to silently push payloads to endpoints while masquerading as an Adobe Flash Player update.

The Take-Away

There are two major takeaways from CVE-2021-30657.

First, never download applications from untrusted or third-party sites. Where possible, always install applications from the Mac App store or directly from well-known publishers like Microsoft or Adobe. When installing software not found on the Mac App store, make sure you are on the publishers’ website, and not a third-party website. These unsecure sites may contain reuploads of authentic software packages which contain software exploits similar to CVE-2021-30657.

Second, make sure that you keep your operating system up to date. MacOS 11.3 introduces patches which safeguard against CVE-2021-30657 and ensures that users are correctly prompted or denied before executing potentially dangerous executables.

How Syxsense Secure Can Help

Syxsense Secure provides automated patch management, vulnerability scanning, and IT management. It can detect if an endpoint is vulnerable to CVE-2021-30657 and deploy the corresponding security update efficiently, before any damage is done.

Syxsense Secure also provides the ability to push software to endpoint devices, limiting the attack surface of your company and providing your end users with safe access to the tools they need. Syxsense Secure also includes advanced features such as patch supersedence, patch roll back, and a wealth of automation and configuration features.

Further, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

April Patch Tuesday 2021 Addresses Over 100 Security Fixes

By Patch Management, Patch TuesdayNo Comments

April Patch Tuesday 2021 Addresses Over 100 Security Fixes

April Patch Tuesday 2021 has arrived. Tackle the latest Microsoft updates, critical patches, and vulnerabilities of the month.

[vc_empty_space]
[vc_single_image image=”364913″ img_size=”full”]

Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats

There are 19 Critical, 88 Important and 1 Moderate — fixes this month are for Microsoft Windows, Edge, Azure and Azure DevOps Server, Microsoft Office, SharePoint Server, Hyper-V, Team Foundation Server, Visual Studio, and Exchange Server.

Year 2 Extended Support: Windows 7 and Windows Server 2008 (including R2) have received substantial updates this month surpassing all records since Windows 7 and 2008 ending their mainstream support.

  1. Windows 7 – 14 Critical and 36 Important vulnerabilities fixed
  2. Windows 2008 R2 – 14 Critical and 33 Important vulnerabilities fixed

Robert Brown, Head of Customer Success for Syxsense said, “We have the largest Patch Tuesday release of the year and there are many very serious issues being addressed. We understand a lot of our customers will be concerned because of the reported Blue Screen / Stop Screens caused by the March Patch Tuesday, but we implore our customers to plan the remediation of these latest threats. Your patching strategy should include testing to provide the confidence of side wide remediation.”

Top April Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2021-28310 Win32k Elevation of Privilege Vulnerability

The vulnerability exists due to a boundary error within win32k.sys driver in Microsoft Windows. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: Yes
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2021-28480 Microsoft Exchange Server Remote Code Execution

The vulnerability exists due to improper input validation in the Microsoft Exchange Server. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

3. CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability

The vulnerability exists due to application does not properly impose security restrictions in the RPC Endpoint Mapper Service, which leads to security restrictions bypass and privilege escalation.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk Alert

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No
[vc_single_image image=”38151″ img_size=”full” onclick=”custom_link” link=”https://www.syxsense.com/start-a-free-trial-of-syxsense/”]

