Skip to main content
Tag

Patch Tuesday Updates

||

Sophos and Windows 7 Updates Incompatible

By News, Patch ManagementNo Comments

Sophos and Windows 7 Updates Incompatible

Reports indicate Sophos Endpoint Antivirus is incompatible with the latest updates for Windows 7, causing a total crash on the log on screen or BSOD.

Sophos Endpoint Antivirus is a hybrid antivirus solution that provides businesses protection against malware, viruses and offers a remote management tool. Regrettably, there are reports that it is not compatible with the latest Windows updates for Windows 7 causing either a total crash on the logon screen or BSOD.

The issue occurs with the following Microsoft updates:
  • KB4493446
  • KB4493448
  • KB4493450
  • KB4493451
  • KB4493458
  • KB4493467
  • KB4493471
  • KB4493472
Robert Brown, Director of Services for Verismic said, “We have learned Sophos recommends immediately removing these updates from your active deployments, and if already deployed to remove them swiftly until the issue is resolved. A patch is not yet available, but to make things easier our customers can search for these updates in Syxsense and easily remove them without causing any further end user disruption.”

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Thank You For Not Patching

By News, Patch ManagementNo Comments

Thank You For Not Patching

New studies show how patching continues to impact most organizations with real consequences.

Nearly 60% of organizations that suffered a data breach in the past two years cite as the culprit a known vulnerability for which they had not yet patched.

Half of organizations in a new Ponemon Institute study conducted on behalf of ServiceNow say they were hit with one or more data breaches in the past two years, and 34% say they knew their systems were vulnerable prior to the attack. The study surveyed nearly 3,000 IT professionals worldwide on their patching practices.

Patching software security flaws by now should seem like a no-brainer for organizations, yet most organizations still struggle to keep up with and manage the process of applying software updates. “Detecting and prioritizing and getting vulnerabilities solved seems to be the most significant thing an organization can do [to prevent] getting breached,” says Piero DePaoli, senior director of marketing at ServiceNow, of the report.

“Once a vulnerability and patch are announced, the race is on,” he says. “How fast can a hacker weaponize it and take advantage of it” before organizations can get their patches applied, he says.

Get started with Syxsense to elevate your approach to IT patch management and protect your business from major vulnerabilities and threats.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

Microsoft Patch Tuesday Updates Are Freezing Windows

By News, Patch Management, Patch TuesdayNo Comments

Microsoft Patch Tuesday Updates Are Freezing Windows

If you installed the latest round of Microsoft patches and found that your computer experienced errors or started to freeze, you are not alone.

What’s occurring and which versions are affected?

Microsoft has confirmed that computers are freezing during the latest “Patch Tuesday” update process. However, the issue could be more prevalent than Microsoft is stating.

Microsoft has indicated that there is “an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update.” Users of Avast for Business and CloudCare have reported freezing upon startup and Avira antivirus users are experiencing slow devices.

The security update in question includes fixes that were part of KB4489892. It was primarily meant to provide further mitigations against Spectre and Meltdown, but included other improvements as well.

It appears that a large number of Windows versions are affected by the update problems, including Windows 7, Windows 8.1, Windows Embedded 8, Windows Server 2008, Windows Server 2012, Windows Server 2012 R2 and Windows 10.

How do you fix it?

If the Sophos Endpoint is installed, Microsoft has temporarily blocked devices from receiving these updates until a solution is available. However, there is no confirmation of the problems that Avast and Avira users are facing—only Sophos.

If you have installed the Patch Tuesday updates and need to fix them, we highly recommend rolling back the updates in question.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

December Patch Tuesday: Bad Winter

By News, Patch TuesdayNo Comments
[vc_single_image image=”13259″ img_size=”full”]

On the 12th day of December, Verismic sent to me … Top 10 Breaches of 2017!

Throughout this year we have been breaking some of the worst IT security breaches of 2017, which have impacted millions of users worldwide.  We continue to advise our clients the single most important decision you can make to achieve a level of protection for your organization is to onboard a tool like Syxsense to automate the detection of all devices and to automate a rigorous patching processes.  If you need help, please download our Avoiding Patch Doomsday whitepaper or get in touch.

