Skip to main content
Tag

Zero-Day Vulnerabilities

||

Government Orders Agencies to Patch Zerologon Vulnerability Immediately

By Blog, NewsNo Comments

Government Orders Agencies to Patch Zerologon Vulnerability Immediately

The Department of Homeland Security's cybersecurity division has declared an emergency directive for patching the Zerologon vulnerability.

[vc_empty_space]
[vc_single_image image=”107454″ img_size=”full”]

Homeland Security Issues Emergency Alert for Zerologon

The Department of Homeland Security’s cybersecurity division (CISA) has ordered federal civilian agencies to install a security patch for Windows Servers by Monday, citing “unacceptable risk” posed by the vulnerability to federal networks.

Declared via an emergency directive, the DHS order was issued via a rarely-used legal mechanism through which US government officials can force federal agencies into taking various actions.

The Zerologon vulnerability allows attackers that have a grasp on an internal network to hijack Windows Servers running as domain controllers and take over the entire network. It has been independently ranked with a CVSS score of 10.0, which is the highest possible rating. Deployment of this patch is essential.

Why the Zerologon Needs to Be Patched Immediately

Microsoft included fixes for the Zerologon vulnerability in the August Patch Tuesday update. Most IT professionals did not know how bad the bug really was until seeing a recent report from Secura and the weaponized proof-of-concepts that went public shortly afterward.

The widespread use of Windows Servers as domain controllers in US government networks, the 10 out of 10 severity rating for Zerologon, and the danger of a successful attack is what determined DHS officials to issue a rare emergency directive late Friday afternoon.

“CISA [Cybersecurity and Infrastructure Security Agency] has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action,” DHS CISA said in Emergency Directive 20-04.

The short deadline for applying security updates is primarily due to the ease of exploitation and severe consequences of a successful Zerologon attack. Although the directive applies to executive branch departments and agencies, the CISA also “strongly recommends” that the private sector take immediate action as well.

How to Patch Zerologon

We recommend deploying this update as soon as possible. Customers of Syxsense can easily patch the vulnerability by simply searching for CVE-2020-1472 within Patch Manager. Syxsense Manage and Syxsense Secure can easily deploy updates across your environment for Windows, Linux, and Mac devices. Automatically stay up-to-date and keep your environment secure with a simple and powerful solution.

[vc_single_image image=”38151″ img_size=”full” alignment=”center” onclick=”custom_link” css_animation=”fadeIn” link=”https://www.syxsense.com/start-a-free-trial-of-syxsense”]
[vc_separator]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1590698033746{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Microsoft’s April Patch Tuesday Tackles 113 Updates

By Patch Management, Patch TuesdayNo Comments

Microsoft’s April Patch Tuesday Tackles 113 Updates

Microsoft issued 113 fixes in this month's massive Patch Tuesday update. It's the first big patch release of the new work-from-home era.

[vc_empty_space]
[vc_single_image image=”37956″ img_size=”full”]

April Patch Tuesday Arrives with Huge Batch of Updates

Microsoft Patch Tuesday has officially arrived with 115 new patches for the unprecedented work-from-home climate amid the coronavirus outbreak.

There are 17 critical updates with the remaining 96 marked as important. Support for Windows 7 and Windows Server 2008 (including R2) ended in January, but there are plenty of updates released this month for customers who have purchased an extension agreement.

For the previous three months, there has been over 100 updates per month. on average—that’s almost 2GB per device per month. Now is the time to start building a patching strategy that does not depend on a VPN or patching in line of sight of your servers.

Users who are now working from home are more vulnerable than ever.

Largest Number of Weaponized Bugs This Year

Weaponized bugs use vulnerabilities to actively exploit security loopholes in the OS to infect your environment with ransomware or steal data. In this month’s release, we have seen the highest number of weaponized vulnerabilities fixed.

