Skip to main content
Tag

windows feature updates

|||

Identifying Endpoints with SolarWinds® Orion® Software

By NewsNo Comments

Identifying Endpoints with SolarWinds® Orion® Software

There has been a significant hack linked to security vulnerabilities in SolarWinds® Orion® software

[vc_empty_space]
[vc_single_image image=”313681″ img_size=”full”]

Syxsense Allows Users to Scan for SolarWinds® Orion® Vulnerability

By now, everyone should be aware of the significant hack linked to security vulnerabilities in SolarWinds® Orion® software – https://www.solarwinds.com/securityadvisory.

The team at Syxsense has received requests asking if Syxsense Manage and Secure can help identify endpoints that might have SolarWinds software installed.

The Syxsense inventory scanner can quickly identify devices with SolarWinds software. Simply run an inventory query for SolarWinds or Inventory Software Report to see a list of all endpoints with SolarWinds software installed. Syxsense’s software distribution features can also be helpful to initiate uninstalls of SolarWinds.

The Syxsense Secure platform uses Syxsense Realtime functions to dynamically scan all endpoints for SolarWinds software, including scanning the hard drives in real-time to look for the compromised “SolarWinds.Orion.Core.BusinessLayer.dll” by name or file hash, quarantining devices to stop lateral movement and thereby protecting the network. With added security, Syxsense blocks the execution of SolarWinds software until a security evaluation of potentially exposed endpoints can be completed.

 

For technical details on how the SolarWinds Compromise and SUNBURST Backdoor work, we recommend reading a report from IT Security Company FIREEYE – https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

[vc_separator]

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1590698033746{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

The U.S. Government’s Patch Management Problem

By BlogNo Comments

The U.S. Government’s Patch Management Problem

Businesses are not the only ones experiencing the constant threat of data breaches. The U.S. government has its own fair share of patch management problems.
[vc_empty_space]
[vc_single_image image=”34921″ img_size=”full”]

The Ponemon Institute’s 2018 study of enterprise security and vulnerability found that 57 percent of the organizations queried claimed a data breach had occurred in the past two years because of their failure to apply an available patch they didn’t know about. Even worse, another 34 percent said they knew they were vulnerable and that a patch was available—but they didn’t apply it.

As it turns out, it appears that business enterprises are not the only ones remiss. From all accounts, the U.S. government has its own patch management issues. The continued presence of open-source software in the public sector plays a significant role here, as does the fact that numerous governmental agencies at all levels are hamstrung by legacy IT infrastructure.

The vulnerability time-bomb

According to NextGov, it usually takes about three days for word of a software program’s significant flaws to reach the community of malicious online actors—and for those hackers to figure out how to take advantage of these vulnerabilities.

For a government agency, three days isn’t much time, considering the red tape and bureaucracy that lies between knowledge and action. The reality is, if agency security staffs aren’t working fast enough in their search to find and quarantine or eradicate the flaw, chances are high that the bad guys can do some damage.

Security holes in government departments

Worse, it turns out that federal agencies—including the Departments of Defense, Treasury, and Justice, as well as the Nuclear Regulatory Commission and the Office of Personnel Management—are aware, at least to some extent, of existing security flaws.

Scorecards mandated by the Federal IT Acquisition Reform Act indicating agencies’ levels of cybersecurity and general tech capabilities have shown dismal grades in recent years: Most agencies scored F, F+ or D for multiple metrics on their two 2018 evaluations. The DoD, whose responsibilities include handling some of the most sensitive information in the whole government ecosystem, fares particularly poorly in such assessments, as its own Inspector General’s office confirmed in a December 2018 report.

Bob Metzger, an attorney with the government cybersecurity-focused law firm RJO, said in an interview with NextGov that patch management is a specific part of this problem. Agencies don’t necessarily have any clear process for assessing and patching software. Furthermore, department officials’ knowledge gaps regarding their own technology effectively handicaps any patch management measures they do have.

“I would be very surprised if even a small percentage of federal agencies today had a usable inventory of the open-source components in the software that they rely upon for their critical agency functions,” Metzger explained.

Dealing with open-source concerns

In other words, programs built with at least some open-source components—whether based in long-established languages such as Java or newer code such as Python—are everywhere in the global IT ecosystem, including the U.S. government. It’s unrealistic for any such agency—or, for that matter, any private-sector organization—to completely eradicate the use of such code. It is equally impossible, of course, to ignore the security risks it can pose.

