Skip to main content

Industry News

Let's talk shop!

330 Topics
M
MD Shoaib PashaNovice
asked in Patch Tuesday
Software Inventory filtering in Policy

Hi Team,In our environment, we have requirement to install only Security, Critical Updates & 3rd party Updates for Windows. Can you please let us know how we can make sure we are specifically installing only Security, Critical and 3rd party S/W updates? Below is the below list of updates that we want to exclude from patching:Feature Packs Tools Update Rollups UpgradesAlso, let us know which policy is best to use in this scenario.Thanks,Shoaib

320
M
M
MD Shoaib PashaNovice
asked in Patch Tuesday
Supported 3rd party Software for Linux OS

Hi Team,Does Automox supports 3rd party S/w updates for Linux? if yes, can you please provide list of Supported 3rd party Software for Linux OS? I have found an article where it means any third-party package that is part of Device Package manager is supported not others? if so, can you please elaborate in detail?  

451
M
S
SophiaAXCommunity Manager
posted in Patch Tuesday
Nov 2023 Patch Tuesday: 1 Zero Day, 75 Vulnerabilities, and a new Podcast with Mitigation Tips

Boom! And just like that, November's Patch Tuesday has rolled around again. While this Patch Tuesday is less of a heavy hitter than last month's, we still have one Zero-Day and 75 vulnerabilities.Be sure to check out our first-ever Patch [FIX] Tuesday podcast (available here, or wherever you get your podcasts) for mitigation tips from Jason Kikta and Tom Bowyer!  

370
S
M
MD Shoaib PashaNovice
asked in Patch Tuesday
Patch Scheduling date\time

Hi Team,We have two patching group for PC name Pilot PC and Prod. Just wanted to know what the best practice is install the updated-on Pilot and Prod PC’s?Need to know how frequently we are patching Pilot and Prod group with Data and time.Thanks,Shoaib 

370
M
M
MD Shoaib PashaNovice
asked in Patch Tuesday
Why do we need to open port 80 all inbound/outbound for *.digicert.com

Hi Team,Wanted to know why port 80 has been used for *.digicert.com and *.digicertcdn. Also, why do we need to open inbound port for *.digicert.com?Thanks,Shoaib

1602
M
S
SophiaAXCommunity Manager
posted in Patch Tuesday
October 2023 Patch Tuesday: Automox Analysis and Worklets to Mitigate

🎃 October's Patch Tuesday has uncovered a whopping 112 vulnerabilities, including one Zero-Day vulnerability and 17 categorized as critical. But fear not, because we always have your back.We've got three exclusive Automox Worklets that will help you tackle 22 of these vulnerabilities head-on. Stay safe and unmask those monsters this October!  

360
S
S
SophiaAXCommunity Manager
posted in Industry Discussion
How have you used Generative AI in the past year? How did it help (or not help) you?

Talk of Generative AI is taking over industry headlines, water cooler chat, and even our LinkedIn feeds.But how many of us have actually gotten hands-on with Generative AI? If you have used Generative AI at work, how successful have those experiences been? We’d love to hear what the Automox Community has to say about Generative AI, so take a minute to reply with your answer to these questions:How have you used Generative AI in the past year? What was the experience like? How did it help (or not help) you?Here are some examples to get us started:Did you use it to write a script? Did you use it to write traditional code instead of a low-code solution? Did you use it to find information instead of a search engine? Did you use it to identify vulnerabilities?

741
L
J
jlavetanRookie
asked in Patch Tuesday
Windows Server Patching and Reboot Behavior

Not sure if there’s a problem or something isn’t configured correctly… We have groups of Windows servers (group 1, group 2, etc.) with patch policies (patch 1, patch 2, etc.). I’ve noticed that if there multiple rounds of Windows updates, the policy will only install the first round. I have manually run the policy again to install the remaining patches. For example, policy runs at 8:00 am, installs X number of patches and server reboots. After reboot, the server still has available patches to install and I have to manually run the policy to install the remaining patches. 

3722
J
sparrowhawk
sparrowhawkNovice
asked in Patch Tuesday
Devices that require a reboot

I have my patching policies set to automatically reboot and deferrals are configured so that the user gets two chances to put a restart off. But I’m still seeing machines that require reboots. How can I find out why the automatic reboots aren’t working and how can I fix this?TIAGreg

752
sparrowhawk
S
SophiaAXCommunity Manager
posted in Vulnerabilities
Patch Now: Attackers Exploit CVE-2022-47966

Nation-state threat actors have exploited CVE-2022-47966 and CVE-2022-42475, leaving many businesses vulnerable to cyberattacks.We have created the Mitigate CVE-2022-47966 (Windows/Linux) Worklets, intended to temporarily mitigate the risk of exploitation of CVE-2022-47966.The Worklets will create and enable host-based firewall rules to block any malicious IPs identified in the Vulnerability Report as well as drop all inbound connections to port 80 or port 443 on target devices hosting the vulnerable ManageEngine software.More information (including mitigation recs) can be found here. 