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

CVE Title Vendor Severity CVSS Score Publicly Aware Weaponised Countermeasure Syxsense Recommended
CVE-2021-28310 Win32k Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-28458 Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability Important 7.8 Yes No No Yes
CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability Important 7.8 Yes No No Yes
CVE-2021-28437 Windows Installer Information Disclosure Vulnerability Important 5.5 Yes No No Yes
CVE-2021-28312 Windows NTFS Denial of Service Vulnerability Moderate 3.3 Yes No No Yes
CVE-2021-28480 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-28481 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-28483 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9 No No No Yes
CVE-2021-28482 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28329 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28330 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28331 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28332 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28333 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28334 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28335 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28336 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28337 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28338 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28339 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28343 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-28327 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28340 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28341 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28342 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28344 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28345 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28346 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28352 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28353 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28354 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28355 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28356 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28357 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28358 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28434 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-28460 Azure Sphere Unsigned Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2021-28445 Windows Network File System Remote Code Execution Vulnerability Important 8.1 No No No Yes
CVE-2021-27095 Windows Media Video Decoder Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-28315 Windows Media Video Decoder Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-28313 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28321 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28322 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28451 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28454 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27089 Microsoft Internet Messaging API Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28449 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28453 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27096 NTFS Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28466 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28468 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28471 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28470 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28448 Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28472 Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28457 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28469 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28473 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28475 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27064 Visual Studio Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28464 VP9 Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27088 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28348 Windows GDI+ Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28349 Windows GDI+ Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28350 Windows GDI+ Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-28314 Windows Hyper-V Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26415 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28320 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-27090 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-27086 Windows Services and Controller App Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28347 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28351 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-28436 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26416 Windows Hyper-V Denial of Service Vulnerability Important 7.7 No No No
CVE-2021-28324 Windows SMB Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-28319 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-28439 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-28452 Microsoft Outlook Memory Corruption Vulnerability Important 7.1 No No No
CVE-2021-28446 Windows Port mapping Information Disclosure Vulnerability Important 7.1 No No No
CVE-2021-28477 Visual Studio Code Remote Code Execution Vulnerability Important 7 No No No
CVE-2021-27072 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-28440 Windows Installer Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-27067 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-28311 Windows Application Compatibility Cache Denial of Service Vulnerability Important 6.5 No No No
CVE-2021-28323 Windows DNS Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-28328 Windows DNS Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-28441 Windows Hyper-V Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-28325 Windows SMB Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-28442 Windows TCP/IP Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-26413 Windows Installer Spoofing Vulnerability Important 6.2 No No No
CVE-2021-28459 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability Important 6.1 No No No
CVE-2021-28444 Windows Hyper-V Security Feature Bypass Vulnerability Important 5.7 No No No
CVE-2021-27079 Windows Media Photo Codec Information Disclosure Vulnerability Important 5.7 No No No
CVE-2021-28456 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-28317 Microsoft Windows Codecs Library Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-28326 Windows AppX Deployment Server Denial of Service Vulnerability Important 5.5 No No No
CVE-2021-28438 Windows Console Driver Denial of Service Vulnerability Important 5.5 No No No
CVE-2021-28443 Windows Console Driver Denial of Service Vulnerability Important 5.5 No No No
||

3 Reasons Why Patching Matters

By Patch ManagementNo Comments

3 Reasons Why Patching Matters

From the famous Equifax breach to recent events like the Microsoft Exchange incursion, patch management is just as important as ever.

[vc_empty_space]
[vc_single_image image=”364923″ img_size=”full”]

Why Patching Matters

Whether its older incidents such as the famous Equifax breach or more recent events like the Microsoft Exchange incursion, investigation into the underlying causes of security failures reveals two key areas: user insecurity (opening a phishing email attachment, being careless with credentials, etc.) or not applying an approved patch for a known vulnerability.

The human factor must be addressed via effective security awareness training, but the patching problem is down to either an inadequate patch management system or not following industry best practices for patching.

Here are three reasons why patching matters:

1. Cybercriminals are Lazy

Yes, there are a few criminal masterminds and gifted hackers out there who come out with ingenious new ways of navigating around and penetrating organizational defenses. They earn all the headlines (as well as the jail sentences). As a result, there is a mistaken perception that all cybercriminals fall in this bracket.

The reality is that the vast majority of them are lazy. They plod along pinging systems to discover if they have failed to protect against known vulnerabilities. We are not talking about a few days after an exploit is discovered and a patch is released. In some cases, a great many months can go by without a critical security hole being plugged. Hackers know this. It’s their bread and butter.

A study by Flexera found that more than 80% of vulnerabilities have a patch within 24 hours of public disclosure, yet 99% of exploitation targets are publicly known vulnerabilities. That’s why the bad guys focus on existing holes that nobody bothered to fix. Why be brilliant when there are rich pickings out there even in large organizations. Patching, therefore, closes the door on 99% of potential security weaknesses.