These should all be considered zero-day vulnerabilities, and we recommend they be remediated as quickly as possible.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Syxsense Recommendations

Based on the vendor severity and CVSS score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

 

CVE Reference Description Severity CVSS Score Weaponized Public Counter Measure Syxsense Recommended
CVE-2020-1020 Adobe Font Manager Library Remote Code Execution Vulnerability Important 7.8 Yes Yes Yes Yes
CVE-2020-0938 OpenType Font Parsing Remote Code Execution Vulnerability Important 7.8 Yes No Yes Yes
CVE-2020-1027 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Yes No No Yes
CVE-2020-0968 Scripting Engine Memory Corruption Vulnerability Critical 7.5 Yes No No Yes
CVE-2020-0935 OneDrive for Windows Elevation of Privilege Vulnerability Important 4.2 No Yes No Yes
CVE-2020-0969 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-1022 Dynamics Business Central Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-0948 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0949 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0950 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0907 Microsoft Graphics Components Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2020-0687 Microsoft Graphics Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2020-0927 Microsoft Office SharePoint XSS Vulnerability Critical TBA No No No Yes
CVE-2020-0929 Microsoft SharePoint Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-0931 Microsoft SharePoint Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-0932 Microsoft SharePoint Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-0974 Microsoft SharePoint Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-0965 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2020-0970 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0967 VBScript Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-0910 Windows Hyper-V Remote Code Execution Vulnerability Critical 8.4 No No No Yes
CVE-2020-0942 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important 6.3 No No No Yes
CVE-2020-0944 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1029 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0784 DirectX Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0888 DirectX Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0964 GDI+ Remote Code Execution Vulnerability Important 8 No No No Yes
CVE-2020-0953 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2020-0988 Jet Database Engine Remote Code Execution Vulnerability Important 7 No No No Yes
CVE-2020-0992 Jet Database Engine Remote Code Execution Vulnerability Important 7 No No No Yes
CVE-2020-0994 Jet Database Engine Remote Code Execution Vulnerability Important 7 No No No Yes
CVE-2020-0995 Jet Database Engine Remote Code Execution Vulnerability Important 7 No No No Yes
CVE-2020-0999 Jet Database Engine Remote Code Execution Vulnerability Important 7 No No No Yes
CVE-2020-1008 Jet Database Engine Remote Code Execution Vulnerability Important 7 No No No Yes
CVE-2020-1014 Microsoft Windows Update Client Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0956 Win32k Elevation of Privilege Vulnerability Important 7 No No No Yes
CVE-2020-0957 Win32k Elevation of Privilege Vulnerability Important 7 No No No Yes
CVE-2020-0958 Win32k Elevation of Privilege Vulnerability Important 7 No No No Yes
CVE-2020-0794 Windows Denial of Service Vulnerability Important 7.1 No No No Yes
CVE-2020-0934 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0983 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1009 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1011 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1015 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1004 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0917 Windows Hyper-V Elevation of Privilege Vulnerability Important 8.4 No No No Yes
CVE-2020-0918 Windows Hyper-V Elevation of Privilege Vulnerability Important 8.4 No No No Yes
CVE-2020-0913 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1000 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1003 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0940 Windows Push Notification Service Elevation of Privilege Vulnerability Important 7 No No No Yes
CVE-2020-1001 Windows Push Notification Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1006 Windows Push Notification Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1017 Windows Push Notification Service Elevation of Privilege Vulnerability Important 7 No No No Yes
CVE-2020-0936 Windows Scheduled Task Elevation of Privilege Vulnerability Important 7.1 No No No Yes
CVE-2020-0985 Windows Update Stack Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0996 Windows Update Stack Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0895 Windows VBScript Engine Remote Code Execution Vulnerability Important 7.5 No No No Yes
CVE-2020-1094 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0889 Jet Database Engine Remote Code Execution Vulnerability Important 6.7 No No No
CVE-2020-0959 Jet Database Engine Remote Code Execution Vulnerability Important 6.7 No No No
CVE-2020-0960 Jet Database Engine Remote Code Execution Vulnerability Important 6.7 No No No
CVE-2020-0937 Media Foundation Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0939 Media Foundation Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0945 Media Foundation Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0946 Media Foundation Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0947 Media Foundation Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0984 Microsoft (MAU) Office Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-1002 Microsoft Defender Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-1049 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important TBA No No No
CVE-2020-1050 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important TBA No No No
CVE-2020-1018 Microsoft Dynamics Business Central/NAV Information Disclosure Important TBA No No No
CVE-2020-0906 Microsoft Excel Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0979 Microsoft Excel Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0982 Microsoft Graphics Component Information Disclosure Vulnerability Important TBA No No No
CVE-2020-0987 Microsoft Graphics Component Information Disclosure Vulnerability Important TBA No No No
CVE-2020-1005 Microsoft Graphics Component Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0961 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0760 Microsoft Office Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0991 Microsoft Office Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0923 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0924 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0925 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0926 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0930 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0933 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0954 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0973 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0978 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0919 Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-1019 Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-0920 Microsoft SharePoint Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0971 Microsoft SharePoint Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0972 Microsoft SharePoint Spoofing Vulnerability Important TBA No No No
CVE-2020-0975 Microsoft SharePoint Spoofing Vulnerability Important TBA No No No
CVE-2020-0976 Microsoft SharePoint Spoofing Vulnerability Important TBA No No No
CVE-2020-0977 Microsoft SharePoint Spoofing Vulnerability Important TBA No No No
CVE-2020-0899 Microsoft Visual Studio Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-0980 Microsoft Word Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0943 Microsoft YourPhone Application for Android Authentication Bypass Vulnerability Important TBA No No No
CVE-2020-1026 MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability Important TBA No No No
CVE-2020-0966 VBScript Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0900 Visual Studio Extension Installer Service Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-0699 Win32k Information Disclosure Vulnerability Important 4.7 No No No
CVE-2020-0962 Win32k Information Disclosure Vulnerability Important 4.7 No No No
||

