Patch Tuesday

Breathe easy knowing we've got you covered with Patch Tuesday news and remediation recommendations every month!

  • 228 Topics
  • 230 Replies

228 Topics

S
SophiaAXCommunity Manager
published in Patch Tuesday

June 2023's Patch Tuesday Packs a Modest Punch

June’s Patch Tuesday release from Microsoft gives admins some breathing room with no reported zero-days and only 70 total vulnerabilities to patch as we launch into summer.But that doesn’t mean admins are totally off the hook this month. Several critical vulnerabilities should get your attention, including a CVSS 9.8 elevation of privilege vulnerability affecting Microsoft SharePoint. CVE-2023-29357 opens the doors for attackers to gain access to spoofed JWT authentication tokens to then use them to execute a network attack, with no privileges or user action needed.There are also three critical remote code execution vulnerabilities affecting Windows Pragmatic General Multicast (PGM) that all score a CVSS 9.8 and should be patched within 24 hours.Other vulnerabilities to prioritize include a Microsoft Exchange Server vulnerability that scores a CVSS 8.8 which attackers could use to target server accounts in an arbitrary or remote code execution and gain access. And there’s a Windows TPM

451
O
1 year ago
0
0101001011011010110zNovice
posted in Patch Tuesday

The old forum was better.

I dont come here often, but when I do I am usually looking for help. I find this new forum to be difficult to navigate, hard to find what I am looking for, I am miss the old one. As I am writing the post I am getting frustrated that I can see this is going in the wrong category, and I cant put it in a more appropriate one. I am sure a lot of this is mostly that I dont come here much and havent gotten used to it, bit I just wanted to give some feedback. 

2
S
1 year ago
S
SophiaAXCommunity Manager
posted in Patch Tuesday

Patch Tuesday is coming...

As always, we’ll give you a rundown of what’s new and our recommendations on how to patch. Stay tuned!  

0
S
1 year ago
T
taylor.jonesRookie
asked in Patch Tuesday

Install a single patch/package across multiple servers

I am looking to install the remediation patch for CVE-2023-28252 across all of our windows servers. More info here: https://www.bleepingcomputer.com/news/security/windows-zero-day-vulnerability-exploited-in-ransomware-attacks/ I am able to identify which servers need this patch via the automox device search, but I cannot figure out how to create a policy which pushes only the KB which fixes this CVE. I do no want to push all patches at once as this would be done outside of our normal patching schedule.

1
jack.smith
1 year ago
S
SophiaAXCommunity Manager
posted in Patch Tuesday

🚨 3CX vulnerability: How to remediate ASAP

You may have seen the news that 3CX Phone Systems VOIP desktop application has fallen victim to an attack. As with any major vulnerability event, we recommend the following remediation steps:  Double-check that your environment does not have the software deployed If any instances are found, remove immediately While only Windows and MacOS versions are currently known to be malicious, Automox recommends removing all versions of 3CX VOIP from Windows, Mac, Linux, and mobile systems. 3CX VOIP will communicate and distribute safe replacement versions  Our team has created Worklets for Windows, macOS, and Linux to help Automox customers as well as a general script in standard languages for any non-Automox users. Find those resources HERE. And please feel free to share amongst your industry colleagues and any impacted organizations. As always, our goal is security for all. More information is available here.

0
S
1 year ago
L
lamadorRookie
posted in Patch Tuesday

change log

Whatever happened to the change logs notes with every release? Have they moved somehwere else? thanks

2
BrandonG-Automox
1 year ago
J
JLX89Novice
posted in Patch Tuesday

Intune Update Rings

Hello All,We are looking to improve our patching and I am curious to see how others have their Intune Update Rings configured, based on the understanding that Automox utilizes Windows Update to scan for updates (Link). We are looking to defer all patching, so that Automox can take over and push the patches for example Windows 10 updates.I know there are other options such as Device Configuration Profiles over the Windows Update Rings in Intune, I would be open to any suggestions on this! Thank you!