2. Ransomware Sucks

More than half of all organizations experienced a ransomware attack – more than two million incidents in 2019, according to Enterprise Strategy Group (ESG). Cybercriminals extort billions via ransoms. As well as the financial losses, organizations find themselves locked out of critical systems. After the dust settles on an attack, it is quite common for the fallout to continue. Executives lose their jobs for inadequate funding of security, and IT staff are let go for taking their eye of the patch management ball.

Unfortunately, the ransomware situation worsened in 2020 due to so many working from home. And it will probably spike again in 2021 as people return to the office with unpatched or mispatched devices. The morale of the story is clear. Extra attention to patching today could prevent a ransomware catastrophe tomorrow.

3. Automated Patching Works

Some areas of IT are deemed more attractive than others. Application development, the cloud, and analytics are likely to earn far more executive admiration and have greater pay increase potential than routine administrative tasks such as backup and patching. Yet both can become very exciting (in a bad way) in the wake of a disaster or data breach if they fail to safeguard the organization.

By their very nature, both activities tend to be neglected if they are dealt with manually. They require automation and good oversight if they are to consistently protect the organization.

Organizational best practices always include efficient and timely patching of IT systems with priority given to those areas judged to be of the highest priority in terms of productivity, revenue, and security.

“Effective patch management mitigates risk by eliminating domain-specific activities and applying standard processes across all enterprise systems,” said Gartner analyst Terrence Cosgrove.

How Syxsense Makes Patch Management Easier

Syxsense lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features.

In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Exchange Server Hack Reveals the Importance of Patch Management

By NewsNo Comments

Exchange Server Hack Reveals the Importance of Patch Management

Microsoft released an emergency patch on March 2 to plug four security holes in Exchange Server with zero-day exploits continuing.

[vc_empty_space]
[vc_single_image image=”364790″ img_size=”full”]

Exchange Server Hack Shows Why Patch Management Matters

Patch management can never be taken for granted. Yet it appears that many organizations are doing just that.

Microsoft released an emergency patch on March 2 to plug four security holes in Exchange Server. Zero-day attacks exploited these gaps to siphon off emails traffic. Yet despite the existence of the patch and publicity surrounding it, Microsoft continues to see multiple actors taking advantage of unpatched systems one week later. Clearly, patch management is not being given sufficient priority by these IT teams.

In some ways, it may be like the night sentries of old. Some feel asleep at four in the morning and didn’t notice the bad guys jumping the walls. But in the majority of cases, the sentries simply became inattentive. After many hours, days, weeks of walking back and forth along the parapet, they become certain that nothing would ever happen. They stopped looking. Their eyes glazed over and they mechanically paced along, no longer vigilant for any hint of danger, no matter how fleeing – until that fateful day when the castle was stormed on their watch.

Patch Management Vigilance

With Microsoft continuing to advise companies to patch Exchange Server, it appears that those looking after patch management inside some organizations have lost their sense of vigilance and urgency. Perhaps this vital Microsoft patch is sitting in a queue behind another dozen patches that need to be applied.

Perhaps some IT emergency has taken precedence. Perhaps the person dealing with patch management is on vacation. Whatever the excuse, every day without that Exchange patch raises the chances of bad actors getting inside, But then, they may well be there already, quietly infiltrating email accounts and snooping around for financials or confidential files.

Microsoft is so worried about the threat that it has issued a feed of observed indicators of compromise (IOCs) as well as information about various fixes, the details of the attack, and the threat actors involved. Beyond that, it goes without saying that the Exchange patch needs to be implemented immediately.

Organizational barriers to accomplishing this should be removed at once. Systems should be thoroughly checked for any evidence of possible compromise. And organizations should add more rigor to patch management processes. There is no place for complacency when it comes to prioritizing and installing updates and patches to fix gaping security holes.

How Syxsense Can Help

Within Syxsense, we take urgent patches very seriously. Our team evaluates, tests, prioritizes, and releases patches into our patch management system within three hours of issuance by the vendor. This leads the industry. It’s not uncommon for competitors to take many days to accomplish the same thing.

Syxsense Secure provides the technology, the automation, the processes, and the timeliness you need to stay up to date on patches, while also taking care of vulnerability scanning and IT management functions.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
|||

Microsoft Confirms New Blue Screen of Death (BSOD) Crashes

By News, Patch TuesdayNo Comments

Microsoft Confirms New Blue Screen of Death (BSOD) Crashes

Following the latest Patch Tuesday, Microsoft has confirmed that Windows 10 devices might crash with a Blue Screen of Death (BSOD).

