Skip to main content
Tag

windows update

||

Windows Kerberos Bug Fixed in November Out-of-Band Update

By Patch ManagementNo Comments

Windows Kerberos Bug Fixed in November Out-of-Band Update

Microsoft has fixed a bug for a bypass vulnerability in the Kerberos Key Distribution Center (KDC) security feature.

[vc_empty_space]
[vc_single_image image=”251740″ img_size=”full”]

Kerberos Authentication Bug

A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).  The update known as CVE-2020-17049  addresses this vulnerability by changing how the KDC validates service tickets used with KCD.

Once deployment of the patch has been made, the following manual steps are then available to fully resolve the vulnerability:

Post-Patch Action

Registry subkey HKEY_LOCAL_MACHINESystemCurrentControlSetServicesKdc

Reboot required: No

Value: PerformTicketSignature

Data type: REG_DWORD

  • 0 – This disables ticket signatures and your domains are not protected. Important Do not use this setting until further notice. There is a known issue that could cause the S4USelf feature of Kerberos to become non-functional.
  • 1 – The fix is enabled on the domain controller but the DC does not require that tickets conform to the fix.
  • 2 – This enables the fix in required mode where all domains must be patched and all DCs require tickets with signatures.

Microsoft does not recommend using the 0 setting due to known issues with the S4USelf feature of Kerberos.

How does this patch affect third-party Kerberos clients?

When the registry key is set to 1, patched domain controllers will issue service tickets and Ticket-Granting Tickets (TGT)s that are not renewable and will refuse to renew existing service tickets and TGTs. Windows clients are not impacted by this since they never renew service tickets or TGTs.

Third-party Kerberos clients may fail to renew service tickets or TGTs acquired from unpatched DCs. If all DCs are patched with the registry set to 1, third-party clients will no longer receive renewable tickets.

Customers using Syxsense Manage or Syxsense Secure will be able to find this patch by searching for CVE-2020-17049.

[vc_separator]

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1590698033746{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Microsoft Zero Day Patch

By Patch ManagementNo Comments

Microsoft have released an update for Windows 10

[vc_empty_space]
[vc_single_image image=”37422″ img_size=”full”]

Microsoft Zero Day – KB4551762

 

Microsoft have released an update for Windows 10 to protect your environment from an imminent threat.  A full description of this update can be found here: https://support.microsoft.com/en-us/help/4551762/windows-10-update-kb4551762

 

The vulnerability is marked as Critical and carries a CVSS score of 10.0 which is the highest score available.

 

We have completed our internal testing and based on this evidence; plus, information we have seen in the community relating to potential issues with 32bit application compatibility we are recommending a careful deployment of this patch.  We would recommend waiting at least 24 hours before a site wide deployment.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
|Patch Tuesday: March Updates|

Microsoft’s March Patch Tuesday is Absolutely Massive

By Patch Management, Patch TuesdayNo Comments

Microsoft’s March 2020 Patch Tuesday is Absolutely Massive

Right on schedule, the official Patch Tuesday updates have arrived for March, including 115 vulnerability fixes. Catch up on the latest news from Microsoft and start patching.
[vc_empty_space]
[vc_single_image image=”37243″ img_size=”full”]

March Patch Tuesday Updates are Now Available

Microsoft Patch Tuesday has officially arrived with 115 new patches. There are 26 Critical patches with the remaining marked Important and Moderate.

Support for Windows 7 and Windows Server 2008 (including R2) was officially ended in January, but there are plenty of updates released this month for customers who have purchased an extension agreement.

Robert Brown, Director of Services for Syxsense said, “A large portion of the Critical updates released today are for the Internet Explorer browser, including four of these CVEs for Windows 7. Even if your corporate policy is to use an alternative browser, if your devices have the IE binaries on the system drive, then you must patch.”

