Skip to main content
Tag

third-party patching

Patch Tuesday: January Updates

By News, Patch Management, Patch Tuesday, UncategorizedNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Patch Tuesday Release: The Latest News

Microsoft has released 49 security patches today. There are seven Critical severity patches in this release however almost half resolve a remote code execution issue.
Eleven of the others are important remote code execution patches, and one of these patches is listed as publicly known which we are highly recommend be prioritized this month.

Adobe Flash, Connect and Digital Editions

Adobe has released updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS.  These updates address feature and performance bugs, but do not include security fixes.

The Adobe Connect update resolves an important session token exposure vulnerability and the update for Adobe Digital resolved a vulnerability which if successful exploitation could lead to information disclosure in the context of the current user.
All of these updates are Priority 3, which means Exploitation is not known or likely.

[vc_single_image image=”26868″ alignment=”center”]

CVE-2019-0579

Although this update has a Severity rating of Important, is publicly disclosed, and although there is no evidence that this is being actively exploited in the wild, these types of updates are commonly used to expose customer environments – as demonstrated by the independent CVSS score of 7.8 out of 10.
Robert Brown, Director of Services for Verismic said, “You should not leave Windows Update in its automatic mode as updates like this would typically be lower priority and therefore not deployed automatically. You should have enough information to make informed choices in your selection of patches, and that includes being able to see independent CVSS scores and whether the vulnerability has been made Public or known to be Actively Exploited.”
Syxsense provides that information so you do not need to reply on default Windows Update patching.

7GB of Storage – ‘Reserve Storage’

Windows doesn’t check if a device has enough space before installing an update. The current solution is for users to manually delete unnecessary temporary files and temporarily move those files like photos and films to external storage to make enough space.

Microsoft have announced that a future “Quality Update” could automatically earmark 7GB of storage on your local hard drive to future proof any download of large updates going forward.
What is concerning is this space cannot be retrieved or paid back to Windows – so any device with the older generation SDD drives or smaller hard drive are likely to run out of space.

[dt_default_button link=”url:%2Fsyxsense-trial%2F|||” size=”medium”]Start Your Free Trial[/dt_default_button]
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

[vc_single_image image=”26869″ img_size=”full”]
CVE ID Description Severity Publicly Discovered Actively Exploited Recommended
CVE-2019-0579 Jet Database Engine Remote Code Execution Vulnerability Important Yes No Yes
CVE-2019-0539 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0568 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0567 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0565 Microsoft Edge Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0547 Windows DHCP Client Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0550 Windows Hyper-V Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0551 Windows Hyper-V Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0564 ASP.NET Core Denial of Service Vulnerability Important No No
CVE-2019-0548 ASP.NET Core Denial of Service Vulnerability Important No No
CVE-2019-0566 Microsoft Edge Elevation of Privilege Vulnerability Important No No
CVE-2019-0562 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No
CVE-2019-0543 Microsoft Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-0555 Microsoft Xml Document Elevation of Privilege Vulnerability Important No No
CVE-2019-0552 Windows COM Elevation of Privilege Vulnerability Important No No
CVE-2019-0571 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0572 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0573 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0574 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0570 Windows Runtime Elevation of Privilege Vulnerability Important No No
CVE-2019-0545 ASP.NET Information Disclosure Vulnerability Important No No
CVE-2019-0560 Microsoft Office Information Disclosure Vulnerability Important No No
CVE-2019-0559 Microsoft Outlook Information Disclosure Vulnerability Important No No
CVE-2019-0537 Microsoft Visual Studio Information Disclosure Vulnerability Important No No
CVE-2019-0561 Microsoft Word Information Disclosure Vulnerability Important No No
CVE-2019-0536 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0549 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0554 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0569 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0553 Windows Subsystem for Linux Information Disclosure Vulnerability Important No No
CVE-2019-0541 Internet Explorer Remote Code Execution Vulnerability Important No No
CVE-2019-0538 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0575 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0576 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0577 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0578 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0580 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0581 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0582 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0583 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0584 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0588 Microsoft Exchange Information Disclosure Vulnerability Important No No
CVE-2019-0586 Microsoft Exchange Memory Corruption Vulnerability Important No No
CVE-2019-0585 Microsoft Word Remote Code Execution Vulnerability Important No No
CVE-2019-0556 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-0557 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-0558 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-0622 Skype for Android Elevation of Privilege Vulnerability Moderate No No
CVE-2019-0546 Visual Studio Remote Code Execution Vulnerability Moderate No No
[vc_btn title=”Start Your Free Trial of Syxsense →” style=”custom” custom_background=”#f19b2c” custom_text=”#ffffff” size=”lg” align=”center” button_block=”true” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||”]
||

December Patch Tuesday: Disclosed & Exploited

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image image=”26013″ img_size=”full”]

Patch Tuesday Release: The Latest News

Microsoft has released half the updates they released last month: 39 security patches total.