Here are our top 10 IT security breaches for 2017: 

  1. TeamViewer Exploited.  A new vulnerability within TeamViewer has been making news across the internet. In an official statement by the company, they revealed that a GitHub user discovered a vulnerability in TeamViewer’s set of permissions.
  2. Worldwide Malware Attack: Exploring WannaCry.  WannaCry is the worst malware attack of 2017.  As computer virus outbreaks go, this ransomware attack is being called one of the biggest cyberattacks in history and continues to spread worldwide.
  3. Equifax Hack – Cyberattack.  Criminals gained access to certain files in Equifax’s system from mid-May to July by exploiting a weak point in website software affecting 143 million customers worldwide.
  4. Hyatt Hack: Major Data Breach.  41 of its hotels spread across 13 countries confirmed unauthorized access to payment card information.  Hyatt suffered a similar breach affecting 250 hotels located in 50 countries back in 2015.
  5. HBO – Game of Thrones series stolen.  The recent HBO hack may have exposed up to 1.5 terabytes of data.  This is 7 times what Sony lost in the 2014 cyberattack.
  6. CIA Hacks.  Wikileaks recently published the article “Vault 7: CIA Hacking Tools Revealed.”   This list of compromised software includes Notepad++.  When Notepad++ is launched, the original scilexer.dll is replaced by a modified scilexer.dll built by the CIA.
  7. BadRabbit: Newest Ransomware to Target Corporate Networks.  The outbreak began in Russia, infecting big Russian media outlets, but it has already spread.  Several US and UK firms, with corporate entities in the Ukraine and Russia, have already been infected.
  8. Hidden Cobra: North Korea’s History of Hacking.  Since 2009, Hidden Cobra actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature.
  9. Invasion of the Body Hackers.  On August 29th, the FDA issued an alert regarding Abbott pacemakers.  Formerly known as St. Jude Medical, the Abbott pacemakers have vulnerabilities in their software.
  10. BitPaymer Ransomware Hits NHS.  The hack caused major disruption, leading to thousands of cancelled appointments.

BREAKING NEWS: 1.4 Billion credentials leaked on the Dark Web!

A huge data dump has been found on the dark web containing 1.4 clear text credentials.  At over 41 gigabytes in size, this will take some time to pass through however you can be assured sophisticated programs will be ready soon to exploit software, apps or websites you are using.  Robert Brown, Director of Services at Verismic said, “No matter how complex your passwords are, it is not going to be complex enough if your password is discovered in this data dump.  Two-factor authentication has been around for years, and Syxsense has been using Two-factor since the beginning to protect our customer identity.  Two-factor authentication within Syxsense requires an additional automatically generated password be entered via email or Google Authenticator ensuring no single password gives you full access to the system.  We would highly encourage our clients to leave it enabled as it is enabled by default.”

Companies Plan to Change Third-Party Vendors that Pose Highest Risks!

Global consulting firm Protiviti and the Shared Assessments Program’s annual Vendor Risk Management Benchmark Study finds that a majority (53 percent) of organizations surveyed are likely to exit or change (de-risk) relationships with some vendors due to heightened risk levels.  The study finds that 71 percent of these organizations will likely change their high-risk relationships over the next 12 months.  Robert Brown, Director of Services for Verismic said, “Deployment of Third-party updates to bring them into compliancy is simple if you are using the right systems management toolset & the right approach to deployment of detected updates.”  The full article can be found here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

[vc_single_image image=”10055″ img_size=”180×180 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

December Patch Tuesday Release

Microsoft addressed 32 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, Microsoft Exchange, Microsoft Excel, Microsoft PowerPoint, and Microsoft SharePoint.  The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service condition.  We have chosen a few updates to prioritise this month, this recommendation has been made using evidence from industry experts (including our own), anticipated business impact & most importantly the independent CVSS score for the vulnerability.  The independent CVSS scores used in the table below range from 0 to 10.  Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium, and 0-3.9 are Low.