New Windows 7 Vulnerabilities

For those still using this legacy operating system, we have listed the updates you need to prioritize in this Patch Tuesday:

  1. CVE-2020-0832, CVE-2020-0833, CVE-2020-0824, CVE-2020-0847 – Internet Explorer 11 – In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
  2. CVE-2020-0844 – Connected User Experiences and Telemetry Service – The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations.
  3. CVE-2020-0645 – Microsoft IIS Server Tampering – The update addresses the vulnerability by modifying how IIS Server handles malformed request headers.
  4. CVE-2020-0788, CVE-2020-0877, CVE-2020-0887 – Win32k Elevation – The update addresses this vulnerability by correcting how Win32k handles objects in memory.
  5. CVE-2020-0787 – Windows Background Intelligent Transfer Service – The security update addresses the vulnerability by correcting how Windows BITS handles symbolic links.
  6. CVE-2020-0769 – Windows CSC – The security update addresses the vulnerability by correcting how the Windows CSC Service handles memory.
  7. CVE-2020-0849 – Windows Hard Link – The security update addresses the vulnerability by correcting how Windows handles hard links.
  8. CVE-2020-0779 – Windows Installer – The security update addresses the vulnerability by modifying how reparse points are handled by the Windows Installer.
  9. CVE-2020-0778 – Windows Network Connections Service – The security update addresses the vulnerability by ensuring the Windows Network Connections Service properly handles objects in memory.
[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Syxsense Recommendations

Based on the vendor severity and CVSS score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

 

<

||||

Prepare for Patch Tuesday!

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image image=”25975″ img_size=”full”]

Do you have a patching strategy? It should include turning off Automatic Windows update.

Patch Tuesday is here. To avoid the usual splitting headache, we recommend disabling automatic updates for Windows and implementing a reliable patch strategy.

Windows 10 updates whether you want it to or not…unless you know the trick. While we recommend that you always keep your systems patched, sometimes the updates are worse than the vulnerability, like the July Patch Tuesday this year.

Win10

If you have a Professional, Enterprise, or Education edition of Windows 10, you can turn off automatic updates, but the option is hidden. You need to pull yourself out of beta testing and then delay new versions by setting the “feature update” deferral to 120 days or more. Here’s what to do in version 1703, if you have a later version of Windows 10 these settings still apply, but the wording is slightly different.

  • Press Win-R, type gpedit.msc, press Enter. This brings up the Local Group Policy Editor.
  • Navigate the left pane as if it were File Explorer to
  • Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Updates.
  • Choose Select when Feature Updates are received.
  • In the resulting dialog box, select Enabled.
  • In the Options box, type in how many days you’d like to pause updates and then in the next field type in today’s date.
  • Click Apply and then OK.

If you want to you can repeat this process for the second setting in Group Policy named Select when Quality Updates are received. Keep in mind, however, that quality updates include security updates and skipping them is not the best idea. On the upside, security updates are cumulative meaning if you do skip these updates, you can download the next one and be up to date.

Win7 and 8

  • Log in to the Windows 7 or Windows 8 guest operating system as an administrator.
  • Click Start > Control Panel > System and Security > Turn automatic updating on or off.
  • In the Important updates menu, select Never check for updates.
  • Deselect Give me recommended updates the same way I receive important updates.
  • Deselect Allow all users to install updates on this computer and click OK.
[vc_single_image image=”25987″ img_size=”medium” alignment=”center” onclick=”custom_link” link=”https://go.pardot.com/l/62402/2016-08-30/2y9m9t”]

Patch Strategy

Your IT update solution should facilitate phased rollouts and have full rollback options. These are the necessary keys to avoiding data loss or device outages.

Step 1. Identify

You can’t manage your environment if you don’t know what devices are there and which need updates. An IT solution should also be able to manage roaming devices.

Plus, if data is stale, it could mean missing a device or update that was critical to secure. Detect the state of your environment with live, accurate, and actionable data.

Step 2. Test Group Deployment

Deploy the updates to a small group of devices. These devices should be of low impact to the overall productivity of your company. Once these devices have been successfully and safely updated, you can deploy needed updates without worrying about a massive disaster.

Step 3. Phased Rollout

Now updates should be distributed to any device that needs them. However, you want this task to preform around business hours. Updates are important, but so is avoiding interruptions of productivity. A maintenance window should be set up so that any update tasks happen before and after business hours.