Thee cover Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office.  9 of these are listed as Critical with the remaining 30 as Important.

Adobe Fixes Many Vulnerabilities

Adobe on the other have released almost 90 updates today, and all are marked Important for Adobe Acrobat and Reader. To our knowledge none of the updates released today are being exposed in the wild, but we would recommend you implement these as part of your third-party patching strategy.

Several Vulnerabilities Require Your Attention: Turn Off Windows Update

CVE-2018-8611 and CVE-2018-8517 are two important updates you need to prioritize this month. Not because they have the highest severity, but because these are publicly disclosed and actively being exploited.

CVE-2018-8611 is an update being exposed by malware which is exposing networks all over the world. Robert Brown, Director of Services for Verismic said, “Just this week we have learned one of Italy’s oil and gas exploration giants have suffered a relentless cyber-attack causing server infrastructure to go offline. Often it’s these companies who think by leaving Windows Update in its default mode are protecting their environment from zero day attacks and sophisticated espionage.”

The Best Patch Strategy

We recommend our Syxsense clients take a safe and calculated approach to managing their security. Turn off the default Windows patching mode and implementing a fully rigorous, selective but fully secure patching strategy.

Button Text
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

[vc_single_image image=”26020″ img_size=”full”]
CVE ID Description Severity Public Exploited Recommended
CVE-2018-8611 Windows Kernel Elevation of Privilege Vulnerability Important No Yes Yes
CVE-2018-8517 .NET Framework Denial Of Service Vulnerability Important Yes No Yes
CVE-2018-8540 .NET Framework Remote Code Injection Vulnerability Critical No No Yes
CVE-2018-8583 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8617 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8618 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8624 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8626 Windows DNS Server Heap Overflow Vulnerability Critical No No Yes
CVE-2018-8629 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8631 Internet Explorer Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8634 Microsoft Text-To-Speech Remote Code Execution Vulnerability Critical No No Yes
CVE-2018-8477 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2018-8514 Remote Procedure Call runtime Information Disclosure Vulnerability Important No No
CVE-2018-8580 Microsoft SharePoint Information Disclosure Vulnerability Important No No
CVE-2018-8587 Microsoft Outlook Remote Code Execution Vulnerability Important No No
CVE-2018-8595 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2018-8596 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2018-8597 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2018-8598 Microsoft Excel Information Disclosure Vulnerability Important No No
CVE-2018-8599 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important No No
CVE-2018-8604 Microsoft Exchange Server Tampering Vulnerability Important No No
CVE-2018-8612 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important No No
CVE-2018-8619 Internet Explorer Remote Code Execution Vulnerability Important No No
CVE-2018-8621 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2018-8622 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2018-8625 Windows VBScript Engine Remote Code Execution Vulnerability Important No No
CVE-2018-8627 Microsoft Excel Information Disclosure Vulnerability Important No No
CVE-2018-8628 Microsoft PowerPoint Remote Code Execution Vulnerability Important No No
CVE-2018-8635 Microsoft SharePoint Server Elevation of Privilege Vulnerability Important No No
CVE-2018-8636 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2018-8637 Win32k Information Disclosure Vulnerability Important No No
CVE-2018-8638 DirectX Information Disclosure Vulnerability Important No No
CVE-2018-8639 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2018-8641 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2018-8643 Scripting Engine Memory Corruption Vulnerability Important No No
CVE-2018-8649 Windows Denial of Service Vulnerability Important No No
CVE-2018-8650 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2018-8651 Microsoft Dynamics NAV Cross Site Scripting Vulnerability Important No No
CVE-2018-8652 Windows Azure Pack Cross Site Scripting Vulnerability Important No No
[vc_btn title=”Start Your Free Trial of Syxsense → ” style=”custom” custom_background=”#f19b2c” custom_text=”#ffffff” size=”lg” align=”center” button_block=”true” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||”]
|||

December Third-Party Security Updates

By News, Patch ManagementNo Comments
[vc_single_image image=”25879″ img_size=”full” alignment=”center”]

Business Evolves with Technology

Recently, Forbes outlined 5 ways retail is attempting to redefine itself. Overall, businesses are experimenting with new technologies, utilizing IoT devices to craft a more engaging shopping experience. But are they exposing themselves to security risks?