0
J
1 year ago
Gina
GinaAutomox Employee
posted in Patch Tuesday

Nearly 100 Vulnerabilities to Ring in the First Patch Tuesday of 2023

After a light December, IT and security teams have their work cut out for them as we enter 2023 with nearly 100 vulnerabilities patched by Microsoft in the first Patch Tuesday of the new year.In our most recent Patch Tuesday Release Blog, 98 vulnerabilities were reported, 11 of which are critical, and 1 is being actively exploited. Highlights we’ve shared, include: IT and security teams should prioritize CVE-2023-21674, an important and actively exploited zero-day vulnerability in Windows Advanced Local Procedure Call (ALPC) that allows for elevation to full system privileges when exploited.    Automox recommends that CVE-2023-21552 and CVE-2023-21532 should be remediated quickly as these vulnerabilities allow for elevation to SYSTEM privileges due to a weakness in Windows GDI.    If you still use Windows 7 Pro or Enterprise (along with 8.1), Extended Security Updates (ESU) end today. We’d strongly recommend decommissioning these operating systems if you haven’t already as they’ll no l

0
Gina
1 year ago
B
brianmdavisonRookie
asked in Patch Tuesday

Microsoft fixes Windows TLS handshake with out of band update

When will this out of band update be available in Automox for deployment? https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-tls-handshake-failures-in-out-of-band-updates/

1
JohnG-Automox
1 year ago
S
srheinsPro
asked in Patch Tuesday

Faulting application name: powershell.exe, version: 10.0.19041.546

Recently I have noticed that policies that previously ran in my enviornment are not erroring out.  Everything from normal patch polocies to custom worklets all that workd up until 9/28/22.  I went into the event viewer of a sample host and found the entry below related Faulting application name: powershell.exe, version: 10.0.19041.546.  I also found a second log entry under the Microsoft->Windows-Powershell hive. I’m not sure why this is happening and need to find an answer otherwise my devices will continue to expierance errors when patching or running worklets.  Log Name:      ApplicationSource:        Application ErrorDate:          10/2/2022 2:43:34 PMEvent ID:      1000Task Category: (100)Level:         ErrorKeywords:      ClassicUser:          N/AComputer:      IT-SC-SR-H234C.cmkts.comDescription:Faulting application name: powershell.exe, version: 10.0.19041.546, time stamp: 0x30f12f73Faulting module name: Wldp.dll, version: 10.0.19041.1949, time stamp: 0xc0574ffaException cod

3
S
1 year ago
S
SvenRookie
asked in Patch Tuesday

Exclude software from reports

Hi everyone,i wanted to ask if theres a posibility to exclude software from reports or general statistics i know there’s an option to exclude devices but i didnt find anything about software i guess is that this option doesn’t exist in automox ? ThanksRegards.

2
S
1 year ago
B
BRobertsonRookie
posted in Patch Tuesday

FEATURE REQUEST - Groups/Subgroups Functionality

Not sure if this is the correct way to submit a feature request… but…The usefulness of the parent/subgroup structure could be better. As it is now, it appears that subgroups only serve as a visual aid and nothing more.When working in reports or device filters (for example), I would love to be able to select the parent group and have that instantly include the subgroups in my results. Right now I am required to select each individual subgroup. Thanks!

2
B
1 year ago
BrandonG-Automox
BrandonG-AutomoxAutomox Employee
posted in Patch Tuesday

June 2022 Patch Tuesday

June 2022 Every month, we share a thorough rundown of Patch Tuesday with videos and advice from our experts. Join our thread on Slack – we’ll help you prioritize this month's releases so you can get back to your day faster. Automox-Community Slack (this will expire in 30 days from 6/6)You can also bookmark our Patch Tuesday Rapid Response Center for easy access to our month-by-month patch index. Be sure to sign up for vulnerability alerts, too!  Our latest Blog post about this month’s Patch Tuesday vulnerabilities is now live on the Automox home page as well:https://www.automox.com/blog/Patch-Tuesday-june-2022 Be sure to visit the official Automox social media accounts for additional short form videos:YouTubeCVE-2022-30136 CVE-2022-30139 CVE-2022-30163TikTokCVE-2022-30136 CVE-2022-30139 CVE-2022-30163

0
BrandonG-Automox
2 years ago
askornia
askorniaNovice
asked in Patch Tuesday

Patch Tuesday Webinars

Is Automox planning on doing the informational Patch Tuesday webinars moving forward? I thought they were one of the best parts of the community and platform! I remember one in the last few months getting cancelled and then not getting emails to sign up moving forward. 

3
BrandonG-Automox
2 years ago
A
adskiRookie
asked in Patch Tuesday

IT Service Providers - are you allowed to resell to customers?