 

CVE ID Vulnerability Alert CVSS Base Score Recommended
CVE-2017-11886 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11890 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11894 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11895 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11899 Microsoft Windows Security Feature Bypass Vulnerability 7.5 Yes
CVE-2017-11901 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11903 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11907 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11912 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11913 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11919 Microsoft Edge and Internet Explorer Information Disclosure Vulnerability 7.5 Yes
CVE-2017-11930 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11885 Microsoft Windows RRAS Arbitrary Code Execution Vulnerability 6.6 Yes
CVE-2017-11932 Microsoft Exchange Spoofing Vulnerability 5.4 Yes
CVE-2017-11936 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4 Yes
CVE-2017-11887 Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-11906 Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-11927 Microsoft Windows Information Disclosure Vulnerability 4.3
CVE-2017-11934 Microsoft PowerPoint Information Disclosure Vulnerability 4.3
CVE-2017-11888 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11889 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-11893 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11905 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11908 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11909 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11910 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11911 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11914 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11916 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11918 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11935 Microsoft Excel Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11939 Microsoft Office Information Disclosure Vulnerability 3.1
[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”][dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
|

November Patch Tuesday: High-Speed Malware

By News, Patch TuesdayNo Comments
[vc_single_image image=”13170″ img_size=”full”]

Russia Caught On Top

Towards the end of October, we started to see a flow of ransomware attacks from Russia with called Bad Rabbit.

This epidemic has been targeting organizations and consumers, mostly in Russia but there have also been reports of victims in Ukraine and across Europe. Bad Rabbit was the latest in a wave of recent ransomware attacks sweeping across the globe.

This new exploit reiterated the fact that Microsoft patching alone is not sufficient to protect yourself or your infrastructure from these kind of attacks. This particular exploit needs to be exploited manually, a user is “duped” into thinking they are downloading a seemingly innocent Adobe Flash player update from what looks to be a legitimate website. Once activated Bad Rabbit then triggers the EthernalRomance exploit infection vector to spread within corporate networks in the same way as WannaCry and NotPetya.

James Rowney, Service Manager for Verismic said in an email “Patch management in this day and age is paramount, your platform of choice should be able to protect all major Operating Systems and vendor applications. Syxsense supports updates for Microsoft, Linux, Macintosh and long list of third party vendor applications so with CMS you can be assured that you have the ability to protect yourself.”

Malware speeds its way across the UK

Last week closer to home reports started to come in that fake speeding notices have been sent out across the UK which are being used to deliver malware. This new threat to the public is aimed at home users and is sent in the form of an email entitled Notice of Prosecution which claims to have photographic evidence and supplies a link. Clicking on the link will download banking malware to the victim’s device.

Should you receive an email of this kind the first things to look for are any grammatical errors or spelling mistakes, the mails also tend to have ridiculously high speeds recorded, 90mph in a 30mph zone for example.

Should you receive an email of this kind the first things to look for are any grammatical errors or spelling mistakes, the mails also tend to have ridiculously high speeds recorded, 90mph in a 30mph zone for example.

Police have advised people to delete any mails relating to Notice of Prosecution without opening them as all prosecution notices are send to the registered address of the vehicle by post. There was a similar strategy used in December 2016 so it seems the cyber criminals are out to ruin the holidays for some poor victims again this year.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRAIL[/dt_default_button]

[vc_single_image image=”12852″ img_size=”180×180 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

November Microsoft Patch Tuesday Release

Microsoft published its monthly security updates on November 14, 2017, addressing 53 vulnerabilities in Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ASP.NET Core and .NET Core, Chakra Core. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service. Full details of the complete Security Update Guide can be found here.

We have chosen a few updates to prioritise this month, this recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium, and 0-3.9 are Low.