“Smart IoT devices such as beacons and smart shelves offer retail companies the efficiency to ensure their staff are effectively utilized, but physical IoT technology that is not secured properly can leave networks accessible to threats,” notes Rob Brown, director of services at Syxsense.

“Although smart in name, smart IoT uses open wireless networks and Bluetooth in order to communicate, creating more vulnerable endpoints in brick-and-mortar establishments,” he continues. “Tracking these IoT devices in retail companies is essential, because without knowing which ones you have, you cannot identify which ones are less secure or have known vulnerabilities which can be exploited.”

So, how can massive businesses with thousands of stores be expected to track a complex network of IoT devices? They can implement an IT management solution that leverages live, accurate, actionable, and secure data.

What Is Realtime Security?

  • Live:  Realtime Security pulls live data from thousands of devices, direct to a web console, in seconds. By eliminating stale data, IT management and security decisions are based on what is happening right now, not in the past.

 

  • Accurate: If device scans are run at night when devices are offline, hidden behind a firewall or roaming, security and IT teams have an incomplete view of their environment. Realtime Security eliminates blind spots enabling teams to manage their environment with 100% visibility.
[vc_single_image image=”25331″ img_size=”large” alignment=”center”]
  • Actionable: With no steep learning curve, Realtime Security’s simple to learn web interface leverages AI, and empowers teams with the information and skill to act instantly.

 

  • Secure:  Why juggle multiple consoles for device and security management? In a single place, security and IT operations can understand their exposed security risk, patch, deploy software, stop security breaches, satisfy compliance agencies and more.

Whether organizations are looking for endpoint security or IT management capabilities, including patch management, software distribution and remote control, Realtime Security is the only cloud-based approach to security and systems management which enables 10-second endpoint visibility and control thousands of devices.

[dt_default_button link=”url:%20https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_separator]

Third-Party Updates

[vc_single_image image=”25887″ img_size=”large” alignment=”center”]

 

Vendor Category Patch Version and Release Notes:
Apache Open-source Office Suite  

OpenOffice: v4.1.5 – https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.6+Release+Notes

 

 

Don Ho

 

Text and Source Code Editor  

Notepad: v7.6 – https://notepad-plus-plus.org/news/notepad-7.6-released.html

 

Evernote Organization App  

Evernote: v6.16.4.8094 – https://evernote.com/security/updates

 

GNOME Foundation  

Open-source Graphics Editor

 

 

GIMP: v2.10.8 – https://www.gimp.org/release-notes/gimp-2.10.html

 

Google Browser  

Chrome: v70.0.3538.110 – https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-desktop_19.html

 

Mozilla Browser and Email Application  

Firefox: v63.0.3 – https://www.mozilla.org/en-US/firefox/63.0.3/releasenotes/

 

Thunderbird: v60.3.1 – https://www.thunderbird.net/en-US/thunderbird/60.3.1/releasenotes/

 

Peter Pawlowski Audio Player  

Foobar200: v1.4.1 – https://www.foobar2000.org/changelog

 

The Document Foundation Open-source Office Suite  

LibreOffice: v6.1.3 – https://www.libreoffice.org/download/release-notes/

 

Uvnc bvba Remote Desktop Access  

UltraVNC: v1.2.2.3 – http://forum.ultravnc.info/viewtopic.php?f=72&t=34183&sid=8cbefbea99d4d185644be65c43f30c70

 

WinSCP Web Client  

WinSCP: v5.13.6 – https://winscp.net/eng/docs/history

 

||

November Patch Tuesday: Windows Zero-Day Exploit Patched

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image image=”25731″ img_size=”full”]

Patch Tuesday Release: The Latest News

Microsoft has released 62 security patches today covering Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office.  12 of the 62 are listed as Critical.

CVE-2018-8589 with a severity of Important and a CVSS score of 7.8 is being actively exploited.  The most likely exploitation of this type of vulnerability is thought by many experts to be by global malware making this a very serious vulnerability.  We would highly recommend this be a priority for your IT Manager this month.

Patch Tuesday needed to fix file association bug

A cumulative update for Windows 10 from April 2018 has broken the file association settings with certain applications.

If this has impacted your users, we would recommend you include the patch in your next round of patch deployments. We have learned some third-party updates by Notepad++, which is a popular application used by software developers, loses its association with certain text file formats.

Robert Brown, Director of Services for Verismic said, “From our own experience of deploying tens of millions of updates worldwide, it is always the smallest bugs which impact your users the most and cause huge disruption in your users’ productivity.  We encourage all of our customers to have a robust testing process to ensure interruption to your workforce is minimized.

Adobe Fixes Critical Vulnerabilities

Adobe released their monthly patch list early this month, three additional updates have been released affecting Flash, Adobe Photoshop & Acrobat / Reader.