[vc_empty_space]
[vc_single_image image=”364777″ img_size=”full”]

BSOD Crashes Caused By New Windows 10 Updates

Microsoft released three Windows 10 patches to resolve critical bugs as part of their monthly Patch Tuesday release. These patches have been tested by Syxsense, and following our release process, we observed issues where Blue Screens of Death (BSOD) may occur.

This has been witnessed independently and Microsoft has released an emergency notice. The alert states that an issue has been identified when printing in win32kfull.sys and may impact different printer manufacturers.

The following patches are impacted:

  1. KB5000802 Windows 10, version 2004 and 20H2
  2. KB5000808 Windows 10, version 1909
  3. KB5000822 Windows 10, version 1809
[vc_single_image image=”364782″ img_size=”full” css_animation=”fadeIn” css=”.vc_custom_1615502601153{padding-right: 150px !important;padding-left: 150px !important;}”]

What You Should Do

Syxsense remains committed to assist customers who have been effected by this BSOD disruption and have left the uninstaller within the console so these updates can be uninstalled, however until Microsoft addresses the issues above, the content will not be available for public deployment.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

March Patch Tuesday 2021 Addresses 89 Security Fixes

By Patch Management, Patch TuesdayNo Comments

March Patch Tuesday 2021 Addresses 89 Security Fixes

March Patch Tuesday 2021 has officially arrived — tackle the latest Microsoft updates and vulnerabilities for this month.

[vc_empty_space]
[vc_single_image image=”364761″ img_size=”full”]

Microsoft Fixes 89 Bugs this Month, Including Critical IE Fix

There are 14 critical and 75 important fixes this month. This includes updates for Windows, Azure and Azure DevOps, Azure Sphere, Internet Explorer and Edge (EdgeHTML), Exchange Server, Office and Office Services and Web Apps, SharePoint Server, Visual Studio, and Windows Hyper-V.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) also received updates:

  • Windows 7 – 5 Important vulnerabilities fixed, with the most important one fixing an issue with pending print jobs which remain in an error state.
  • Windows 2008 R2 – 1 Critical and 8 Important vulnerabilities fixed, with the worst impacting DNS as per our recommendation below.

“Today is the last scheduled release of patches for legacy Windows Edge, and going forward this will become an obsolete browser,” said Robert Brown, Head of Customer Success for Syxsense. “ You must upgrade to the newest Microsoft Edge browser which uses the new Chromium engine, similar to Mozilla and Google Chrome.”

For next month, the only updates for Microsoft Edge will be for the Chromium version. We have also seen a very serious weaponized issue fixed with Internet Explorer which has not been patched for almost four months.

Top March Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2021-26411: Internet Explorer Memory Corruption Vulnerability

An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and convince a user to view the website. Additionally, the attacker could also take advantage of compromised websites, or ones that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability.

However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 8.8
  • Weaponised: Yes
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Yes

2. CVE-2021-26867: Hyper-V Remote Code Execution Vulnerability

Microsoft Windows Hyper-V could allow a remote authenticated attacker to execute arbitrary code on the system. By executing a specially-crafted program on a Hyper-V guest, an attacker could exploit this vulnerability to execute arbitrary code on the host operating system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.9
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: Hyper-V client which is configured to use the Plan 9 file system, under Linux.

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

3. CVE-2021-26897: Windows DNS Server Remote Code Execution Vulnerability

The vulnerability exists due to improper input validation in the Windows DNS Server. A remote attacker can send a specially-crafted request and execute arbitrary code on the target system which if success may result in complete compromise of vulnerable system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: Some – DNS server would need to have dynamic updates enabled.