Just wondering if there are any IT Service Providers out there that use this product as a service to their customers? I presume there are no licensing issues or considerations around this?

1
BrandonG-Automox
2 years ago
jaldeguer
jaldeguerRookie
asked in Patch Tuesday

How does Automox mitigate supply chain attacks?

How do you prevent the downstream damage to my endpoints if you guys get hacked? What happened to Kaseya, where hackers exploited their VSA platform to deliver ransomware to MSP customers, was quite a nightmare event.  

1
B
2 years ago
Afonso_Alves_31
Afonso_Alves_31Pro
asked in Patch Tuesday

multiple Azure IdP subscriptions

Is there any article or internal guidance regarding multiple Azure IdP subscriptions?Is there a limit? What’s the best practice and the limit for connecting multiple IdP subscriptions?

1
K
2 years ago
A
Anonymous
published in Patch Tuesday

Weekly Security Wrap-Up (April 5th, 2022)News

Happy Tuesday, everybody! While we all recover from another Monday that seemed to have too many hours somehow, let’s talk about a couple of security stories:State Department Announces Bureau of Cyberspace and Digital Policy -- Well, how do you do? This seems pretty important! From the article: “The new cybersecurity bureau reflects the growing importance of cybersecurity in national policy, economy, and defense. The CDP bureau includes three policy units: International Cyberspace Security, International Information and Communications Policy, and Digital Freedom, says the State Department.” I think this is a great step, since our previous “administration” did away with some high-ranking positions in cybersecurity.Germany takes down Hydra, world's largest darknet market -- I have to be honest here: on first glance, I figured this was something to do with “the Marvel universe”. In spite of that, I kept reading, as it was super interesting. From the article: “The servers of Hydra Market, t

800
A
2 years ago
A
Anonymous
published in Patch Tuesday

Weekly Security Wrap-Up (March 29th, 2022)News

Hey, y’all - happy Tuesday! While we were all busy being distracted by ridiculous people on awards shows, there was a lot going on around us. Let’s check out a few stories from world of security news.. CISA warns of attacks targeting Internet-connected UPS devices -- Oh man, that’s an infuriating one. Stay out of my power supply, jerks! I guess some organizations use this for management of the device over the internet, but...it’s just a power supply. If that’s not necessary, go disconnect that thing’s network cable. From the article: “Recommended mitigation measures include finding all UPSs and other emergency power systems on orgs' networks and ensuring they're not reachable over the Internet.” Shutterfly discloses data breach after Conti ransomware attack -- Image provider Shutterfly disclosed this week a ransomware that led to a data breach back in December. That’s bad for folks who work there or use the service, so be sure to update your creds and keep an eye on your credit report/

660
A
2 years ago
A
Anonymous
published in Patch Tuesday

Weekly Security Wrap-Up (March 22nd, 2022)News

Happy Tuesday, y’all - and now it’s over because we’re talking about Russia today! Mainly, because I think it’s important to get some eyebrows raised before it’s too late. (<--fun fact: that’s the scariest book I’ve ever read!) Hackers/APTs associated with Russian IPs/groups have already been scanning the networks of US-based companies in the energy, finance, and defense sectors, prompting President Biden to issue his recent warning to American businesses. PLEASE TAKE THIS SERIOUSLY. For a great perspective on all this (and a quick read), check out this blog from our Director of InfoSec/Research.Let’s get diligent, y’all!

690
A
2 years ago
A
Anonymous
published in Patch Tuesday

Weekly Security Wrap-Up (March 15th, 2022)News

Happy Ides of March, y’all! I guess that’s a bit of an oxymoron, but it’s fine. While we were all eating sandwiches and pretending to work but looking at houses online, a lot of serious security stories broke. As you can suspect, a lot of them have to do with the Russia/Ukraine stuff.  Thousands of Secret Keys Found in Leaked Samsung Source CodeOOF. From the article: “The firm’s researchers have yet to determine how many of the exposed keys are valid. However, their analysis showed that 90% are likely associated with internal systems and “can be more challenging for an attacker to use.” On the other hand, the remaining keys — roughly 600 of them — can grant attackers access to a wide range of systems and services.” About 10% of those keys are for external services too, like GitHub and AWS. YikesGerman government advises against using Kaspersky antivirusWell, this is pretty similar to some former warnings about Kaspersky and it’s no surprise. Founder/CEO Eugene Kaspersky raised some ire