One of the three vulnerabilities identified as CVE-2018-15979 is currently being exploited, so if you are using Acrobat or Reader on your devices we would highly recommend this patch be prioritized.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

CVE Reference  Title   Severity   Publicly Disclosed   Actively Exploited  Recommended
 CVE-2018-8589  Windows Win32k Elevation of Privilege Vulnerability  Important  No  Yes  Yes
 CVE-2018-8584  Windows ALPC Elevation of Privilege Vulnerability  Important  Yes   No Yes
 CVE-2018-8566  BitLocker Security Feature Bypass Vulnerability  Important  Yes   No Yes
 CVE-2018-8476  Windows Deployment Services TFTP Server Remote Code Execution Vulnerability  Critical   No  No Yes
 CVE-2018-8553  Microsoft Graphics Components Remote Code Execution Vulnerability  Critical   No  No Yes
 CVE-2018-8588  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
 CVE-2018-8541  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
 CVE-2018-8542  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
 CVE-2018-8543  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
 CVE-2018-8544  Windows VBScript Engine Remote Code Execution Vulnerability  Critical   No  No Yes
 CVE-2018-8555  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
 CVE-2018-8556  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
 CVE-2018-8557  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
 CVE-2018-8551  Chakra Scripting Engine Memory Corruption Vulnerability  Critical   No  No Yes
CVE-2018-8609 Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability  Critical   No  No Yes
CVE-2018-8600  Azure App Service Cross-site Scripting Vulnerability  Important  No  No
CVE-2018-8602  Team Foundation Server Cross-site Scripting Vulnerability  Important  No  No
CVE-2018-8605  Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability  Important  No  No
CVE-2018-8606  Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability  Important  No  No
CVE-2018-8607  Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability  Important  No  No
CVE-2018-8608  Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability  Important  No  No
 CVE-2018-8471  Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8485  DirectX Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8554  DirectX Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8561  DirectX Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8562  Win32k Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8572  Microsoft SharePoint Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8581  Microsoft Exchange Server Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8550  Windows COM Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8552  Windows VBScript Engine Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8568  Microsoft SharePoint Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8592  Windows Elevation Of Privilege Vulnerability  Important  No  No
 CVE-2018-8567  Microsoft Edge Elevation of Privilege Vulnerability  Important  No  No
 CVE-2018-8563  DirectX Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8407  MSRPC Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8454  Windows Audio Service Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8565  Win32k Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8558  Microsoft Outlook Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8408  Windows Kernel Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8545  Microsoft Edge Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8578  Microsoft SharePoint Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8579  Microsoft Outlook Information Disclosure Vulnerability  Important  No  No
 CVE-2018-8256  PowerShell Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8522  Microsoft Outlook Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8576  Microsoft Outlook Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8524  Microsoft Outlook Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8539  Microsoft Word Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8573  Microsoft Word Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8574  Microsoft Excel Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8575  Microsoft Project Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8582  Microsoft Outlook Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8450  Windows Search Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8577  Microsoft Excel Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8570  Internet Explorer Memory Corruption Vulnerability  Important  No  No
 CVE-2018-8417  Microsoft JScript Security Feature Bypass Vulnerability  Important  No  No
 CVE-2018-8549  Windows Security Feature Bypass Vulnerability  Important  No  No
 CVE-2018-8564  Microsoft Edge Spoofing Vulnerability  Important  No  No
 CVE-2018-8547  Active Directory Federation Services XSS Vulnerability  Important  No  No
CVE-2018-8529  Team Foundation Server Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8569  Yammer Desktop Application Remote Code Execution Vulnerability  Important  No  No
 CVE-2018-8415  Microsoft Powershell Tampering Vulnerability  Important  No  No
 CVE-2018-8416  .NET Core Tampering Vulnerability  Moderate  No  No
 CVE-2018-8546  Microsoft Skype for Business Denial of Service Vulnerability
[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” btn_width=”btn_full_width” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START FREE TRIAL[/dt_default_button]
||

November Third-Party Security Updates

By News, Patch ManagementNo Comments
[vc_single_image image=”25539″ img_size=”full” alignment=”center”]

Critical Updates for Apple and More

On the same day that Apple announced their new set of products, they released a massive group of updates. These patches address critical vulnerabilities throughout their operating systems and software offerings. The OS vulnerabilities, both iOS and macOS, could allow arbitrary code execution.

While Apple won’t reveal much about how potential exploitation of these bugs might work, they are rated as critical. It’s important to assess how many Apple devices are lurking within your network. Then implement a strategic rollout of the needed updates.