According to Sonatype’s 2019 State of the Software Supply Chain report, 25 percent of all public- and private-sector developers said they underwent a breach caused by flaws in open-source components during 2018. The study also found that such breaches rose in frequency by 75 percent between 2014 and 2018.

What this all points to is simple: Any government agency or business looking to establish reasonable control over risk associated with open-source software and code must set up a patch management strategy immediately. It should include update support, not only for standards such as Microsoft Windows and Apple iOS, but also platforms from third-party software vendors and open-source developers—everything from Chrome, Linux, Java, and Python to individual programs such as Firefox, VLC, Adobe Flash and many more.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||”]
|||

Microsoft Warns that End-of-Life is Near for 1703

By NewsNo Comments

Microsoft Warns that End-of-Life is Near for 1703

Microsoft is reminding enterprise admins that Windows 10, version 1703 of Enterprise and Education editions, is reaching end-of-life on October 9, 2019.
[vc_empty_space]
[vc_single_image image=”33745″ img_size=”full”]

Say Farewell to Patches for 1703 in October

Microsoft is reminding enterprise admins that Windows 10, version 1703 of Enterprise and Education editions, is reaching end-of-life on October 9, 2019.

This means that the version will be fully unsupported and will no longer receive new monthly security or quality updates. The consumer versions (Home, Pro, Pro for Workstations, and IoT Core editions) have already reached end-of-life last year on October 8, 2018, and haven’t been receiving updates since.

[vc_single_image image=”33747″ img_size=”full” alignment=”center”]

Tweet from Microsoft about the end-of-life for 1703

Microsoft’s warning is, of course, no surprise. The 1703 version, the “Creators Update” was released back in early 2017 and originally had 18-month support; however, last September Microsoft extended their servicing period to 30 months for the 1703 Enterprise and Education editions.

“There is no extended support available for any edition of Windows 10, version 1703. Therefore, it will no longer be supported after October 9, 2019 and will not receive monthly security and quality updates containing protections from the latest security threats,” Microsoft warned.

While Windows 10 has received a fixed deadline, Microsoft has also been crafting its offer of paid Windows 7 patches to enterprise customers still running the older operating system, after it also ends support on January 14th, 2020.

Enterprise Agreement (EA) and Enterprise Subscription Agreement (EAS) customers with active subscriptions to Windows 10 E5, Microsoft 365 E5, and Microsoft 365 E5 Security can opt-in for ‘Windows 7 Extended Security Updates’ for a year at no additional charge. The promotion will run from June 1, 2019, to December 31, 2019.

What should you do next?

Even though Microsoft has announced that it would offer continued security updates to businesses for the maturing operating system, the free updates will definitely cease after January 14th, 2020.

For those who are still on Windows 10, version 1703, and need to migrate: move to a newer and supported feature update version, such as 1809, 1903, or even 19H2 (to be released in September or October of this year). Always double-check the endpoint capabilities and whether or not it can support the latest, supported versions of Windows 10. For more information on Windows 10 pre-requisites, you can always check with Microsoft’s requirements.

Whether you’re a consumer with an outdated version of Windows 10 or Windows 7, or an enterprise admin nearing, or even past, end-of-life Windows 10 versions, any unsupported version of Windows has potential to be attacked and exploited through the use of malware or even ransomware.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||”]
||

Homeland Security Issues Critical BlueKeep Warning

By NewsNo Comments

Homeland Security Issues Critical BlueKeep Warning

Homeland Security’s cyber agency says it has tested a working exploit for the BlueKeep vulnerability, capable of achieving remote code execution on a vulnerable device.
[vc_empty_space]
[vc_single_image image=”30528″ img_size=”full” alignment=”center”]

The United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has declared an official warning to patch the wormable BlueKeep flaw. After confirming the exploit can be used to remotely execute code on vulnerable PCs, the agency released an advisory reiterating the dangers of the vulnerability.

CVE-2019-0708, also known as BlueKeep, is a critical-rated bug that affects computers running Windows 7 and earlier. An exploit able to remotely run code or malware on an affected computer could trigger a global incident similar to the WannaCry ransomware attack of 2017.

“CISA encourages users and administrators review the Microsoft Security Advisory and the Microsoft Customer Guidance for CVE-2019-0708 and apply the appropriate mitigation measures as soon as possible,” CISA writes in its alert.

CISA’s alert serves as a warning that malicious attackers could soon achieve the same results as WannaCry. As of last week, close to 1 million internet-exposed machines are still vulnerable to the flaw, according to researchers.

