Breathe easy knowing we've got you covered with Patch Tuesday news and remediation recommendations every month!
- 214 Topics
- 213 Replies
Boom! And just like that, November's Patch Tuesday has rolled around again. While this Patch Tuesday is less of a heavy hitter than last month's, we still have one Zero-Day and 75 vulnerabilities.Be sure to check out our first-ever Patch [FIX] Tuesday podcast (available here, or wherever you get your podcasts) for mitigation tips from Jason Kikta and Tom Bowyer!
🎃 October's Patch Tuesday has uncovered a whopping 112 vulnerabilities, including one Zero-Day vulnerability and 17 categorized as critical. But fear not, because we always have your back.We've got three exclusive Automox Worklets that will help you tackle 22 of these vulnerabilities head-on. Stay safe and unmask those monsters this October!
Not sure if there’s a problem or something isn’t configured correctly… We have groups of Windows servers (group 1, group 2, etc.) with patch policies (patch 1, patch 2, etc.). I’ve noticed that if there multiple rounds of Windows updates, the policy will only install the first round. I have manually run the policy again to install the remaining patches. For example, policy runs at 8:00 am, installs X number of patches and server reboots. After reboot, the server still has available patches to install and I have to manually run the policy to install the remaining patches.
I have my patching policies set to automatically reboot and deferrals are configured so that the user gets two chances to put a restart off. But I’m still seeing machines that require reboots. How can I find out why the automatic reboots aren’t working and how can I fix this?TIAGreg
August 2023 Patch Tuesday Surfaces MSMQ RCE Vulnerability – Check Out the Worklet That Will Mitigate it For You
106 vulnerabilities in this month’s Patch Tuesday This month’s Patch Tuesday brings 106 vulnerabilities, seven of which are critical and two of which are currently being exploited in the wild to our knowledge. There’s certainly been plenty of discussion in the community in the past month around Microsoft Azure vulnerabilities. Today, we’ll focus on the vulnerabilities patched by Microsoft in this month’s Patch Tuesday release. We believe the most important this month is CVE-2023-36910, a critical CVSS 9.8 vulnerability that allows for remote code execution and affects most Windows desktop and server operating systems.Keep reading in our blog, here!
We use Tenable.io for vulnerability scanning and it has flagged a number of Windows endpoints that have old versions of Teams installed. I was puzzled by this as Automox patches Teams, and it turns out that because we’re using the machine wide installer, the Teams application is being installed into the user’s Appdata directory. This will only get updated if the user logs in but we don’t regularly log in with some accounts.I’ve read suggested fixes including:Create a GPO that deletes old accounts from the machines. This is problematic for us IT admins. Remove the machine wide installer so that Teams is not automatically installed when a user first logs in.Has anyone found a way to resolve this using Automox? I’d be interested to learn how others have resolved this. TIA
Looking at the documentation, I cant seem to find if the automox agent is supported on all ec2 instance sizes? I know that certain software/agents cannot run on instances of certain sizes, is that the case for Automox agents? Attempting to narrow in on reason why ec2 is not accepting install through SSM.
July’s Patch Tuesday release from Microsoft marks a decidedly heavy month for IT admins with 129 vulnerabilities to patch, including 5 (yes, you read that right) zero-days and 9 critical vulnerabilities.Admins will want to make quick moves on this month’s zero-days, which include a security feature bypass vulnerability in Microsoft Outlook (CVE-2023-35311) that is sure to be popular among bad actors. Get details on this CVE and others to prioritize here.
June’s Patch Tuesday release from Microsoft gives admins some breathing room with no reported zero-days and only 70 total vulnerabilities to patch as we launch into summer.But that doesn’t mean admins are totally off the hook this month. Several critical vulnerabilities should get your attention, including a CVSS 9.8 elevation of privilege vulnerability affecting Microsoft SharePoint. CVE-2023-29357 opens the doors for attackers to gain access to spoofed JWT authentication tokens to then use them to execute a network attack, with no privileges or user action needed.There are also three critical remote code execution vulnerabilities affecting Windows Pragmatic General Multicast (PGM) that all score a CVSS 9.8 and should be patched within 24 hours.Other vulnerabilities to prioritize include a Microsoft Exchange Server vulnerability that scores a CVSS 8.8 which attackers could use to target server accounts in an arbitrary or remote code execution and gain access. And there’s a Windows TPM
I dont come here often, but when I do I am usually looking for help. I find this new forum to be difficult to navigate, hard to find what I am looking for, I am miss the old one. As I am writing the post I am getting frustrated that I can see this is going in the wrong category, and I cant put it in a more appropriate one. I am sure a lot of this is mostly that I dont come here much and havent gotten used to it, bit I just wanted to give some feedback.