One-Third of Oracle Updates are Critical

The latest release of Java contains fixes for multiple critical vulnerabilities. Surprisingly, this number is down from the same time last year. Could Java be trending in the right direction? Only time will tell, but for now, this is positive news.

Legacy Java still needs to be monitored, as well. Java 8 ends public support in January 2019, but many companies still use Java 8, 9, 10, and 11. It’s important to track what versions of Java are running in an environment. Legacy software still gets regularly targeted for exploitation.

How does Syxsense help?

Syxsense displays graphs and icons that illustrate, at a glance, the vulnerability of your devices.

By clicking on a gadget, you’ll jump right into a patch deployment process, prepopulated to deploy all related updates to all devices that need them. You can easily modify this task to be more specific or start the task as-is, to save time.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_separator]

Third-Party Updates

Vendor Category Patch Version and Release Notes:
Adobe Media Software Flash and Air: v31.0.0.122

Acrobat and Reader DC:

v15.006.30456 (Classic Track 2015)

v17.011.30105 (Classic Track 2017)

v19.008.20080 (Continuous Track)

Apple Media Software iTunes: v12.9.1

Safari: v12.0.1

Don Ho

 

Text and Source Code Editor Notepad: v7.5.9
Evernote Organization App Evernote: v6.15.4.7934
FileZilla FTP Solution FileZilla: v3.38.1
Google Browser Chrome: v70.0.3538.77
Mozilla Browser and Email Application Firefox: v63.0.1

Thunderbird: v60.3.0

Oracle Java JDK and JRE: v8u192
VSRevo Group Revo Uninstaller Pro: v4.0.1
WireShark Wireshark: v2.6.4
||||

October Patch Tuesday: Windows 10 Disappears Files

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Patch Tuesday: The Latest News

Microsoft has released 49 security patches today covering Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office.

12 updates are listed as Critical, 35 are rated Important, one is rated as Moderate and one is rated Low severity.

Windows 10 Feature Updates Paused

The highly anticipated Windows 10 feature update (1809) was hotly awaited by Windows 10 users on October 2 only to find that Microsoft have just halted the release due to a very embarrassing bug. Upon install, 1809 deletes users personal files which cannot be easily restored.

Robert Brown, Director of Services for Verismic said, “We would encourage all of our clients to use our recommended test and deployment strategy for feature updates as they do for normal Windows updates. You have 18 months for each feature update, so there is absolutely no reason to rush into mass deployment without testing the impact on your users first.”

Adobe Fixes Critical Vulnerabilities

Adobe released their monthly patch list early this month, with almost a hundred updates coming out last week. Today a modest four additional updates have been released affecting Flash, Framemaker, Adobe Digital Editions & Adobe Technical Suite.

Vulnerability Requires your Attention

On paper CVE-2018-8453 only carries a severity of Important, however we have learned this is being actively exploited. The most likely exploitation of this type of vulnerability is thought by many experts to be by global malware making this a very serious vulnerability.

We would highly recommend this be a priority for your IT manager this month.

Enhance your approach to patch management with Syxsense. Start your free trial with a cloud-based IT management solution that’s easy to use and powerful.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