However, this is just the tip of the iceberg. These devices are gateways to potentially millions more machines that sit on the internal networks they lead to. A wormable exploit can move laterally within that network, rapidly spreading to anything and everything it can infect in order to replicate and spread.

Earlier this month, The U.S. National Security Agency (NSA) also issued a rare advisory, warning users to patch “in the face of growing threats” of exploitation.

[vc_single_image image=”30124″ img_size=”full” alignment=”center”]

Syxsense has added a “BlueKeep At Risk Devices” report to every console to help you stay on top of emerging threats. In seconds, view a list of every device that hasn’t been scanned for the vulnerability see where the risk is detected.

With a few more clicks, you can deploy the patch to every device, run the report and prove to management that you are 100% compliant.

[vc_btn title=”Start a Free Trial of Syxsense” color=”info” size=”lg” align=”left” link=”url:%2Fsyxsense-trial|||”]
[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:%2Fsyxsense-trial|||”]
||

Blue Screen of Death Occurring with Feature Updates

By NewsNo Comments

Blue Screen of Death Occurring with Feature Updates

With the introduction of the newest Windows 10 Feature Version 1903, some security application vendors have published known issues when upgrading.
[vc_empty_space]
[vc_single_image image=”30507″ img_size=”full” alignment=”center”]

This isn’t the first we’ve heard of Windows 10 upgrades being affected by antivirus or encryption software. But, in fact, Microsoft has always recommended to disable existing security software before upgrading to ensure that there isn’t any conflict during the process, and sometimes Windows will notify automatically.

“Moving to the newest feature version isn’t just another patch or update, but should be treated as an actual upgrade to the entire operating system,” says Jon Cassell, Senior Solutions Architect at Verismic Software, Inc. “Just disabling the security software won’t be enough, especially if it’s full disk encryption. Many recommend decrypting and/or uninstalling the application entirely before upgrading to the latest feature version.”

Recently, ESET has informed its Endpoint Encryption customers that upgrading to Windows 10, version 1903, causes boot errors. Specifically, post-upgrade presents an immediate blue screen error (BSOD) when booting. The device(s) receive the stop code “INACCESSIBLE BOOT DEVICE” and must fully decrypt the volume before repairing the Windows installation manually. It’s feasible the entire volume may even become corrupt and require an entire reformat.

Rather than upgrade and jump through hoops, crossing your fingers that the volume can be repaired, it’s better to proactively prepare a strategy to uninstall the application, push the upgrade accordingly, then reinstall.

Using Syxsense, the inventory feature can easily show any registered security application, such as ESET, Trend Micro, or McAfee, and allow a silent uninstall to take place with software distribution. Once the application has been removed, simply push the new upgrade using Feature Updates and let the end-user decide when they want to install and when they want to reboot their device. Post-upgrade, re-leverage the software distribution feature again to re-install the security application silently; all without the need to troubleshoot a single device manually.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:%2Fsyxsense-trial|||”]
|

‘Roll Back’ To The Future

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Beware: Windows 10 Feature Updates are Double Work!

Windows 10 Feature Updates (Windows 10 Servicing) will dominate the agenda of many IT Managers as Microsoft uses their new release method to introduce new operating system experiences and security enhancements for their flagship operating system. These are scheduled for release every 6 months until the end of extended support in October 2025.

Before you start your journey, you need to be aware that each feature update will have its own support for 18 months, forcing IT Managers to keep releasing these updates at least every 12 months.  If you are still using Windows 10 version 1607, support has already ended.

 

Verismic recommends that IT managers plan out their Windows 10 Feature Updates as soon as it is publicly available.  But Beware: upon installation of the Windows 10 Feature Update, any patch or update which has been deployed since the date of that feature update will have to be re-deployed to bring that system back up to date.

Robert Brown, Director of Services for Verismic says, “IT managers spend a lot of time planning and deploying their Windows updates each month. They need to understand that after installing any Windows 10 Feature Update, they will be effectively rolled back in time to the date of that release. Example Fig.1 below, next month if you apply 1803, you will have to re-deploy all updates since March – that could be over 40 updates per device. Use Syxsense to make re-deployment far easier and more efficient.”

[vc_single_image image=”24413″ img_size=”full”]

Microsoft is giving IT Managers double the work, but Syxsense simplifies patching. Our Patch Manager quickly identifies any device in need of updates. Then a maintenance window can be created to deploy the updates after business hours, avoiding any loss in productivity.

Start a trial of Syxsense today.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]