Syxscore Risk Alert

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No
[vc_single_image image=”38151″ img_size=”full” onclick=”custom_link” link=”https://www.syxsense.com/start-a-free-trial-of-syxsense/”]

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

 

CVE Title Vendor Severity CVSS Score Publicly Aware Weaponised Countermeasure Syxsense Recommended
CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9.1 No Yes No Yes
CVE-2021-26411 Internet Explorer Memory Corruption Vulnerability Critical 8.8 Yes Yes No Yes
CVE-2021-26857 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 7.8 No Yes No Yes
CVE-2021-27065 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 7.8 No Yes No Yes
CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability Important 7.8 No Yes No Yes
CVE-2021-26867 Windows Hyper-V Remote Code Execution Vulnerability Critical 9.9 No No Yes Yes
CVE-2021-26897 Windows DNS Server Remote Code Execution Vulnerability Critical 9.8 No No Yes Yes
CVE-2021-26877 Windows DNS Server Remote Code Execution Vulnerability Important 9.8 No No No Yes
CVE-2021-26893 Windows DNS Server Remote Code Execution Vulnerability Important 9.8 No No No Yes
CVE-2021-26894 Windows DNS Server Remote Code Execution Vulnerability Important 9.8 No No No Yes
CVE-2021-26895 Windows DNS Server Remote Code Execution Vulnerability Important 9.8 No No No Yes
CVE-2021-27080 Azure Sphere Unsigned Code Execution Vulnerability Critical 9.3 No No No Yes
CVE-2021-26412 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9.1 No No No Yes
CVE-2021-27078 Microsoft Exchange Server Remote Code Execution Vulnerability Important 9.1 No No No Yes
CVE-2021-21300 Git for Visual Studio Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-26876 OpenType Font Parsing Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-27085 Internet Explorer Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-27076 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-26865 Windows Container Execution Agent Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2021-26864 Windows Virtual Registry Provider Elevation of Privilege Vulnerability Important 8.4 No No No Yes
CVE-2021-27077 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 Yes No No Yes
CVE-2021-24089 HEVC Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-26902 HEVC Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-27061 HEVC Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-27074 Azure Sphere Unsigned Code Execution Vulnerability Critical 6.2 No No No Yes
CVE-2021-26890 Application Virtualization Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-24110 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27047 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27048 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27049 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27050 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27051 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27062 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27053 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27054 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27058 Microsoft Office ClickToRun Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-24108 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27057 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27056 Microsoft PowerPoint Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-26887 Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-27082 Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-26882 Remote Access API Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-27083 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-26880 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-27081 Visual Studio Code ESLint Extension Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-27060 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-26860 Windows App-V Overlay Filter Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26891 Windows Container Execution Agent Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-24090 Windows Error Reporting Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26872 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26898 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26901 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26868 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26861 Windows Graphics Component Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-26874 Windows Overlay Filter Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1640 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26878 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26870 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26899 Windows UPnP Device Host Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26871 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26885 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26875 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26900 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-26859 Microsoft Power BI Information Disclosure Vulnerability Important 7.7 No No No
CVE-2021-27059 Microsoft Office Remote Code Execution Vulnerability Important 7.6 No No No
CVE-2021-26881 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2021-26896 Windows DNS Server Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-27063 Windows DNS Server Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-26879 Windows NAT Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-27070 Windows 10 Update Assistant Elevation of Privilege Vulnerability Important 7.3 No No No
CVE-2021-26866 Windows Update Service Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2021-26889 Windows Update Stack Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2021-1729 Windows Update Stack Setup Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2021-24095 DirectX Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-27055 Microsoft Visio Security Feature Bypass Vulnerability Important 7 No No No
CVE-2021-26873 Windows User Profile Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-26863 Windows Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-27075 Azure Virtual Machine Information Disclosure Vulnerability Important 6.8 No No No
CVE-2021-26854 Microsoft Exchange Server Remote Code Execution Vulnerability Important 6.6 No No No
CVE-2021-26862 Windows Installer Elevation of Privilege Vulnerability Important 6.3 No No No
CVE-2021-26892 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Important 6.2 No No No
CVE-2021-26886 User Profile Service Denial of Service Vulnerability Important 5.5 No No No
CVE-2021-26869 Windows ActiveX Installer Service Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-24107 Windows Event Tracing Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-26884 Windows Media Photo Codec Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-27052 Microsoft SharePoint Server Information Disclosure Vulnerability Important 5.3 No No No
CVE-2021-24104 Microsoft SharePoint Spoofing Vulnerability Important 4.6 No No No
CVE-2021-27066 Windows Admin Center Security Feature Bypass Vulnerability Important 4.3 No No No
CVE-2021-27084 Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability Important NA No No No

 

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Why Combine Patching, Vulnerability Scanning, and IT Management?