[vc_single_image image=”25192″ img_size=”full”]
CVE ID Description Severity Actively Exploited Highly Recommended
CVE-2018-8460 Internet Explorer Memory Corruption Vulnerability Critical No Yes
CVE-2018-8473 Microsoft Edge Memory Corruption Vulnerability Critical No Yes
CVE-2018-8489 Windows Hyper-V Remote Code Execution Vulnerability Critical No Yes
CVE-2018-8490 Windows Hyper-V Remote Code Execution Vulnerability Critical No Yes
CVE-2018-8491 Internet Explorer Memory Corruption Vulnerability Critical No Yes
CVE-2018-8494 MS XML Remote Code Execution Vulnerability Critical No Yes
CVE-2018-8500 Scripting Engine Memory Corruption Vulnerability Critical No Yes
CVE-2018-8505 Chakra Scripting Engine Memory Corruption Vulnerability Critical No Yes
CVE-2018-8509 Microsoft Edge Memory Corruption Vulnerability Critical No Yes
CVE-2018-8510 Chakra Scripting Engine Memory Corruption Vulnerability Critical No Yes
CVE-2018-8511 Chakra Scripting Engine Memory Corruption Vulnerability Critical No Yes
CVE-2018-8513 Chakra Scripting Engine Memory Corruption Vulnerability Critical No Yes
CVE-2018-8453 Win32k Elevation of Privilege Vulnerability Important Yes Yes
CVE-2018-8423 Microsoft JET Database Engine Remote Code Execution Vulnerability Important No Yes
CVE-2018-8497 Windows Kernel Elevation of Privilege Vulnerability Important No Yes
CVE-2018-8531 Azure IoT Device Client SDK Memory Corruption Vulnerability Important No Yes
CVE-2010-3190 MFC Insecure Library Loading Vulnerability Important No
CVE-2018-8265 Microsoft Exchange Server Elevation of Privilege Vulnerability Important No
CVE-2018-8320 Windows DNS Security Feature Bypass Vulnerability Important No
CVE-2018-8329 Linux On Windows Elevation Of Privilege Vulnerability Important No
CVE-2018-8330 Windows Kernel Information Disclosure Vulnerability Important No
CVE-2018-8333 Microsoft Filter Manager Elevation Of Privilege Vulnerability Important No
CVE-2018-8411 NTFS Elevation of Privilege Vulnerability Important No
CVE-2018-8413 Windows Theme API Remote Code Execution Vulnerability Important No
CVE-2018-8427 Microsoft Graphics Components Information Disclosure Vulnerability Important No
CVE-2018-8432 Microsoft Graphics Components Remote Code Execution Vulnerability Important No
CVE-2018-8448 Microsoft Exchange Server Elevation of Privilege Vulnerability Important No
CVE-2018-8472 Windows GDI Information Disclosure Vulnerability Important No
CVE-2018-8480 Microsoft SharePoint Elevation of Privilege Vulnerability Important No
CVE-2018-8481 Windows Media Player Information Disclosure Vulnerability Important No
CVE-2018-8482 Windows Media Player Information Disclosure Vulnerability Important No
CVE-2018-8484 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important No
CVE-2018-8486 DirectX Information Disclosure Vulnerability Important No
CVE-2018-8488 Microsoft SharePoint Elevation of Privilege Vulnerability Important No
CVE-2018-8492 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Important No
CVE-2018-8493 Windows TCP/IP Information Disclosure Vulnerability Important No
CVE-2018-8495 Windows Shell Remote Code Execution Vulnerability Important No
CVE-2018-8498 Microsoft SharePoint Elevation of Privilege Vulnerability Important No
CVE-2018-8501 Microsoft PowerPoint Security Feature Bypass Vulnerability Important No
CVE-2018-8502 Microsoft Excel Security Feature Bypass Vulnerability Important No
CVE-2018-8504 Microsoft Word Security Feature Bypass Vulnerability Important No
CVE-2018-8506 Microsoft Windows Codecs Library Information Disclosure Vulnerability Important No
CVE-2018-8512 Microsoft Edge Security Feature Bypass Vulnerability Important No
CVE-2018-8518 Microsoft SharePoint Elevation of Privilege Vulnerability Important No
CVE-2018-8527 SQL Server Management Studio Information Disclosure Important No
CVE-2018-8530 Microsoft Edge Security Feature Bypass Vulnerability Important No
CVE-2018-8532 SQL Server Management Studio Information Disclosure Important No
CVE-2018-8503 Chakra Scripting Engine Memory Corruption Vulnerability Low No
CVE-2018-8533 SQL Server Management Studio Information Disclosure Moderate No
[vc_btn title=”Start Your Free Trial of Syxsense →” style=”gradient-custom” gradient_custom_color_1=”#f19b2c” gradient_custom_color_2=”#f19b2c” size=”lg” align=”center” button_block=”true” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||”]
|||||

Major Third-Party Security Updates

By News, Patch ManagementNo Comments
[vc_single_image image=”25141″ img_size=”full” alignment=”center”]

Google Polishes Chrome

With an apparent rise in malicious extensions, Google has announced five changes that aim to secure their product. These should be incorporated into their next release in the later half of this month, Chrome 70.

1. Expanded controls for determining Chrome extension permissions

According to an article by Chrome developers, “users [will] have the ability to restrict extension host access to a custom list of sites, or to configure extensions to require a click to gain access to the current page.”

2. Code obfuscation banned

Google argues this was the main way in which malicious Chrome extensions made it onto the Chrome Web Store.

3. Two-factor authentication required for developers

Phishing attacks over the last year have targeted browser extensions as a means of mass infection. This new requirement should reduce the change of hackers getting direct access to the code of extensions.

4. New review process

Google is watching! Implementing a deeper review process and monitoring with remotely hosted code, Google hopes to quickly spot if malicious changes are taking place.

5. Updated manifest for stronger security

In 2019, Manifest version 3 will be released. The goal is to create “stronger security, privacy and performance guarantees.”

Google has taken notice of the attacks aimed at manipulating their extension functions. When Chrome 70 releases, be prepared to update it across all your systems.

