Skip to main content
Tag

RedHat

|||||

Who Are the Worst Vendors of 2019?

By News, Patch ManagementNo Comments

Who Are the Worst Vendors of 2019?

From the highest number of software updates to highest number of critical vulnerabilities, find out which vendors are the worst offenders.
[vc_empty_space]
[vc_single_image image=”29632″ img_size=”full” alignment=”center”]

2019 has brought serious threats causing massive disruption and data theft. Which vendor has released the most software updates and fixes in 2019, and of these, which updates are the most critical? Let’s find out!

The top 20 vendors look like this for 2019—this means Microsoft has released the most patches to fix a vulnerability of any severity out of the most popular software vendors.

[vc_single_image image=”29640″ img_size=”full” alignment=”center”]

Let’s see how the top 10 from this list compare when we deep dive into the severity of the vulnerabilities fixed. For simplicity, we will base our statistics on the CVSS Score.

What is a CVSS Score?

The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help properly assess and prioritize their vulnerability management processes.

We can see that Microsoft have released a total of 6330 patches so far this year, with 2143 of these patches resolving a vulnerability with a CVSS score of 9 or higher. Just behind Microsoft in second place is Adobe – which has released 2052 updates.

Let’s take a look at how the most serious vulnerabilities impact the original ranking. We can see from the table below that the top 5 vendors have made significant movements and some are unexpected, e.g. IBM has moved out of the top 5 and Adobe has moved into the top 5.

[vc_single_image image=”29639″ img_size=”full” alignment=”center”]

Who’s the worst?

To continue this trend analysis review and to find out who has fixed the highest number of critical vulnerabilities, let’s compare the percentage of those threats against the total number of patches they have released this year.

We can do this by dividing all vulnerabilities with CVSS score more than 9 and dividing by the total number released by 100. The following table shows the new ranking of the vendors against the original ranking.

Robert Brown, Director of Services said, “What is really surprising is that a third party vendor to Microsoft has fixed more high priority vulnerabilities than them. If you do not have a strategy to include third party updates believing that only Microsoft needs to be patched, I hope this table convinces you to implement a different, more inclusive process. Not only that, some of these third party vendors like Oracle and Cisco are less likely to appear in a patching strategy which would expose a lot of your estate. Lastly, the toolset you use to patch your environment should be flexible to include other non-Windows operating systems like RedHat and Suse.”

[vc_single_image image=”29647″ img_size=”full” alignment=”center”]
[vc_separator css=”.vc_custom_1551288486254{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:%2Fsyxsense-trial|||”]
||

Critical Red Hat Flash-Plugin Security Update

By News, Patch ManagementNo Comments

Critical Red Hat Flash-Plugin Security Update

Red Hat has released an update for Flash that addresses critical severities.
[vc_empty_space]
[vc_single_image image=”29026″ img_size=”full” alignment=”center”]

RedHat have released an update for Flash, which upgrades it to 32.0.0.171 and impacts Red Hat Enterprise Linux Desktop Supplementary and Red Hat Enterprise Linux Server Supplementary version 6.

Search your Syxsense console for flash-plugin-32.0.0.171-1.el6_10 to deploy these updates.

Security Fix(es):

  1. flash-plugin: Arbitrary Code Execution vulnerability CVE-2019-7096
  2. flash-plugin: Information Disclosure vulnerability CVE-2019-7108

Robert Brown, Director of Services for Verismic said, “Critical severities like this are used because the vulnerability can be easily exploited and lead to system compromise without user interaction.”

[vc_separator css=”.vc_custom_1551288486254{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:%2Fsyxsense-trial|||”]
||

Critical Red Hat Updates Released for Firefox

By News, Patch ManagementNo Comments

Critical Red Hat Updates Released for Firefox

With a high risk for exposure, IT managers should deploy these updates immediately.
[vc_empty_space]
[vc_single_image image=”28618″ img_size=”full” alignment=”center”]

Red Hat has rated a new Firefox update as Critical, recommending IT managers deploy these updates immediately. These updates upgrade Firefox to version 60.6.0 ESR and can be found in Syxsense for this essential deployment.

  1. RHSA-2019:0622-01 firefox-60.6.0-3.el7_6
  2. RHSA-2019:0623-01 firefox-60.6.0-3.el6_10

Both Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 are affected, and impacts both desktop, server & HPC node architectures. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Robert Brown, Director of Services said, “Firefox is by far the worlds most popular browser for Linux, and has been downloaded over 1 billion times. With such potential exposure we would recommend all browsers be updated within the next 24 hours. Critical vulnerabilities on Linux are not released often, so when they are you generally need to act quickly.”

[vc_separator css=”.vc_custom_1551288486254{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:%2Fsyxsense-trial|||”]
|

Red Hat Vulnerabilities Exposed

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Red Hat Linux DHCP Client Vulnerability

Red Hat has been made aware of a couple of flaws in the way the Linux kernel handles exceptions triggered after the POP SS and MOV to SS instructions, these are identified as CVE-2018-8897 & CVE-2018-1087.

These issues could lead to a denial of service (DoS) for unpatched systems.

The second is a DHCP vulnerability, identified as CVE-2018-1111, could allow attackers to execute arbitrary commands with root privileges on targeted systems. CVE-2018-1111 is rated as a Critical vulnerability and we would recommend our clients to deploy this update as quickly as possible.

The following Red Hat product versions are impacted:

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux Atomic Host
  • Red Hat Enterprise MRG 2
  • Red Hat Virtualization Hypervisor 4
  • Red Hat Enterprise Virtualization Hypervisor 3

Patch Everything

All of the above are available to be patched using Syxsense. It’s critical to take action immediately to protect against these critical vulnerabilities.

Software vulnerabilities for Linux systems are among the top 20 most critical vulnerabilities by the FBI and the SANS Institute. Syxsense provides true network security, including Linux OS patching. Manage every threat with the click of a button.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]