Patch Priorities and Dealing with Spectre
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
This has been widely breaking the news over the past week known as Spectre. Should this be your number one priority?Robert Brown, Director of Services for Verismic says, “The vector analysis of the vulnerability shows the exploitability score to be 1.1 out of 10, which is the independently assigned score detailing the type, ease and requirements needed by both users, technology and ‘chance’ in order for this vulnerability to be exposed.
The CVSS v3 score of 5.6 means this is in the High severity rating (Critical being the highest level) which means given the evidence of this independent review, the patch is important, but this should not be as important as establishing a routine patching process for your company.
Brown continued saying, “As of today, there are no known exploits in the wild impacting Intel, AMD and ARM devices. Please be clear, the software patches made available for operating systems, browsers and applications do not actually remove the vulnerability, they simply act as a bandage to reduce the likelihood an attacker will be successful.”
A real fix requires all CPU vendors to have kernel with countermeasures, such as microcode updates to be in place. Intel said that it would issue its own microcode updates to address the issue. Other vendors have said they are providing similar countermeasures.
Microsoft Patches for CPU Flaws Break Windows
Computers with AMD processors, particularly older Athlon models could potentially have issues where Windows is unable to start. Some users from the community have reported that after installing Microsoft’s update the operating system freezes during boot when the Windows logo is displayed.
Robert Brown, Director of Services for Verismic says, “Although we have not seen this issue ourselves, testing your patches before deployment is essential, if you need help with a patch management plan please download our free patching advice, Avoiding Patch Tuesday.”
The Worst Passwords of 2017 Revealed
With everything in the news about Spectre and Meltdown, it seems less significant to discuss passwords. For the second year in a row, the most common passwords used in 2017 has been revealed as “123456.” Simple passwords provide the easiest form of remote user authentication to expose vulnerabilities within your environment, providing easier identify theft and company espionage.With this in mind, simple passwords can be made more secure with two-factor authentication like we use with Syxsense.
All login attempts require a randomly generated code via email or Google authenticator before access to your systems is granted – however we always recommend our customers to use a hardened password as an additional security precaution.START FREE TRIAL
Patch Tuesday Release
Microsoft addressed 32 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, Microsoft Exchange, Microsoft Excel, Microsoft PowerPoint, and Microsoft SharePoint. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service condition.
We have chosen a few updates to prioritize this month, this recommendation has been made using evidence from industry experts (including our own) and anticipated business impact.
| Vendor Name | Title | Vendor Severity | Recommended |
| Microsoft | Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4011579) | Critical | Yes |
| Microsoft | 2018-01 Security Update for Adobe Flash Player for Windows Server 2016 for x64-based Systems (KB4056887) | Critical | Yes |
| Microsoft | Security Update for Microsoft SharePoint Server 2010 (KB4011609) | Critical | Yes |
| Microsoft | 2018-01 Cumulative Update for Windows Server 2016 (1709) for x64-based Systems (KB4056892) | Critical | Yes |
| Microsoft | 2018-01 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4056890) | Critical | Yes |
| Microsoft | 2018-01 Security Update for Adobe Flash Player for Windows Server 2016 for x64-based Systems (KB4056887) | Critical | Yes |
| Microsoft | 2018-01 Security Update for Adobe Flash Player for Windows Server 2012 R2 for x64-based Systems (KB4056887) | Moderate | Yes |
| Microsoft | 2018-01 Security Update for Adobe Flash Player for Windows Server 2012 for x64-based Systems (KB4056887) | Moderate | Yes |
| Microsoft | 2018-01 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 for x64 (KB4055272) | Important | |
| Microsoft | Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4011599) | Important | |
| Microsoft | 2018-01 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4055532) | Important | |
| Microsoft | 2018-01 Security and Quality Rollup for .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-based Systems (KB4055532) | Important | |
| Microsoft | 2018-01 Security Only Update for .NET Framework 2.0 and 3.0 on Windows Server 2008 SP2 for Itanium-based Systems (KB4055272) | Important | |
| Microsoft | 2018-01 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 (KB4055272) | Important | |
| Microsoft | 2018-01 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.1 and Server 2012 R2 for x64 (KB4055271) | Important | |
| Microsoft | 2018-01 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Server 2012 for x64 (KB4055270) | Important | |
| Microsoft | 2018-01 Security Only Update for .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-based Systems (KB4055269) | Important | |
| Microsoft | 2018-01 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4055269) | Important | |
| Microsoft | 2018-01 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 (KB4055267) | Important | |
| Microsoft | 2018-01 Security and Quality Rollup for .NET Framework 2.0 and 3.0 on Windows Server 2008 SP2 for Itanium-based Systems (KB4055267) | Important | |
| Microsoft | 2018-01 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 for x64 (KB4055267) | Important | |
| Microsoft | 2018-01 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.1 and Server 2012 R2 for x64 (KB4055266) | Important | |
| Microsoft | 2018-01 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Server 2012 for x64 (KB4055265) | Important | |
| Microsoft | Security Update for 2010 Microsoft Business Productivity Servers (KB3114998) | Important | |
| Microsoft | Security Update for Microsoft Office 2007 suites (KB4011201) | Important | |
| Microsoft | Security Update for Microsoft Office 2007 suites (KB4011656) | Important | |
| Microsoft | Security Update for Microsoft Office 2010 (KB4011610) 32-Bit Edition | Important | |
| Microsoft | Security Update for Microsoft Office 2010 (KB4011610) 64-Bit Edition | Important | |
| Microsoft | Security Update for Microsoft Office 2010 (KB4011611) 32-Bit Edition | Important | |
| Microsoft | Security Update for Microsoft Office 2010 (KB4011611) 64-Bit Edition | Important | |
| Microsoft | Security Update for Microsoft Office 2010 (KB4011658) 32-Bit Edition | Important | |
| Microsoft | Security Update for Microsoft Office 2010 (KB4011658) 64-Bit Edition | Important | |
| Microsoft | Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011605) | Important | |
| Microsoft | Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011607) | Important | |
| Microsoft | Security Update for Microsoft Office Excel 2007 (KB4011602) | Important | |
| Microsoft | Security Update for Microsoft Office Excel Viewer 2007 (KB4011606) | Important | |
| Microsoft | Security Update for Microsoft Office Outlook 2007 (KB4011213) | Important | |
| Microsoft | Security Update for Microsoft Office Word 2007 (KB4011657) | Important |
START YOUR FREE TRIAL FO SYXSENSE