[vc_separator]

Adobe Alert

Additionally, Adobe has released it’s regularly-scheduled October security updates. More than half of the 85 vulnerabilities are critical flaws, and the rest are rated as important. This is the latest update since Adobe’s critical out-of-band update from September.

The critical vulnerabilities allow arbitrary code execution. That includes 22 out-of-bounds write flaws, seven critical heap overflow glitches, seven use-after-free bugs, three type confusion bugs, three buffer error bugs, three untrusted pointer dereference flaws and a double free vulnerability.

A competing PDF software, Foxit, has also had a spike in discovered vulnerabilities. This is both good and bad news.

[vc_single_image image=”25154″ img_size=”medium” alignment=”center”]

The bad is that malicious actors are getting more aggressive by the day. The good news is that companies are taking their software flaws seriously and proactively looking for issues.

All of these vulnerabilities highlight one key lesson: keeping your systems up to date is the vital step for secure environments.

Patch Everything

Syxsense facilitates easy update deployments. A rapid patch scan can identify which devices need which updates. Then, from the Patch Manager, it’s simple to target a specific update and deploy it to any devices that require it.

Whether its deploying one update or hundreds, Syxsense will handle the task with ease.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
|||||||

Critical Out-of-Band Adobe Update

By NewsNo Comments
[vc_single_image image=”25047″ img_size=”full”]

Updates Released for Acrobat Reader and DC on Mac and Windows

A week after their usually-scheduled monthly update, Adobe released more patches to tackle several vulnerabilities. One of the vulnerabilities addressed is rated as critical. In their security bulletin, Adobe states “Successful exploitation could lead to arbitrary code execution in the context of the current user.”

The remaining vulnerabilities also addressed are rated as ‘important’, so they also could pose a significant threat. While there are no currently known exploits, Adobe recommends the updates be deployed as soon as possible.

Any company should have a stable update deployment strategy already in place. Since Adobe just released its monthly set of updates, work these additional patches into your remediation process. A true IT solution should facilitate the strategies that work best for your unique environments.

[vc_single_image image=”25054″ img_size=”full” alignment=”center”]

Never Miss an Update

Syxsense is straight-forward to use while being immensely customizable.

Its Patch Manager has both Microsoft updates and a massive library of third-party software updates. Within the individual patch information, the number of devices that require the update or need to be scanned for it is featured. By clicking either of these, a task is launched that is prepopulated for rapid execution.

In the devices section, the device health indicators and overview gadgets show the current state of device vulnerability. Information about devices that may need specific patches is immediately available.

[vc_single_image image=”25055″ img_size=”full” alignment=”center”]

Our system rules are sets of updates from predetermined vendors. These facilitate rapid update deployments. You can also easily create your own and set up repeatable deployments. Maintenance windows ensure tasks occur around business hours and don’t interrupt productivity. Finally, run reports to confirm that remediation has occurred and prove it to anyone who might need it.

There’s a better way to manage your environment. Start a trial with Syxsense.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
|||

September Patch Tuesday: The Final Countdown

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image image=”25005″ img_size=”full”]

Patch Tuesday: The Latest News

Microsoft has released 61 security patches and two advisories covering Internet Explorer (IE), Edge, ChakraCore, Azure, Hyper-V, Windows components, .NET Framework, SQL Server, and Microsoft Office.

In the fallout of the British Airways hack this week, which we have learned was caused by an attack from Magecart, the world waits for the suspected Windows Zero Day exploit to be confirmed as CVE-2018-8440.

If so, we would recommend this update be prioritized this month.

Critical Adobe Updates

Adobe’s Patch Tuesday updates for September address a total of 10 vulnerabilities in Flash Player and with six of those Critical in ColdFusion. Only one Critical security issue has been patched in Flash Player, which is a light reprieve from the usual bucket load.

Microsoft will begin charging for updates in 2020

Windows 7 is estimated to be used by 40% of all devices using a Microsoft operating system, so it is a huge surprise that following the extended support in January 2020, Microsoft will start charging customers to continue receiving their Operating System updates.

Robert Brown, Director of Services for Verismic said, “Our clients still using Windows 7 have 2 very important choices. They chose either to commit to migrating to Windows 10, or they invoke a vigorous patch management strategy to begin updating all Windows 7 devices to the latest updates. The deadline is only 13 months away.”

If you commit to migrating to Windows 10, you can utilize the Feature Updates functionality in Syxsense to make future proofing your environment a reality.

Windows 10 Feature Update Planning

Only one month to go. If you are using Windows 10, version 1703 then you only have one month left to upgrade before it falls out of the standard ‘End of Service’ on October 9, 2018.