ID Vulnerability Alert CVSS Base Score Recommended
CVE-2017-11876 Microsoft Project Privilege Escalation Vulnerability 8.8 Yes
CVE-2017-11827 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11855 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11856 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11869 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11847 Microsoft Windows Kernel Privilege Escalation Vulnerability 7 Yes
CVE-2017-11770 Microsoft ASP.NET Core Denial Of Service Vulnerability 5.9  
CVE-2017-11788 Microsoft Windows Search Denial of Service Vulnerability 5.9  
CVE-2017-11830 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3  
CVE-2017-11883 Microsoft ASP.NET Core Request Handling Denial Of Service Vulnerability 5.3  
CVE-2017-11831 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7  
CVE-2017-11832 Microsoft Windows Embedded OpenType Font Engine Information Disclosure Vulnerability 4.7  
CVE-2017-11835 Microsoft Windows Embedded OpenType Font Engine Information Disclosure Vulnerability 4.7  
CVE-2017-11842 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7  
CVE-2017-11849 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7  
CVE-2017-11850 Microsoft Windows Graphics Component Information Disclosure Vulnerability 4.7
CVE-2017-11851 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11852 Microsoft Windows Graphics Component Information Disclosure Vulnerability 4.7
CVE-2017-11853 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11880 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11877 Microsoft Excel Security Feature Bypass Vulnerability 4.4
CVE-2017-8700 Microsoft ASP.NET Core Information Disclosure Vulnerability 4.3  
CVE-2017-11791 Microsoft Edge and Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3  
CVE-2017-11803 Microsoft Edge Information Disclosure Vulnerability 4.3  
CVE-2017-11833 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-11834 Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-11844 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-11848 Microsoft Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2017-11872 Microsoft Edge Security Feature Bypass Vulnerability 4.3
CVE-2017-11879 Microsoft ASP.NET Core URL Redirection Vulnerability 4.3
CVE-2017-11836 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11837 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11838 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11839 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11840 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11841 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11843 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11845 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-11846 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11854 Microsoft Word Memory Corruption Vulnerability 4.2
CVE-2017-11858 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11861 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11862 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11863 Microsoft Edge Security Feature Bypass Vulnerability 4.2
CVE-2017-11866 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11870 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11871 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11873 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11874 Microsoft Edge Security Feature Bypass Vulnerability 4.2
CVE-2017-11878 Microsoft Excel Memory Corruption Vulnerability 4.2
CVE-2017-11882 Microsoft Office Memory Corruption Vulnerability 4.2
CVE-2017-11768 Microsoft Windows Media Player Information Disclosure Vulnerability 2.5
[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”][dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
|

October Patch Tuesday: Silent But Deadly

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Should Third-Party Really Be your Second Priority?

If you have a patching strategy delivering Microsoft updates on a routine basis, you should extend that capacity to include third-party updates.

Just a couple weeks ago, we discovered a massive compromise in one of the world’s largest business and personal computer utilities, “CCleaner” by Piriform.

Version 5.33.6162 was released with injected malicious code which would expose any system to hackers remotely gaining access to that system. To make matters worse, CCleaner does not come with an automatic update capability so remediating these issues requires a toolset which can remotely deploy or patch third-party software. Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12, with a new, uncompromised version of CCleaner being released the same day.

Robert Brown, Director of Services for Verismic said, “Your patch management strategy must include both the operating system and any software or third-party updates to be reassured of your environment’s safety. Deploying only Windows updates is not closing the holes used by hackers in the current wave of ever increasing sophisticated hacks.

Syxsense includes both Microsoft, Linux and the most popular third-party vendors so you can be reassured everything is covered.”

Source: TechPowerUp

[vc_single_image image=”12852″ img_size=”200×200 px”]

What takes 206 days?

Cyberattacks are an increasingly serious risk for organizations, but many executives believe their organization won’t be targeted. They claim their organization is too small to be on the attackers’ radars or that they have nothing worth stealing.

Many cybercriminals are indiscriminate in their attacks and can always find something of interest. However, companies that believe they’re safe may already be penetrated – they just don’t know it yet.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

A study found that US companies took an average of 206 days to detect a data breach. This is an increase on the previous year (201 days) where a survey showed 20 percent of employees showed a lack of awareness for safe social media posting, choosing risky actions such as posting on their personal social media accounts. Data breaches are contained sooner if they’re detected by a staff member when conducting routine assessments of potential vulnerabilities within their organization.

“This is why it is important to have a proactive stance when it comes to patch management,” said Brown. “How long will it take before you realize you have been compromised?”

Ransomware is the fastest growing security threat, yet most companies are unprepared to deal with it, says a new study. Companies and government agencies are overwhelmed by frequent, severe attacks, according to the 2017 Ransomware Report commissioned by Cybersecurity Insiders and conducted by Crowd Research. That illustrates why ransomware damages are expected to hit $6,000,000,000 this year.

