Threats and Vulnerabilities
Threats and Vulnerabilities
- 29 Topics
- 30 Replies
Hello,I recently queried about the best practice for Linux patch policies.I have since heard from other sources that the Automox support recommended method of Linux patching is to use a custom script and run it as a worklet.Just curious as to whether anyone else has come across this, also curious as to what any Automox peeps opinions are on this. This isn’t the enterprise class Linux supporting system we were sold tbfCheers!
Hello, I have multiple users experiencing issues with workstation patching. Whenever a user clicks “Reboot Now” when prompted; nothing happens. We can click the “Reboot Now” button multiple times and no response. After waiting for 15-20 minutes; they manually reboot the machine only for Automox to reboot their computer later in the day causing them to lose work. Any ideas on what can be done to prevent this from happening? And has anyone else experienced this issue?
April’s Patch Tuesday drops 129 vulnerabilities – the most we’ve seen since 2020. Join us tomorrow, April 13th at 12 pm ET for a review of this month’s patches and guidance on how to prioritize your remediations fast. Jessica Onorati, Team Lead of Organizational Security, joins our Patch Tuesday experts, Eric Feldman and Adam Whitman, to dive into this month’s announcement.
On Thursday, March 31st, Apple has released patches to fix two zero-day vulnerabilities in macOS, iOS, and iPad OS. This marks the fourth and fifth zero-days of 2022 for the OSs listed above. The vulnerabilities are as follows:CVE-2022-22675: A vulnerability in AppleAVD, Apple’s audio and video decoding framework, affects all three operating systems and may have been actively exploited. When exploited, the vulnerability may allow a threat actor to execute arbitrary code with kernel privileges. CVE-2022-22674: An out-of-bounds read issue with the Intel Graphics Driver that may allow an application to view kernel memory, only affecting macOS. This vulnerability may have also been exploited in the wild.So, why are kernel-related vulnerabilities dangerous? Kernel-related exploitations can be particularly dangerous as the kernel is a central component to operating systems (OS) that connects the physical hardware (CPU, memory, etc.) with the software on the operating system.Apple has release
For those of you that have been following along with the Spring4Shell saga at home, yesterday, CVE-2022-22965 was assigned and published for the critical remote code execution vulnerability in Spring Framework dubbed “Spring4Shell.”A patch was also released by Spring - so upgrade to Spring Framework 5.3.18 or 5.2.20 as soon as possible to remediate CVE-2022-22965. Additional details on the patch and workarounds for those unable to patch immediately can be found on the Spring Blog post.Read all of the past updates about Spring4Shell on the Automox blog: https://www.automox.com/blog/spring-cloud-core-vulnerabilities
VULNERABILITY UPDATE: Zero-Day RCE Vulnerabilities Released for Mozilla FirefoxVulnerability Update
It’s a two-fer on a Monday! Quick update for a couple of zero-day remote code execution CVEs discovered in Mozilla Firefox. On the AX Blog, our Technical Marketing Engineer, @JessicaS-Automox has put together a breakdown and remediation steps to take.From the blog: “Mozilla released an out-of-band patch for Firefox that addresses two critical vulnerabilities (CVE-2022-26485 and CVE-2022-26486). Both are actively exploited in the wild as zero-days. Both are use-after-free issues in the browser’s XSLT processing and WebGPU IPC frameworks, respectively...Given this is an actively exploited zero-day, it’s recommended that IT admins prioritize patching this vulnerability within 24 hours to reduce exposure to malicious actors. For Firefox, Firefox ESR, and Thunderbird, you can fix vulnerabilities fast with Automox by using a patch-all policy for Windows and Mac (which will patch every third-party software we support on these OSes). Patch all policies ensure you fix vulnerabilities fast in th