Microsoft’s February 2020 Patch Tuesday Fixes 99 Security Issues

By Patch Management, Patch TuesdayNo Comments

Microsoft’s February 2020 Patch Tuesday Fixes 99 Security Issues

The official Patch Tuesday updates have arrived for February, including 99 vulnerability fixes. Catch up on the latest news from Microsoft and start patching.
[vc_empty_space]
[vc_single_image image=”36945″ img_size=”full”]

February Patch Tuesday is Here

Microsoft have released 99 patches today. There are 12 Critical patches with the remaining marked Important.

Support for Windows 7 and Windows Server 2008 (including R2) was officially ended last month, but there are plenty of updates released this month for customers who have purchased an extension agreement.

Zero Day Weaponized Bug for IE

CVE-2020-0674, which carries a Critical vendor severity and High CVSS score, has been documented as being Publicly Aware and actively Weaponized.

This is as close to a Zero Day as you can get, and we encourage all users still using Internet Explorer to update this as soon as possible. This vulnerability affects Windows 7, which officially ended support last month, and Windows 10 through Windows Server 2008 to 2012.

Robert Brown, Director of Services for Syxsense said, “If you are still using Internet Explorer on Windows 7 and have not purchased the CSA / ESU extension, you may wish to consider uninstalling IE and replacing it with another browser immediately due to the critical nature of this vulnerability. It has huge potential to be used to install Ransomware or other software simply by accessing an infected website. Customers using Syxsense Manage or Syxsense Secure will be able to deploy all new Windows 7 content to your licensed Windows 7 systems.”

[vc_single_image image=”36750″ img_size=”full” alignment=”center” onclick=”custom_link” css_animation=”fadeIn” link=”https://www.syxsense.com/internet-explorer-vulnerability-has-massive-security-flaw/”]

Microsoft released a security advisory for an unpatched IE code-execution vulnerability.

Another Adobe Headache

Adobe released 42 updates today—the largest of the year so far. They have fixed bugs in Framemaker, Experience Manager, Adobe Digital Editions, Flash, and Acrobat and Reader. Both Syxsense and Adobe recommend these Critical updates be deployed within the next 7 days.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Syxsense Recommendations

Based on the vendor severity and CVSS score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

 