[vc_separator]

October Patch Tuesday Release

Microsoft published its monthly security updates on October 10, 2017, addressing 62 vulnerabilities in Windows, Internet Explorer, Edge, and Office. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service. View details of the complete Security Update Guide here.

We have selected the updates to prioritize this month. Our recommendation has been made using evidence from industry experts, anticipated business impact and the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium, and 0-3.9 are Low.

ID Vulnerability Alert CVSS Base Score Recommended
CVE-2017-11779 Microsoft Windows DNSAPI Arbitrary Code Execution Vulnerability 9.8 Yes
CVE-2017-11786 Microsoft Skype for Business Elevation of Privilege Vulnerability 8.3 Yes
CVE-2017-8717 Microsoft Windows JET Database Engine Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-8718 Microsoft Windows JET Database Engine Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-11771 Microsoft Windows Search Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-11781 Microsoft Windows Server Message Block Denial of Service Vulnerability 7.5 Yes
CVE-2017-11819 Microsoft Windows Shell Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11782 Microsoft Windows Server Message Block Privilege Escalation Vulnerability 7.4 Yes
CVE-2017-11783 Microsoft Windows Privilege Escalation Vulnerability 7.4 Yes
CVE-2017-11780 Microsoft Windows Server Message Block Arbitrary Code Execution Vulnerability 7.3 Yes
CVE-2017-8689 Microsoft Windows Kernel-Mode Driver Privilege Escalation Vulnerability 7 Yes
CVE-2017-8694 Microsoft Windows Kernel-Mode Driver Privilege Escalation Vulnerability 7 Yes
CVE-2017-11824 Microsoft Windows Graphics Component Privilege Escalation Vulnerability 7 Yes
CVE-2017-8703 Microsoft Windows Subsystem for Linux Denial of Service Vulnerability 6.8 Yes
CVE-2017-11776 Microsoft Windows Universal Outlook Information Disclosure Vulnerability 6.5 Yes
CVE-2017-11815 Microsoft Windows Server Message Block Information Disclosure Vulnerability 6.4
CVE-2017-11784 Microsoft Windows Kernel Information Disclosure Vulnerability 6.1
CVE-2017-11785 Microsoft Windows Kernel Information Disclosure Vulnerability 6.1
CVE-2017-11772 Microsoft Windows Search Service Information Disclosure Vulnerability 5.9
CVE-2017-11816 Microsoft Windows Graphics Device Interface+ Information Disclosure Vulnerability 5.7
CVE-2017-11829 Microsoft Windows Update Delivery Optimization Privilege Escalation Vulnerability 5.5
CVE-2017-11775 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-11777 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-11820 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-8693 Microsoft Windows Graphics Information Disclosure Vulnerability 5.3
CVE-2017-8715 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3
CVE-2017-11765 Microsoft Windows Kernel Information Disclosure Vulnerability 5.3
CVE-2017-11814 Microsoft Windows Kernel Information Disclosure Vulnerability 5.3
CVE-2017-11823 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3
CVE-2017-11817 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11818 Microsoft Windows Storage Security Feature Bypass Vulnerability 4.5
CVE-2017-11790 Microsoft Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2017-11794 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-8726 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8727 Microsoft Windows Shell Memory Corruption Vulnerability 4.2
CVE-2017-11762 Microsoft Windows Graphics Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11763 Microsoft Windows Graphics Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11769 Microsoft Windows TRIE Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11774 Microsoft Outlook Security Feature Bypass Vulnerability 4.2
CVE-2017-11792 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11793 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11796 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11797 Microsoft ChakraCore Memory Corruption Vulnerability 4.2
CVE-2017-11798 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11799 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11800 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11801 Microsoft ChakraCore Memory Corruption Vulnerability 4.2
CVE-2017-11802 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11804 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11805 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11806 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11807 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11808 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11809 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 4.2
CVE-2017-11810 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11811 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11812 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11813 Microsoft Internet Explorer Memory Corruption Vulnerability 4.2
CVE-2017-11821 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11822 Microsoft Internet Explorer Memory Corruption Vulnerability 4.2
CVE-2017-11825 Microsoft Office Memory Corruption Vulnerability 4.2
CVE-2017-11826 Microsoft Office Memory Corruption Vulnerability 4.2
[vc_separator][dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START FREE SYXSENSE TRIAL[/dt_default_button]
|||

September Patch Tuesday: Escaping the Equi-Hack

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Money Well Spent

Every dollar of fraud to merchants and firms in the retail and financial services sector is estimated to cost $2.66 on average, said a new fraud report.