I am looking to install the remediation patch for CVE-2023-28252 across all of our windows servers. More info here: https://www.bleepingcomputer.com/news/security/windows-zero-day-vulnerability-exploited-in-ransomware-attacks/ I am able to identify which servers need this patch via the automox device search, but I cannot figure out how to create a policy which pushes only the KB which fixes this CVE. I do no want to push all patches at once as this would be done outside of our normal patching schedule.
You may have seen the news that 3CX Phone Systems VOIP desktop application has fallen victim to an attack. As with any major vulnerability event, we recommend the following remediation steps: Double-check that your environment does not have the software deployed If any instances are found, remove immediately While only Windows and MacOS versions are currently known to be malicious, Automox recommends removing all versions of 3CX VOIP from Windows, Mac, Linux, and mobile systems. 3CX VOIP will communicate and distribute safe replacement versions Our team has created Worklets for Windows, macOS, and Linux to help Automox customers as well as a general script in standard languages for any non-Automox users. Find those resources HERE. And please feel free to share amongst your industry colleagues and any impacted organizations. As always, our goal is security for all. More information is available here.
Hello All,We are looking to improve our patching and I am curious to see how others have their Intune Update Rings configured, based on the understanding that Automox utilizes Windows Update to scan for updates (Link). We are looking to defer all patching, so that Automox can take over and push the patches for example Windows 10 updates.I know there are other options such as Device Configuration Profiles over the Windows Update Rings in Intune, I would be open to any suggestions on this! Thank you!
After a light December, IT and security teams have their work cut out for them as we enter 2023 with nearly 100 vulnerabilities patched by Microsoft in the first Patch Tuesday of the new year.In our most recent Patch Tuesday Release Blog, 98 vulnerabilities were reported, 11 of which are critical, and 1 is being actively exploited. Highlights we’ve shared, include: IT and security teams should prioritize CVE-2023-21674, an important and actively exploited zero-day vulnerability in Windows Advanced Local Procedure Call (ALPC) that allows for elevation to full system privileges when exploited. Automox recommends that CVE-2023-21552 and CVE-2023-21532 should be remediated quickly as these vulnerabilities allow for elevation to SYSTEM privileges due to a weakness in Windows GDI. If you still use Windows 7 Pro or Enterprise (along with 8.1), Extended Security Updates (ESU) end today. We’d strongly recommend decommissioning these operating systems if you haven’t already as they’ll no l
Recently I have noticed that policies that previously ran in my enviornment are not erroring out. Everything from normal patch polocies to custom worklets all that workd up until 9/28/22. I went into the event viewer of a sample host and found the entry below related Faulting application name: powershell.exe, version: 10.0.19041.546. I also found a second log entry under the Microsoft->Windows-Powershell hive. I’m not sure why this is happening and need to find an answer otherwise my devices will continue to expierance errors when patching or running worklets. Log Name: ApplicationSource: Application ErrorDate: 10/2/2022 2:43:34 PMEvent ID: 1000Task Category: (100)Level: ErrorKeywords: ClassicUser: N/AComputer: IT-SC-SR-H234C.cmkts.comDescription:Faulting application name: powershell.exe, version: 10.0.19041.546, time stamp: 0x30f12f73Faulting module name: Wldp.dll, version: 10.0.19041.1949, time stamp: 0xc0574ffaException cod
Not sure if this is the correct way to submit a feature request… but…The usefulness of the parent/subgroup structure could be better. As it is now, it appears that subgroups only serve as a visual aid and nothing more.When working in reports or device filters (for example), I would love to be able to select the parent group and have that instantly include the subgroups in my results. Right now I am required to select each individual subgroup. Thanks!
June 2022 Every month, we share a thorough rundown of Patch Tuesday with videos and advice from our experts. Join our thread on Slack – we’ll help you prioritize this month's releases so you can get back to your day faster. Automox-Community Slack (this will expire in 30 days from 6/6)You can also bookmark our Patch Tuesday Rapid Response Center for easy access to our month-by-month patch index. Be sure to sign up for vulnerability alerts, too! Our latest Blog post about this month’s Patch Tuesday vulnerabilities is now live on the Automox home page as well:https://www.automox.com/blog/Patch-Tuesday-june-2022 Be sure to visit the official Automox social media accounts for additional short form videos:YouTubeCVE-2022-30136 CVE-2022-30139 CVE-2022-30163TikTokCVE-2022-30136 CVE-2022-30139 CVE-2022-30163
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.