CVE Ref. Description Vendor Severity CVSS Base Score Counter-measure Publicly Aware Weaponized Syxsense Recommended
CVE-2020-0674 Scripting Engine Memory Corruption Vulnerability Critical 7.5 No Yes Yes Yes
CVE-2020-0689 Microsoft Secure Boot Security Feature Bypass Vulnerability Important 8.2 No Yes No Yes
CVE-2020-0683 Windows Installer Elevation of Privilege Vulnerability Important 7 No Yes No Yes
CVE-2020-0686 Windows Installer Elevation of Privilege Vulnerability Important 7 No Yes No Yes
CVE-2020-0706 Microsoft Browser Information Disclosure Vulnerability Important 4.3 No Yes No Yes
CVE-2020-0738 Media Foundation Memory Corruption Vulnerability Critical 8.8 No No No Yes
CVE-2020-0662 Windows Remote Code Execution Vulnerability Critical 8.6 No No No Yes
CVE-2020-0729 LNK Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-0681 Remote Desktop Client Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-0734 Remote Desktop Client Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-0673 Scripting Engine Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-0767 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0710 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0712 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0713 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0711 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0757 Windows SSH Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2020-0655 Remote Desktop Services Remote Code Execution Vulnerability Important 8 No No No Yes
CVE-2020-0740 Connected Devices Platform Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0741 Connected Devices Platform Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0742 Connected Devices Platform Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0743 Connected Devices Platform Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0749 Connected Devices Platform Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0750 Connected Devices Platform Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0727 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0703 Windows Backup Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0701 Windows Client License Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0657 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0747 Windows Data Sharing Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0659 Windows Data Sharing Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0737 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0739 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0753 Windows Error Reporting Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0754 Windows Error Reporting Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0678 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0679 Windows Function Discovery Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0680 Windows Function Discovery Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0682 Windows Function Discovery Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0745 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0707 Windows IME Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0668 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0669 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0670 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0671 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0672 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0666 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0667 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0735 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0752 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0704 Windows Wireless Network Manager Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0708 Windows Imaging Library Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2020-0660 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Important 7.5 No No No
CVE-2020-0709 DirectX Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0732 DirectX Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0720 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0721 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0722 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0723 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0725 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0726 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0731 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0719 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0724 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0685 Windows COM Server Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0792 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0715 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0661 Windows Hyper-V Denial of Service Vulnerability Important 6.8 No No No
CVE-2020-0665 Active Directory Elevation of Privilege Vulnerability Important 6.6 No No No
CVE-2020-0730 Windows User Profile Service Elevation of Privilege Vulnerability Important 6.3 No No No
CVE-2020-0751 Windows Hyper-V Denial of Service Vulnerability Important 6 No No No
CVE-2020-0746 Microsoft Graphics Components Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0717 Win32k Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0716 Win32k Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0658 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0744 Windows GDI Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0698 Windows Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0736 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0675 Windows Key Isolation Service Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0676 Windows Key Isolation Service Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0677 Windows Key Isolation Service Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0748 Windows Key Isolation Service Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0755 Windows Key Isolation Service Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0756 Windows Key Isolation Service Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0705 Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0691 Win32k Elevation of Privilege Vulnerability Important 4.7 No No No
CVE-2020-0714 DirectX Information Disclosure Vulnerability Important 4.7 No No No
CVE-2020-0663 Microsoft Edge Elevation of Privilege Vulnerability Important 4.2 No No No
CVE-2020-0728 Windows Modules Installer Service Information Disclosure Vulnerability Important 3.3 No No No
CVE-2020-0692 Microsoft Exchange Server Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0733 Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0759 Microsoft Excel Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0688 Microsoft Exchange Memory Corruption Vulnerability Important TBC No No No
CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0696 Microsoft Outlook Security Feature Bypass Vulnerability Important TBC No No No
CVE-2020-0702 Surface Hub Security Feature Bypass Vulnerability Important TBC No No No
CVE-2020-0695 Microsoft Office Online Server Spoofing Vulnerability Important TBC No No No
CVE-2020-0697 Microsoft Office Tampering Vulnerability Important TBC No No No
CVE-2020-0693 Microsoft Office SharePoint XSS Vulnerability Important TBC No No No
CVE-2020-0694
||||

Internet Explorer Has Massive Security Flaw

By Blog, Patch ManagementNo Comments

Internet Explorer Has Massive Security Flaw

Microsoft recently released a security advisory alerting its users of an unpatched code-execution vulnerability in Internet Explorer.
[vc_empty_space]
[vc_single_image image=”36752″ img_size=”full”]

What is the IE Vulnerability?

Microsoft recently released a security advisory alerting its users of an unpatched code-execution vulnerability in Internet Explorer.

The vulnerability (CVE-2020-0674), which is listed as high as critical in severity for Internet Explorer version 11 and moderate in severity for Internet Explorer versions 9 and 10, “exists in the way that the scripting engine handles objects in memory in Internet Explorer”, Microsoft stated in its advisory.

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights,” Microsoft went on to explain in the advisory.