The LexisNexis Fraud Multiplier estimates the total amount of loss a business incurs, based on chargebacks, fees, interest, merchandise replacement and redistribution.

The study also investigates fraud costs as a percentage of revenues, as reported by survey respondents, to be nearly 2 percent (1.90 percent) across retail, e-commerce, financial services and digital lending businesses. Businesses that sell digital goods and/or conduct transactions primarily through remote channels take an even harder hit to their bottom line at 2.51 percent of revenues.

Robert Brown, Director of Services for Verismic says, “It’s astonishing how much money is being lost because critical systems are not being kept up to date. Updating critical systems is so easy using Syxsense. We recommend starting a trial to see how it can work for you.” Full article can be found here.

As recent as last Wednesday, a U.S. government website was hosting malicious ransomware. It has been wildly speculated that either the site was hacked, or it possibly stores attachments from government officials’ emails and the downloader was archived.

[vc_single_image image=”13032″ img_size=”200×200 px”]

The ransomware had similarities to the Blank Slate spam campaign which earlier this year was spreading Cerber. Emails in that campaign contained only a double-zip archive with the second containing either a malicious JavaScript file or a malicious Microsoft Word document. The emails contain no text, and experts believed then that all of this combined to evade detection.

Researcher Ankit Anubhav of NewSky Security tweeted the discovery Wednesday, and within hours, the malware link was taken down. It’s unknown whether anyone was infected through the site, full article can be found here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Check your Equifax Credit Report and Score Now

Victims of the massive Equifax breach may have to wait days to find out if they were impacted. Americans who either applied for new jobs, loans, or just wanted to check their credit score via Equifax are having a difficult time getting answers as to whether they are part of the breach of 143 million records that occurred Thursday.

Details of how this breach happened is still very unclear, however with companies suffering the same fate over the past year, the root cause is likely to be via a sophisticated cyberattack exposed using vulnerable software or operating systems.

Robert Brown, Director of Services for Verismic says, “We recommend clients download our ‘5 Biggest Patch Mistakes‘ whitepaper.

Microsoft published its monthly security updates on September 12, 2017. Microsoft addressed 81 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, and Microsoft Office. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service. Full details of the complete Security Update Guide can be found here.

Microsoft Updates

We have chosen a few updates to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