Each Windows 10 version will be serviced with quality updates for up to 18 months from availability. It is important that all quality updates are installed to help keep your device secure.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

[vc_single_image image=”25015″ img_size=”full”]
Vendor Name Vendor Severity Title
Microsoft Critical Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB4339093)
Microsoft Critical Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB4339093)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4338819)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4338814)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4338825)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x64-based Systems (KB4338832)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1607 for x86-based Systems (KB4338832)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1607 for x64-based Systems (KB4338832)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1803 for x86-based Systems (KB4338832)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1803 for x64-based Systems (KB4338832)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1803 for ARM64-based Systems (KB4338832)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x86-based Systems (KB4338832)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1709 for ARM64-based Systems (KB4338832)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4338825)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1709 for x86-based Systems (KB4338832)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4338814)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1709 for ARM64-based Systems (KB4338825)
Microsoft Critical 2018-07 Security Update for Adobe Flash Player for Windows 10 Version 1709 for x64-based Systems (KB4338832)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1803 for ARM64-based Systems (KB4338819)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4338819)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4338826)
Microsoft Critical 2018-07 Cumulative Update for Windows 10 Version 1703 for x86-based Systems (KB4338826)
Microsoft Important Security Update for Skype for Business 2016 (KB4022221) 64-Bit Edition
Microsoft Important 2018-07 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Server 2012 R2 for x64 (KB4340558)
Microsoft Important Security Update for Skype for Business 2015 (KB4022225) 32-Bit Edition
Microsoft Important Security Update for Microsoft SharePoint Foundation 2013 (KB4022243)
Microsoft Important Security Update for Microsoft Access 2016 (KB4018338) 64-Bit Edition
Microsoft Important Security Update for Microsoft Access 2016 (KB4018338) 32-Bit Edition
Microsoft Important 2018-07 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 (KB4340556)
Microsoft Important 2018-07 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 (KB4340004)
Microsoft Important 2018-07 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64 (KB4340004)
Microsoft Important Security Update for Microsoft Office Viewers Microsoft Office Compatibility Pack (KB4011202)
Microsoft Important Security Update for Microsoft Access 2013 (KB4018351) 32-Bit Edition
Microsoft Important 2018-07 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64 (KB4340556)
Microsoft Important Security Update for Microsoft Access 2013 (KB4018351) 64-Bit Edition
Microsoft Important 2018-07 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Server 2012 R2 for x64 (KB4340006)
Microsoft Important Security Update for Skype for Business 2016 (KB4022221) 32-Bit Edition
Microsoft Important Security Update for Word Viewer (KB4032214)
Microsoft Important Security Update for Skype for Business 2015 (KB4022225) 64-Bit Edition
Microsoft Important 2018-07 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4338818)
Microsoft Important 2018-07 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4338818)
Microsoft Important 2018-07 Security Only Quality Update for Windows 7 for x64-based Systems (KB4338823)
Microsoft Important 2018-07 Security Only Quality Update for Windows 7 for x86-based Systems (KB4338823)
Microsoft Low Security Update for Microsoft Word 2016 (KB4022218) 64-Bit Edition
Microsoft Low Security Update for Microsoft Word 2010 (KB4022202) 64-Bit Edition
Microsoft Low Security Update for Microsoft Office 2010 (KB4022200) 32-Bit Edition
Microsoft Low Security Update for Microsoft Word 2016 (KB4022218) 32-Bit Edition
Microsoft Low Security Update for Microsoft Office 2010 (KB4022200) 64-Bit Edition
Microsoft Low Security Update for Microsoft Word 2010 (KB4022202) 32-Bit Edition
[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” btn_width=”btn_full_width” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE [/dt_default_button]
||

Adobe Alert: Zero-Day Update

By News, Patch ManagementNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Photoshop Gets Edited

Adobe released an out-of-band security update to address two critical remote code execution vulnerabilities impacting Adobe Photoshop CC for Windows and Apple devices.

These two vulnerabilities, identified as CVE-2018-12810 and CVE-2018-12811, impact Adobe Photoshop CC 2018 version 19.x as well as Adobe Photoshop CC 2017 version 18.x.

Although these updates carry an Adobe Priority of 3; meaning it is not currently being exploited, we would advise a proactive deployment of these updates as quickly as possible. Their vulnerabilities are listed as critical and would be very disastrous if active exploitation begins.

Use Syxsense to survey your environment and rapidly deploy any needed updates. On the home page, you can quickly see which devices require critical updates.

By clicking on the gadget, you’ll jump right into a patch deployment process, prepopulated to deploy all critical updates to all devices that need them. You can easily modify this task to be more specific or start the task as-is to deploy the critical patches.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]