“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”

How the IE Vulnerability was Discovered

Microsoft stated they had learned about the vulnerability by Clément Lecigne of Google’s Threat Analysis Group (TAG) and Ella Yu from Qihoo 360, which have apparently seen the weakness being exploited in limited, targeted attacks.

Google’s Threat Analysis Group has previously reported several vulnerabilities to Microsoft, including one in the Windows 7/2008R2 architecture (CVE-2019-0808) as well as another Internet Explorer exploit (CVE-2019-1367).

Managing the IE Vulnerability

Although the vulnerability sounds intense, Microsoft stated it’s not present in the supported versions of Internet Explorer (which uses Jscrip9.dll) and they instead took a firm stance on waiting until next month’s Patch Tuesday to produce remediation.

“Microsoft is aware of this vulnerability and working on a fix,” Microsoft stated at the end of their advisory. “Our standard policy is to release security updates on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers.”

For those that require a quick fix, Microsoft detailed a workaround that leverages administrative commands to restrict access to the vulnerable scripting library. It should be noted that the workaround may result in reduced functionality for components or features that rely on jscript.dll.

Security professionals have also advised users to simply stop using Internet Explorer and instead switch to a more reliable and secure solution; however, this may not be easy for all as some existing web-based software still requires outdated version of Internet Explorer. Microsoft has even recently launched its own Chromium-based Edge browser to provide better compatibility to its customers.

Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across your entire environment. Find peace of mind by trusting your Syxsense and set up a free trial today.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

December Patch Tuesday Fixes Actively Exploited Zero-Day

By Patch Management, Patch TuesdayNo Comments

Microsoft’s December 2019 Patch Tuesday Fixes Actively Exploited Zero-Day

The final Patch Tuesday of the decade fixes 36 vulnerabilities, including 7 that are rated "Critical."
[vc_empty_space]
[vc_single_image image=”35985″ img_size=”full”]

What’s in December’s Patch Tuesday Update?

Microsoft has given users an easier holiday season by releasing only 36 updates today. There are 7 Critical, 28 Important and 1 Moderate updates to deal with.

If you’re counting the small number of patches, that would appear to be accurate, however, underneath this list is a number of updates you should be very concerned about.

Hello XP, My Old Friend

Can it be true? Yes, in fact—an important Remote Desktop Protocol vulnerability for Windows XP has been identified (CVE-2019-1489) in this release. The problem is that updates are not actually available for this operating system as it became end of life in 2014.

Robert Brown, Director of Services for Syxsense said. “Windows XP is still in used today, many organizations which use legacy software or hardware that only supports this operating system should pay particular attention. One of the attacker’ favorite methods of entry is via the Remote Desktop Protocol. If your organization is large enough, please take all reasonable steps to protect your environment.”

CVE-2019-1458 has been released to solve a bug which is being weaponized! This vulnerability should be treated as an ‘Out-of-Band’ as it impacts Windows 7 onwards and has no known countermeasure to mitigate your risk. This type of vulnerability has regularly appeared throughout this year, so patch this as soon as possible.

Not Critical Severity, But Still High Priority

CVE-2019-1476, CVE-2019-1477, CVE-2019-1478, CVE-2019-1483, CVE-2019-1484, CVE-2019-1453, CVE-2019-1485 and CVE-2019-1384 have only been ranked as Important by Microsoft, however the independent CVSS Score has ranked these between 7.5 and up to 7.8 which would indicate these are important enough to prioritize.

Based on those CVSS scores, they rank alongside some of Critical ones ranked by Microsoft.

New Adobe Updates

Adobe released a record number of 25 updates for Adobe Reader, Bracket, Fusion and Photoshop. Adobe Reader has the bulk of these fixes however Photoshop and Fusion contain the Critical updates. Both Syxsense and Adobe recommend these Critical updates be deployed within the next 7 days.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

December 2019 Patch Tuesday Update

Based on the vendor severity and CVSS score, we have made a few recommendations for what to prioritize this month.