ID Vulnerability Alert CVSS Score Recommended
CVE-2017-8686 Microsoft Windows DHCP Server Remote Code Execution Vulnerability 9.8 Yes
CVE-2017-8630 Microsoft Office Memory Corruption Vulnerability 9.6 Yes
CVE-2017-8631 Microsoft Office Memory Corruption Vulnerability 9.6 Yes
CVE-2017-8632 Microsoft Office Memory Corruption Vulnerability 9.6 Yes
CVE-2017-8725 Microsoft Office Publisher Arbitrary Code Execution Vulnerability 9.6 Yes
CVE-2017-9417 Microsoft Windows HoloLens Wireless Network Driver Arbitrary Code Execution Vulnerability 8.8 Yes
CVE-2017-8567 Microsoft Office Arbitrary Code Execution Vulnerability 8.6 Yes
CVE-2017-8744 Microsoft Office Memory Corruption Vulnerability 8.6 Yes
CVE-2017-8682 Microsoft Windows Graphics Component Remote Code Execution Vulnerability 8.4 Yes
CVE-2017-8742 Microsoft PowerPoint Arbitrary Code Execution Vulnerability 8.3 Yes
CVE-2017-8743 Microsoft PowerPoint Arbitrary Code Execution Vulnerability 8.3 Yes
CVE-2017-0161 Microsoft Windows NetBIOS Packet Processing Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-8628 Microsoft Windows Bluetooth Driver Spoofing Vulnerability 8.1 Yes
CVE-2017-8714 Microsoft Windows Remote Desktop Virtual Host Arbitrary Code Execution Vulnerability 7.8 Yes
CVE-2017-8720 Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability 7.8 Yes
CVE-2017-8759 Microsoft .NET Framework Arbitrary Code Execution Vulnerability 7.8 Yes
CVE-2017-8695 Microsoft Windows Uniscribe Component Information Disclosure Vulnerability 7.5 Yes
CVE-2017-8696 Microsoft Windows Uniscribe Component Arbitrary Code Execution Vulnerability 7.5 Yes
CVE-2017-8702 Microsoft Windows Privilege Escalation Vulnerability 7.5 Yes
CVE-2017-8747 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-8749 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-8750 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-8706 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8707 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8711 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8712 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8713 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8675 Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability 7 Yes
CVE-2017-8699 Microsoft Windows Shell Command Arbitrary Code Execution Vulnerability 6.4
CVE-2017-8758 Microsoft Exchange Cross-Site Scripting Vulnerability 6.1
CVE-2017-8677 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8678 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8679 Microsoft Windows Kernel Information Disclosure Vulnerability 5.5
CVE-2017-8680 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8681 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8683 Microsoft Windows Graphics Component Information Disclosure Vulnerability 5.5
CVE-2017-8684 Microsoft Windows Win32k Graphics Component Information Disclosure Vulnerability 5.5
CVE-2017-8685 Microsoft Windows Win32k Graphics Component Information Disclosure Vulnerability 5.5
CVE-2017-8687 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8688 Microsoft Windows Graphics Device Interface Information Disclosure Vulnerability 5.5
CVE-2017-8629 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-8745 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-8704 Microsoft Windows Hyper-V Denial of Service Vulnerability 5.3
CVE-2017-8746 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3
CVE-2017-11761 Microsoft Exchange Information Disclosure Vulnerability 5.3
CVE-2017-8692 Microsoft Windows Uniscribe Component Arbitrary Code Execution Vulnerability 5
CVE-2017-8716 Microsoft Windows Security Feature Bypass Vulnerability 4.9
CVE-2017-8708 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8709 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8719 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8710 Microsoft Windows Kernel Information Disclosure Vulnerability 4.4
CVE-2017-8597 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.3
CVE-2017-8643 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-8648 Microsoft Edge Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-8723 Microsoft Edge Security Bypass Vulnerability 4.3
CVE-2017-8724 Microsoft Edge Spoofing Vulnerability 4.3
CVE-2017-8733 Microsoft Internet Explorer Spoofing Vulnerability 4.3
CVE-2017-8735 Microsoft Edge Spoofing Vulnerability 4.3
CVE-2017-8736 Microsoft Edge and Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2017-8739 Microsoft Edge Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-8649 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8660 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8728 Microsoft Windows PDF Document Processing Arbitrary Code Execution Vulnerability 4.2
CVE-2017-8729 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8731 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8734 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8737 Microsoft Windows PDF Document Processing Arbitrary Code Execution Vulnerability 4.2
CVE-2017-8738 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8740 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8741 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8748 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8751 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8752 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8753 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8754 Microsoft Edge Security Bypass Vulnerability 4.2
CVE-2017-8755 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8756 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8757 Microsoft Edge Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11764 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11766 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8676 Microsoft Windows Graphics Device Interface Information Disclosure Vulnerability 3.3
[vc_separator]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]

March Patch Tuesday: Patching Chaos

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

The Eye of the Patch Storm

Two months have passed since the beginning of the year where we saw one of the smallest releases of patch content for the past couple of years, to then having an entire baseline cancelled at the last minute in February.

Some IT managers may have counted their lucky stars for the reduction in their workload so far this year – that is until they see this massive release.

Microsoft have released eighteen updates this month, nine are rated Critical with the remaining rated Important. Last week Microsoft also released 17 KB updates covering Office version 2013 and 2016. Full details of that release can be found here.

Last year we raised our concerns about rolling patches together, and last month only two months since Microsoft adopted this strategy were our concerns realized. Because of a single bad patch, the entire baseline was cancelled. 

Don’t get us wrong, we understand the benefit of rolling content into single cumulative updates, but we also appreciate the level of testing needed to ensure a safe combination of updates when rolling them together. That same level of care should be adopted when deploying updates in your environment to ensure bad updates do not cause business outages.