700
S
S
SophiaAXCommunity Manager
posted in Patch Tuesday
August 2023 Patch Tuesday Surfaces MSMQ RCE Vulnerability – Check Out the Worklet That Will Mitigate it For You

106 vulnerabilities in this month’s Patch Tuesday This month’s Patch Tuesday brings 106 vulnerabilities, seven of which are critical and two of which are currently being exploited in the wild to our knowledge. There’s certainly been plenty of discussion in the community in the past month around Microsoft Azure vulnerabilities. Today, we’ll focus on the vulnerabilities patched by Microsoft in this month’s Patch Tuesday release. We believe the most important this month is CVE-2023-36910, a critical CVSS 9.8 vulnerability that allows for remote code execution and affects most Windows desktop and server operating systems.Keep reading in our blog, here!

580
S
J
junger_congaRookie
asked in Patch Tuesday
Automox Install failling on ec2 instances

Looking at the documentation, I cant seem to find if the automox agent is supported on all ec2 instance sizes? I know that certain software/agents cannot run on instances of certain sizes, is that the case for Automox agents? Attempting to narrow in on reason why ec2 is not accepting install through SSM.

661
J
S
SophiaAXCommunity Manager
published in Patch Tuesday
🚨 July’s Patch Tuesday Demands Attention: 5 Zero-days and 129 Vulnerabilities

July’s Patch Tuesday release from Microsoft marks a decidedly heavy month for IT admins with 129 vulnerabilities to patch, including 5 (yes, you read that right) zero-days and 9 critical vulnerabilities.Admins will want to make quick moves on this month’s zero-days, which include a security feature bypass vulnerability in Microsoft Outlook (CVE-2023-35311) that is sure to be popular among bad actors. Get details on this CVE and others to prioritize here. 

640
S
S
SophiaAXCommunity Manager
published in Patch Tuesday
June 2023's Patch Tuesday Packs a Modest Punch

June’s Patch Tuesday release from Microsoft gives admins some breathing room with no reported zero-days and only 70 total vulnerabilities to patch as we launch into summer.But that doesn’t mean admins are totally off the hook this month. Several critical vulnerabilities should get your attention, including a CVSS 9.8 elevation of privilege vulnerability affecting Microsoft SharePoint. CVE-2023-29357 opens the doors for attackers to gain access to spoofed JWT authentication tokens to then use them to execute a network attack, with no privileges or user action needed.There are also three critical remote code execution vulnerabilities affecting Windows Pragmatic General Multicast (PGM) that all score a CVSS 9.8 and should be patched within 24 hours.Other vulnerabilities to prioritize include a Microsoft Exchange Server vulnerability that scores a CVSS 8.8 which attackers could use to target server accounts in an arbitrary or remote code execution and gain access. And there’s a Windows TPM

471
O
0
0101001011011010110zNovice
posted in Patch Tuesday
The old forum was better.

I dont come here often, but when I do I am usually looking for help. I find this new forum to be difficult to navigate, hard to find what I am looking for, I am miss the old one. As I am writing the post I am getting frustrated that I can see this is going in the wrong category, and I cant put it in a more appropriate one. I am sure a lot of this is mostly that I dont come here much and havent gotten used to it, bit I just wanted to give some feedback. 

1212
S
S
SophiaAXCommunity Manager
posted in Patch Tuesday
Patch Tuesday is coming...

As always, we’ll give you a rundown of what’s new and our recommendations on how to patch. Stay tuned!  

420
S
T
taylor.jonesRookie
asked in Patch Tuesday
Install a single patch/package across multiple servers

I am looking to install the remediation patch for CVE-2023-28252 across all of our windows servers. More info here: https://www.bleepingcomputer.com/news/security/windows-zero-day-vulnerability-exploited-in-ransomware-attacks/ I am able to identify which servers need this patch via the automox device search, but I cannot figure out how to create a policy which pushes only the KB which fixes this CVE. I do no want to push all patches at once as this would be done outside of our normal patching schedule.