 

CVE Ref. Description Vendor Severity CVSS Base Score Counter-measure Publicly Aware Weaponised Syxsense Secure Recommended
CVE-2019-1458 Win32k Elevation of Privilege Vulnerability Important 7.8 No No Yes Yes
CVE-2019-1468 Win32k Graphics Remote Code Execution Vulnerability Critical 8.4 No No No Yes
CVE-2019-1471 Windows Hyper-V Remote Code Execution Vulnerability Critical 8.2 No No No Yes
CVE-2019-1476 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2019-1477 Windows Printer Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2019-1478 Windows COM Server Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2019-1483 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2019-1484 Windows OLE Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2019-1453 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Important 7.5 No No No Yes
CVE-2019-1485 VBScript Remote Code Execution Vulnerability Important 7.5 No No No Yes
CVE-2019-1349 Git for Visual Studio Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2019-1350 Git for Visual Studio Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2019-1352 Git for Visual Studio Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2019-1354 Git for Visual Studio Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2019-1387 Git for Visual Studio Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2019-1470 Windows Hyper-V Information Disclosure Vulnerability Important 6 No No No
CVE-2019-1465 Windows GDI Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1466 Windows GDI Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1467 Windows GDI Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1469 Win32k Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1472 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1474 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1480 Windows Media Player Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1481 Windows Media Player Information Disclosure Vulnerability Important 5.5 No No No
CVE-2019-1488 Microsoft Defender Security Feature Bypass Vulnerability Important 3.3 No No No
CVE-2019-1332 Microsoft SQL Server Reporting Services XSS Vulnerability Important TBA No No No
CVE-2019-1400 Microsoft Access Information Disclosure Vulnerability Important TBA No No No
CVE-2019-1461 Microsoft Word Denial of Service Vulnerability Important TBA No No No
CVE-2019-1462 Microsoft PowerPoint Remote Code Execution Vulnerability Important TBA No No No
CVE-2019-1463 Microsoft Access Information Disclosure Vulnerability Important TBA No No No
CVE-2019-1464 Microsoft Excel Information Disclosure Vulnerability Important TBA No No No
CVE-2019-1486 Visual Studio Live Share Spoofing Vulnerability Important TBA No No No
CVE-2019-1487 Microsoft Authentication Library for Android Information Disclosure Vulnerability Important TBA No No No
CVE-2019-1489 Remote Desktop Protocol Information Disclosure Vulnerability Important TBA No No No
CVE-2019-1490 Skype for Business and Lync Spoofing Vulnerability Important TBA No No No
CVE-2019-1351 Git for Visual Studio Tampering Vulnerability Moderate TBA No No No
||

Microsoft’s November 2019 Patch Tuesday Fixes IE Zero-Day

By News, Patch Management, Patch TuesdayNo Comments

Microsoft’s November 2019 Patch Tuesday Fixes IE Zero-Day

Microsoft has released 74 Patch Tuesday updates, including 13 Critical updates and a fix for a remote code execution vulnerability in Internet Explorer.
[vc_empty_space]
[vc_single_image image=”35622″ img_size=”full”]

November 2019 Patch Tuesday: What to Expect

Microsoft has released 74 updates today – there are 13 Critical and 61 Important updates to deal with.

CVE-2019-1429 has been released to solve a bug that is being weaponized! This vulnerability should be treated as an ‘Out-of-Band’ update for anyone still using Internet Explorer. Previously, we have suggested moving away from IE—this is yet another reason to look for a safer browser for your business.

Robert Brown, Director of Services for Syxsense said, “The biggest risk our customers can take, is not treating weaponized vulnerabilities seriously enough. Weaponized vulnerabilities are often not the highest severity and aren’t prioritized enough by IT managers and security administrators. In this case, the severity is critical. If the vulnerability was exploited, it could easily be used to spread ransomware or take over a system. Please patch this now.”

Not Critical, But High Priority Patches

CVE-2019-1384 and CVE-2019-1424 have only been ranked as Important by Microsoft, however the independent CVSS Score has ranked these 8.5 and 8.1 respectively. CVE-2019-1384 is a vulnerability impacting all Windows operating systems from Windows 7 to Windows Server 2019 where an attacker could obtain key and sign in messages making some security login audit records redundant. It can also infect other machines.

We believe CVE-2019-1424 is particularly dangerous. If exposed, this vulnerability could downgrade the secure communications channel leading to communications messages being sent to Windows improperly—possibly even intercepted and recorded.