By Patch ManagementNo Comments

Why Combine Patching, Vulnerability Scanning, and IT Management in One Package?

See the top three reasons you should combine patching, vulnerability scanning, and IT management into one integrated, cloud-based package.

[vc_empty_space]
[vc_single_image image=”364750″ img_size=”full”]

With constant disruption over the last few decades due to a constant stream of IT breakthroughs, it is no wonder that the security landscape has evolved into a patchwork of disparate tools. Administrators have grown accustomed to hopping from console to console to address anti-virus, firewalls, penetration testing, and other security applications.

Even when vendors attempt to assemble an “all-inclusive” security suite, they either miss key areas, or new applications and technologies emerge. It doesn’t take long for these comprehensive packages to be full of gaping holes.

Specific to patching and vulnerability scanning, many organizations have go-to applications for these tasks. They add them to their security arsenals and log into these tools when they need to conduct a scan or give patching more attention.

There is a better way. Here are three reasons why it makes sense to combine patching, vulnerability scanning, and IT management into one integrated, cloud-based package.

1. Single Console

The obvious advantage is ease of use. By combining IT management, patching, and vulnerability scanning, IT can view it all on one screen. This immediately consolidates the management of vulnerabilities and security weaknesses exposed by open ports, disabled firewalls, ineffective user account policies, and out-of-date patches.

Other point products may provide a long list of potential vulnerabilities, but they don’t patch them. Alternatively, they may patch but don’t necessarily detect the vulnerabilities that exist. Either way, failing to consolidate these functions means more work for IT and greater risk for the organization.

2. Compliance and Reporting

Reporting is often a weak spot among applications dealing with patch management or vulnerability scanning. They may perform a single function somewhat adequately, but the reports provided are often lacking.

At one end of the spectrum, reports are too sketchy. At the other end, they provide endless lists of possible threats, or scrolls of patches needing to be fixed – without differentiating between patch versions from vendors that often roll older patches into more recent patch releases. Thus, IT spends time distributing unnecessary patches while failing to prioritize an urgent patch when a new attack vector emerges.

Compliance, too, is often a weak spot. With so many industries required to comply to regulations such as HIPAA, SOX, and PCI-DSS, unified reporting that comprehensively addresses patches and vulnerabilities is a must have.

3. No More Scripting

Vulnerability scanning and patching can involve a lot of tedious, repetitive tasks. It is time consuming to wade through long lists of alerts and potential problems. That’s why it’s so important to add management and process automation into the equation.

Let’s take the example of a multistage task such as patching a virtual server. It requires the patching of a VM guest and a reboot, followed by patching the host and another reboot. Why right scripts for all of that when it can be automated when IT management, and patch management are integrated? Scripting, then, should be replaced by drag and drop tools.

Automation can also take care of areas like:

  • Patch distribution: sending the right patches to the right devices rapidly.
  • Patch supersedence (automatically ignoring older patches that are taken care of by a newer release)
  • Eliminating network overload: If you push Microsoft Office patches out to 300 machines simultaneously, it can stall the network due to the quantity of data involved. Intelligent management platforms send the patch across the wire once to be shared peer-to-peer within the network.
  • Mobile devices returning to the office: The system detects their presence, quarantines the devices, checks for compliance, and remediates any issues before allowing them back onto the network.
  • Patch approval: Some organizations require various points of approval before patches are released. Good management tools make it easy to set this up once and thereafter be implemented automatically as part of the patching process.
  • Audits: Integrated management of vulnerability scanning and patch remediation simplifies the task of gathering up information for audits via drag and drop capabilities.
  • Patch roll back: If a patch caused an issue, it should be a simple matter to roll it back without IT jumping through hoops.
  • Threat alerts: Intelligent management sifts through enormous log entries and narrows threats downs to the handful requiring urgent attention.

Try Syxsense for Free

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution.

Syxsense Cortex simplifies complex IT and security processes with a drag-and-drop interface. Pre-built templates keep organizations secure and without needing large teams, specialists, or scripting.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]