A school study at the University of Maryland was the first to quantify the near-constant rate of hacker attacks of computers with Internet access—every 39 seconds on average.

[vc_single_image image=”11077″ img_size=”medium”]

Robert Brown, Director of Services said “Perception as to the current threat to a company’s network should not be founded on the content released by vendors such as Microsoft alone. There are multiple perimeters you can secure to protect your assets, but remember to also look at the tool you are using to secure your environment. In the past few weeks, IBM have released over 20 security updates for their premise and cloud based patch management tools, meaning your toolset should have a perimeter of its own.”

According to the SANS Institute, 95 percent of all attacks on enterprise networks start with a successful spear phishing attack. Full details of this article can be found here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Microsoft Updates

We have chosen a few updates to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly, the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

Number

Bulletin ID

Description

Impact

Restart Requirement

Publically Disclosed

Exploited

Severity

CVSS Score

Recommended High Priority

1

MS17-006

Cumulative Security Update for Internet Explorer (4013073)

 

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Remote Code Execution

Yes

Yes

Yes

Critical

8.8

Yes

2

MS17-007

Cumulative Security Update for Microsoft Edge (4013071)

 

This security update resolves vulnerabilities in Microsoft Edge. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Remote Code Execution

Yes

Yes

No

Critical

8.8

Yes

3

MS17-008

Security Update for Windows Hyper-V (4013082)

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

Remote Code Execution

Yes

Yes

No

Critical

8.8

 

4

MS17-009

Security Update for Microsoft Windows PDF Library (4010319)

 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.

Remote Code Execution

Yes

No

No

Critical

8.8

 

5

MS17-010

Security Update for Microsoft Windows SMB Server (4013389)

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

Remote Code Execution

Yes

No

No

Critical

9.8

Yes

6

MS17-011

Security Update for Microsoft Uniscribe (4013076)

 

This security update resolves vulnerabilities in Windows Uniscribe. The most severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Remote Code Execution

Yes

No

No

Critical

7.8

 

7

MS17-012

Security Update for Microsoft Windows (4013078)

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker runs a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server.

Remote Code Execution

Yes

Yes

No

Critical

9.8

Yes

8

MS17-013

Security Update for Microsoft Graphics Component (4013075)

 

This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Remote Code Execution

Yes

No

Yes

Critical

8.4

Yes

9

MS17-014

Security Update for Microsoft Office (4013241)

 

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Remote Code Execution

Maybe

Yes

No

Important

7.8

 

10

MS17-015

Security Update for Microsoft Exchange Server (4013242)

 

This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.

Remote Code Execution

Yes

No

No

Important

5.4

 

11

MS17-016

Security Update for Windows IIS (4013074)

 

This security update resolves a vulnerability in Microsoft Internet Information Services (IIS). The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL which is hosted by an affected Microsoft IIS server. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user’s browser to obtain information from web sessions.

Remote Code Execution

Yes

No

No

Important

6.1

 

12

MS17-017

Security Update for Windows Kernel (4013081)

 

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application.

Elevation of Privilege

Yes

Yes

No

Important

7.8

 

13

MS17-018

Security Update for Windows Kernel-Mode Drivers (4013083)

 

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

Elevation of Privilege

Yes

No

No

Important

7.8

 

14

MS17-019

Security Update for Active Directory Federation Services (4010320)

 

This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.

Information Disclosure

Yes

No

No

Important

4.3

 

15

MS17-020

Security Update for Windows DVD Maker (3208223)

 

This security update resolves an information disclosure vulnerability in Windows DVD Maker. The vulnerability could allow an attacker to obtain information to further compromise a target system.

Information Disclosure

Yes

No

No

Important

2.8

 

16

MS17-021

Security Update for Windows DirectShow (4010318)

 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

Information Disclosure

Yes

No

No

Important

3.3

 

17

MS17-022

Security Update for Microsoft XML Core Services (4010321)

 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.

Information Disclosure

Yes

No

Yes

Important

3.5

 

18

MS17-023

Security Update for Adobe Flash Player (4014329)

 

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

Remote Code Execution

Yes

NA

NA

Critical

 

Yes

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]