Latest Adobe Patches

Adobe released four patches for Adobe Animate CC, Illustrator CC, Bridge CC, and Media Encoder. The Media Encoder patch includes a critical fix for an out-of-bounds (OOB) that could allow code execution. Both Syxsense and Adobe recommend this Out-of-Band update be deployed within the next 7 days.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

November 2019 Patch Tuesday Update

Based on the vendor severity and CVSS score, we have made a few recommendations for what to prioritize this month. Pay close attention to those under Publicly Aware and Weaponized.

 

CVE Ref. Description Vendor Severity CVSS Base Score Publicly Aware Weaponised Syxsense Secure Recommended
CVE-2019-1429 Scripting Engine Memory Corruption Vulnerability Critical 7.5 No Yes YES
CVE-2019-1373 Microsoft Exchange Remote Code Execution Vulnerability Critical NA No No YES
CVE-2019-1457 Microsoft Office Excel Security Feature Bypass Important NA Yes No YES
CVE-2019-1384 Microsoft Windows Security Feature Bypass Vulnerability Important 8.5 No No YES
CVE-2019-1424 NetLogon Security Feature Bypass Vulnerability Important 8.1 No No YES
CVE-2019-0721 Hyper-V Remote Code Execution Vulnerability Critical 8 No No YES
CVE-2019-1419 OpenType Font Parsing Remote Code Execution Vulnerability Critical 7.8 No No YES
CVE-2019-1379 Windows Data Sharing Service Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1380 Microsoft splwow64 Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1382 Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1383 Windows Data Sharing Service Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1385 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1388 Windows Certificate Dialog Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1393 Win32k Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1394 Win32k Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1395 Win32k Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1396 Win32k Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1405 Windows UPnP Service Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1407 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1408 Win32k Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1415 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1416 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1417 Windows Data Sharing Service Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1420 Windows Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1422 Windows Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1423 Windows Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1456 OpenType Font Parsing Remote Code Execution Vulnerability Important 7.8 No No YES
CVE-2019-1389 Windows Hyper-V Remote Code Execution Vulnerability Critical 7.6 No No YES
CVE-2019-1397 Windows Hyper-V Remote Code Execution Vulnerability Critical 7.6 No No YES
CVE-2019-1398 Windows Hyper-V Remote Code Execution Vulnerability Critical 7.6 No No YES
CVE-2019-1390 VBScript Remote Code Execution Vulnerability Critical 7.5 No No YES
CVE-2019-1430 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 7.3 No No YES
CVE-2019-1370 Open Enclave SDK Information Disclosure Vulnerability Important 7 No No YES
CVE-2019-1392 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No YES
CVE-2019-1433 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No YES
CVE-2019-1434 Win32k Elevation of Privilege Vulnerability Important 7 No No YES
CVE-2019-1435 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No YES
CVE-2019-1437 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No YES
CVE-2019-1438 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No YES
CVE-2019-1441 Win32k Graphics Remote Code Execution Vulnerability Critical 6.7 No No YES
CVE-2019-1406 Jet Database Engine Remote Code Execution Vulnerability Important 6.7 No No
CVE-2019-1381 Microsoft Windows Information Disclosure Vulnerability Important 6.6 No No
CVE-2019-0712 Windows Hyper-V Denial of Service Vulnerability Important 5.8 No No
CVE-2019-1309 Windows Hyper-V Denial of Service Vulnerability Important 5.8 No No
CVE-2019-1310 Windows Hyper-V Denial of Service Vulnerability Important 5.8 No No
CVE-2019-1374 Windows Error Reporting Information Disclosure Vulnerability Important 5.5 No No
CVE-2019-1391 Windows Denial of Service Vulnerability Important 5.5 No No
CVE-2019-1409 Windows Remote Procedure Call Information Disclosure Vulnerability Important 5.5 No No
CVE-2019-1436 Win32k Information Disclosure Vulnerability Important 5.5 No No
CVE-2019-1399 Windows Hyper-V Denial of Service Vulnerability Important 5.4 No No
CVE-2019-1324 Windows TCP/IP Information Disclosure Vulnerability Important 5.3 No No
CVE-2019-1412 OpenType Font Driver Information Disclosure Vulnerability Important 5 No No
CVE-2019-1440 Win32k Information Disclosure Vulnerability Important 5 No No
CVE-2018-12207 Windows Kernel Information Disclosure Vulnerability Important 4.7 No No
CVE-2019-11135 Windows Kernel Information Disclosure Vulnerability Important 4.7 No No
CVE-2019-1439 Windows GDI Information Disclosure Vulnerability Important 4.7 No No
CVE-2019-1411 DirectWrite Information Disclosure Vulnerability Important 4.4 No No
CVE-2019-1432 DirectWrite Information Disclosure Vulnerability Important 4.4 No No
CVE-2019-1413 Microsoft Edge Security Feature Bypass Vulnerability Important 4.3 No No
CVE-2019-1426 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No
CVE-2019-1427 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No
CVE-2019-1428 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No
CVE-2019-1418 Windows Modules Installer Service Information Disclosure Vulnerability Important 3.5 No No
CVE-2019-1234 Azure Stack Spoofing Vulnerability Important NA No No
CVE-2019-1402 Microsoft Office Information Disclosure Vulnerability Important NA No No
CVE-2019-1425 Visual Studio Elevation of Privilege Vulnerability Important NA No No
CVE-2019-1442 Microsoft Office Security Feature Bypass Vulnerability Important NA No No
CVE-2019-1443 Microsoft SharePoint Information Disclosure Vulnerability Important NA No No
CVE-2019-1445 Microsoft Office Online Spoofing Vulnerability Important NA No No
CVE-2019-1446 Microsoft Excel Information Disclosure Vulnerability Important NA No No
CVE-2019-1447 Microsoft Office Online Spoofing Vulnerability Important NA No No
CVE-2019-1448 Microsoft Excel Remote Code Execution Vulnerability Important NA No No
CVE-2019-1449 Microsoft Office ClickToRun Security Feature Bypass Vulnerability Important NA No No
CVE-2019-1454 Windows User Profile Service Elevation of Privilege Vulnerability Important NA No No
||