650
A
2 years ago
A
Anonymous
published in Patch Tuesday

Weekly Security Wrap-Up (March 8th, 2022)News

Hi, everybody - and Happy International Women’s Day! As someone who was #RaisedByLadies, this one’s near and dear to my heart. I think Adam “MCA” Yauch said it best, way back when I was in high school: “I want to say a little something that's long overdueThe disrespect to women has got to be throughTo all the mothers and the sisters and the wives and friendsI want to offer my love and respect to the end”  - “Sure Shot”, 1994  On to some security news!Zero-Click Flaws in Widely Used UPS Devices Threaten Critical InfrastructureFrom the article: “Three critical security vulnerabilities in widely used smart uninterruptible power supply (UPS) devices could allow for remote takeover, meaning that malicious actors could cause business disruptions, data loss and even physical harm to critical infrastructure, researchers have found.” The words “critical infrastructure” are sadly gonna be the summer hit of 2022, I’ve got $5 on it.Google: Chinese hackers target Gmail users affiliated with US govt

1120
A
2 years ago
A
Anonymous
published in Patch Tuesday

Weekly Security Wrap-Up (March 1st, 2022)News

Wait, it’s already March!?Happy Tuesday, y’all. As I type this, there is a lot going on that we could talk about, obviously. But let’s keep it “light” and just talk about a few stories that were in the news this week. Yes, we’ll have to mention Russia. But the good news is, I’ve been given approval by the Automox Party Department® to allow you all to start a drinking game based around those mentions. If it’s past noon and you see me mention “Russia”, do what you will. :)NVIDIA confirms data was stolen in recent cyberattackGraphics card giant NVIDIA has confirmed “a cybersecurity incident which impacted IT resources.”, from back in November. The threat actor compromised the NVIDIA network and stole employee credentials/proprietary information. The company noted that the incident isn’t expected to disrupt its business.Microsoft Accounts Targeted by Russian-Themed Credential HarvestingHey, everyone take a drink! Anyways, phishing emails to MS users warning of Russian-led account hacking h

630
A
2 years ago
A
Anonymous
published in Patch Tuesday

AX Weekly Security Wrap-Up (February 22nd, 2022)News

It’s Twosday!Hooooooo-wee! Now that the internet is back, I guess we’ll just talk about this AWS/Slack/etc. outage today, huh? Is it a coincidence that it’s happening on Tuesday, 2/22/22?? The conspiracy theorist in me sure doesn’t think so, but the numerologist in me is finishing up a sandwich and can’t currently be bothered. Either way, pretty rough morning for some folks out there.Our own AX Systems team shared a handy graphic with us earlier, showing various sites/services that were likely impacted. Check it out: Woof.It sounds like more CDN issues, but that’s not much comfort because you know what everybody loves? Content. So if you’re currently waiting for the cloud to come back before you can shop at Walmart or ride your stationary bike, I’d just like to ask you to pause and take a look at the future you’re living in right now. Regardless of what you see on the news, it can be pretty amazing. Now go get on your real bike and start pedaling for Walmart. We’ll get back to our regu

520
A
2 years ago
A
Anonymous
published in Patch Tuesday

Weekly Security Wrap-Up (February 15th, 2022)News

Happy Tuesday, folks! This week we’ll bite the bullet and finally have to discuss Russia vs. Ukraine, as some new things have like, come to light, man. But first...I refuse to be denied the opportunity to type “squirrelwaffle” on the internet, so let’s start there: Squirrelwaffle, Microsoft Exchange Server vulnerabilities exploited for financial fraudFinancial fraud is [almost] never a laughing matter, and leaving servers unpatched for years is even worse, and this story has both. “Squirrelwaffle” is basically just a malicious document (“MalDoc”) that gets downloaded and runs a script that just downloads payloads in a loop. From the article, “The combination of Squirrelwaffle, ProxyLogon, and ProxyShell against Microsoft Exchange Servers is being used to conduct financial fraud through email hijacking.” IF ONLY THERE WERE SOME WAY TO AUTOMATE PATCHING. Ukrainian military agencies, banks hit by DDoS attacks, defacementsWelp...here it comes. From the article: “Starting from the afternoon

550
A
2 years ago
Terms & ConditionsCookie settings