And to facilitate a proper patching strategy, look to a comprehensive IT solution.

Syxsense

This is the solution for all of your patching needs. Syxsense can deploy updates to Windows, Mac, and Linux devices. It is a complete patching solution that can manage devices both in your network, but also roaming and out of the office.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Software Update Service

We understand that while updating software is the #1 way to protect your environment, it’s low on your priority list. As an IT department, you have other pressing tasks that you need your attention.

With our Software Update Service, you can move forward while we keep your devices up to date.

Our expert patch management team provides reliable support with detection and remediation for Windows and third-party software updates. We work closely with you to provide safe and efficient endpoint security with your own systems management tool or ours, Syxsense.

Our team will keep your IT systems reliable with endpoints updated and secure.

CVE Ref. Description Vendor Severity CVSS Base Score Counter-measure Publicly Aware Weaponized Syxsense Recommended
CVE-2020-0852 Microsoft Word Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-0905 Dynamics Business Central Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-0684 LNK Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-0801 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0807 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0809 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0869 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0768 Microsoft Browser Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-0830 Microsoft Browser Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-0832 Scripting Engine Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-0833 Scripting Engine Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-0824 VBScript Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-0847 VBScript Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-0881 GDI+ Remote Code Execution Vulnerability Critical 6.7 No No No Yes
CVE-2020-0883 GDI+ Remote Code Execution Vulnerability Critical 6.7 No No No Yes
CVE-2020-0811 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0812 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0816 Microsoft Edge Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0823 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0825 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0826 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0827 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0828 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0829 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0831 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0848 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0844 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0793 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0762 Microsoft Defender Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0763 Microsoft Defender Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0808 Provisioning Runtime Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0788 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0834 Windows ALPC Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0787 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0769 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0771 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0819 Windows Device Setup Manager Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0810 Windows Diagnostics Hub Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0776 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0858 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0772 Windows Error Reporting Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0806 Windows Error Reporting Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0791 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0840 Windows Hard Link Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0841 Windows Hard Link Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0849 Windows Hard Link Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0896 Windows Hard Link Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0798 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0814 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0842 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0843 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0799 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0822 Windows Language Pack Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0802 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0803 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0804 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0845 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0857 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0867 Windows Update Orchestrator Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0868 Windows Update Orchestrator Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0797 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0800 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0864 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0865 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0866 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0897 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0758 Azure DevOps Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0815 Azure DevOps Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0700 Azure DevOps Server Cross-site Scripting Vulnerability Important TBC No No No
CVE-2020-0903 Microsoft Exchange Server Spoofing Vulnerability Important TBC No No No
CVE-2020-0893 Microsoft Office SharePoint XSS Vulnerability Important TBC No No No
CVE-2020-0894 Microsoft Office SharePoint XSS Vulnerability Important TBC No No No
CVE-2020-0795 Microsoft SharePoint Reflective XSS Vulnerability Important TBC No No No
CVE-2020-0891 Microsoft SharePoint Reflective XSS Vulnerability Important TBC No No No
CVE-2020-0884 Microsoft Visual Studio Spoofing Vulnerability Important TBC No No No
CVE-2020-0850 Microsoft Word Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0851 Microsoft Word Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0855 Microsoft Word Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0892 Microsoft Word Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0872 Remote Code Execution Vulnerability in Application Inspector Important TBC No No No
CVE-2020-0902 Service Fabric Elevation of Privilege Important TBC No No No
CVE-2020-0789 Visual Studio Extension Installer Service Denial of Service Vulnerability Important TBC No No No
CVE-2020-0770 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0773 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0860 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0645 Microsoft IIS Server Tampering Vulnerability Important 7.5 No No No
CVE-2020-0854 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2020-0786 Windows Tile Object Service Denial of Service Vulnerability Important 7.1 No No No
CVE-2020-0690 DirectX Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0877 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0887 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0876 Win32k Information Disclosure Vulnerability Important 7 No No No
CVE-2020-0898 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0779 Windows Installer Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0778 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0780 Windows Network List Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0781 Windows UPnP Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0783 Windows UPnP Service Elevation of Privilege Vulnerability Important 7 No No No