Google Reveals Severe Zero-Day Vulnerabilities in Chrome

By Patch ManagementNo Comments

Google Reveals Severe Zero-Day Vulnerabilities in Chrome

Google has released a software update to the Chrome browser that patches two severe zero-day vulnerabilities that could allow the browser to be hijacked.
[vc_empty_space]
[vc_single_image image=”35547″ img_size=”full”]

Zero-Day Vulnerabilities Found in Google Chrome

Google has released a software update to the Chrome browser that patches two zero-day vulnerabilities that could potentially allow the browser to be hijacked by attackers.

One flaw affects the browser’s audio component (CVE-2019-13720) while the other vulnerability affects the PDFium library (CVE-2019-13721).

Google is urging users to update to the latest version as soon as possible. This includes Windows, Mac, and Linux devices as the version rolls out over the next few days.

“This version addresses vulnerabilities that an attacker could exploit to take control of an affected system, “ stated the Cybersecurity and Infrastructure Security Agency alert. “One of these vulnerabilities (CVE-2019-13720) was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.”

Prevent Arbitrary Code Execution

The main bug (CVE-2019-13720) is a user-after-free flaw – a memory corruption flaw where an attempt is made to access memory after it has been freed. This typically causes a slew of malicious impacts from causing programs to become instable as well as potentially leading to execution of arbitrary code; sometimes even enabling full remote code execution capabilities.

The second bug (CVE-2019-13721) was discovered in the PDFium library, which was developed by Foxit and Google and provides developers with capabilities to leverage an open-source software library for viewing and searching PDF documents. This vulnerability is also considered use-after-free but has received no reports of it being exploited in the wild. It was disclosed by a researcher under the alias “bananapenguin” who received a $7500 bounty through Google’s vulnerability disclosure program.

These are considered the second round of Chrome zero-days detected this year, since back in March, Google patched another Chrome zero-day (CVE-2019-5786) which was being used together with a Windows 7 zero-day (CVE-2019-0859).

Google has stated that the update to the browser will be rolling out to users automatically over the coming days; however, all Chrome users should opt for a manual update as soon as possible.

How to Manage Chrome Vulnerabilities

Leveraging a systems management solution with an up-to-date library of third-party products could easily alleviate the issue across organizations. Syxsense provides Chrome updates same-day and allows for an exceptionally smooth process with a Patch Deploy task.

Simply target all devices for the newest Chrome 78 update and the pre-packaged detection will determine if devices do/do not require the update; if they require it, the update will be automatically applied and the vulnerability remediated.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1573147510616{margin-top: 15px !important;}”]