1691
jack.smith
S
SophiaAXCommunity Manager
posted in Patch Tuesday
🚨 3CX vulnerability: How to remediate ASAP

You may have seen the news that 3CX Phone Systems VOIP desktop application has fallen victim to an attack. As with any major vulnerability event, we recommend the following remediation steps:  Double-check that your environment does not have the software deployed If any instances are found, remove immediately While only Windows and MacOS versions are currently known to be malicious, Automox recommends removing all versions of 3CX VOIP from Windows, Mac, Linux, and mobile systems. 3CX VOIP will communicate and distribute safe replacement versions  Our team has created Worklets for Windows, macOS, and Linux to help Automox customers as well as a general script in standard languages for any non-Automox users. Find those resources HERE. And please feel free to share amongst your industry colleagues and any impacted organizations. As always, our goal is security for all. More information is available here.

1020
S
JessicaS-Automox
JessicaS-AutomoxAutomox Employee
published in Vulnerabilities
What is a CVE?F.A.Q.

CVEs are a critical part of the cybersecurity knowledge base, but if you’re new to the industry it can be a little confusing at first. Let’s break it down! What does CVE stand for?CVE stands for “Common Vulnerabilities and Exposures”. Clear as mud? But that does really hit the nail on the head. If there is a security vulnerability identified in a product that can be fixed, it will be tied to a CVE. But a CVE is a numeric identifier, formatted as CVE-YYYY-XXXXX, where YYYY is the year and XXXXX can be a 4 to 6 digit unique number.What is a CVE number?A CVE number is a universally used numeric identifier assigned to one, and only one, vulnerability. This allows the community to have clarity on issues as they discuss them, rather than relying on vendor-specific identifiers. Sometimes vulnerabilities are given a name (typically by the party who identified it), like “Dirty Cow” or “Dirty Pipe”, but the CVE number is always assigned and is universal. With the ever-increasing number of vulner

1621
L
L
lamadorRookie
posted in Patch Tuesday
change log

Whatever happened to the change logs notes with every release? Have they moved somehwere else? thanks

1002
BrandonG-Automox
J
JLX89Novice
posted in Patch Tuesday
Intune Update Rings

Hello All,We are looking to improve our patching and I am curious to see how others have their Intune Update Rings configured, based on the understanding that Automox utilizes Windows Update to scan for updates (Link). We are looking to defer all patching, so that Automox can take over and push the patches for example Windows 10 updates.I know there are other options such as Device Configuration Profiles over the Windows Update Rings in Intune, I would be open to any suggestions on this! Thank you!

1600
J
Gina
GinaAutomox Employee
posted in Patch Tuesday
Nearly 100 Vulnerabilities to Ring in the First Patch Tuesday of 2023

After a light December, IT and security teams have their work cut out for them as we enter 2023 with nearly 100 vulnerabilities patched by Microsoft in the first Patch Tuesday of the new year.In our most recent Patch Tuesday Release Blog, 98 vulnerabilities were reported, 11 of which are critical, and 1 is being actively exploited. Highlights we’ve shared, include: IT and security teams should prioritize CVE-2023-21674, an important and actively exploited zero-day vulnerability in Windows Advanced Local Procedure Call (ALPC) that allows for elevation to full system privileges when exploited.    Automox recommends that CVE-2023-21552 and CVE-2023-21532 should be remediated quickly as these vulnerabilities allow for elevation to SYSTEM privileges due to a weakness in Windows GDI.    If you still use Windows 7 Pro or Enterprise (along with 8.1), Extended Security Updates (ESU) end today. We’d strongly recommend decommissioning these operating systems if you haven’t already as they’ll no l

1430
Gina
sparrowhawk
sparrowhawkNovice
asked in Vulnerabilities
Patching MS Office applications, politely!

Hi all, I know this has been discussed in a couple of old threads, but has anyone got any new suggestion for a way to avoid Office applications being quit with no warning when they’re patched? I’ve had a couple of colleagues complain about it recently.Thanks

4733
sparrowhawk
R
rbridgmanRookie
asked in Vulnerabilities
Activity Logs

I am brand new to Automox, so please bare with me.  I am testing with the native Zoom patch policy.  I have associated a group and targeted one device.  After clicking run policy, I don’t get any activity logs for the current day.  I’m probably missing something simple, but any help would be greatly appreciated.  Thanks

660
R
J
JayDoakRookie
asked in Vulnerabilities
Auto remove client after set time?

Is there a way to automatically remove stale clients after a set time? I would love to have the ability to automatically remove devices that have not been online for a duration of time such as 60 days. 

1351
BrandonG-Automox
Terms & ConditionsCookie settings