Well, what would a Monday morning be without some vulnerabilities to talk about? Over on the Automox Blog, @Peter-Automox has a breakdown of “Dirty Pipe” - a newly-disclosed kernel-level vulnerability in the Linux OS.From the AX blog: “Dirty Pipe is a vulnerability in the Linux Kernel disclosed Monday morning. Dirty Pipe, or CVE-2022-0847, allows overwriting data in arbitrary read-only files. This can lead to privilege escalation and code injection into root processes. The vulnerability exists in all Linux kernel versions from 5.8 forward and has been patched in Linux 5.16.11, 5.15.25, and 5.10.102….Given the prevalence of Linux in highly sensitive infrastructure, this is a very important vulnerability to mitigate. It is highly recommended that IT and SecOps admins prioritize patching and remediation of this vulnerability in the next 24 hours to reduce organizational risk from this vulnerability.”Remediation steps: If you don’t have an existing Linux patch policy, we recommend a Patch
It wouldn’t be the Friday before a three-day weekend without a new vulnerability. Or, a new vulnerability from a familiar face. Last week, @Peter-Automox wrote about Adobe’s out-of-band updates to patch a critical vulnerability in Adobe Commerce and Magento Open Source. That vulnerability, CVE-2022-24086, is an improper input validation flaw that allows arbitrary code execution and nets a 9.8/10 CVSS score. For this vulnerability, Adobe has released an out-of-band update on Monday, February 14th to remediate the vulnerability.But the fun doesn’t stop there! Adobe has revised the initial security bulletin to include another emergency patch for another zero-day discovered in Magento and Commerce. This new vulnerability, CVE-2022-24087, is also an improper input validation issue similar to their previous vulnerability.This new vulnerability is equally as severe, with a 9.8/10 CVSSv3.1 score, but Adobe is not aware of any exploitation in the wild of this vulnerability. We recommend priorit
It must be a day that ends in “y”, because...Guess who? Anyways, last night Google issued an emergency patch for a zero-day Chrome exploit that’s already been actively exploited in the wild. From the AX blog: “On Monday evening, Google released an emergency Chrome update to patch an actively-exploited zero-day, along with ten other security fixes in Chrome 98.0.4758.102.The zero-day, CVE-2022-0609, is a high severity use-after-free vulnerability in Animation, which is pretty much all that is known right now. We can expect more details to come as the patch rolls out to all Chrome users in the next few weeks...If you use Automox, Chrome patching is natively supported for Windows, macOS, and Linux systems.”A ‘Patch All’ policy will help ensure that your endpoints are covered, but you could also create a policy exclusively for Chrome by following the steps listed in Peter’s article: https://www.automox.com/blog/google-issues-emergency-chrome-patch-for-actively-exploited-zero-day
Oh good, a 9.8-score vulnerability on a Sunday! Our own top-researcher, @Peter-Automox, has full details on the AX blog: “On Sunday, Adobe released out of band updates to patch a critical vulnerability in Adobe Commerce and Magento Open Source. CVE-2022-24086 is an improper input validation flaw that allows an attacker to execute arbitrary code without credentials or administrative privileges.We recommend prioritizing patching as soon as possible (today, ideally), since exploits are being seen in the wild and Magento has previously been a target for attackers. The patch from Adobe is available here for download.If you’re running Adobe Magento or Commerce 2.4.3p1 and earlier, or 2.3.7-p2 and earlier, you are vulnerable to attack. Versions 2.3.3 and lower are not affected, though eCommerce security firm Sansec recommends manually implementing the patch anyways.”As always, head over to the blog to read Peter’s full post...but patch Magento first!
Eww.Hi, folks. What would Friday be without a fun new zero-day? From the AX blog: On Thursday, Apple patched another zero-day, its third this year after patching CVE-2022-22587 (an arbitrary code execution with kernel privileges vulnerability) and CVE-2022-22594 (a vulnerability allowing users browsing activities to be tracked and identified in real-time) in January. The vulnerability impacts all iPhone models from 6s forward, iPad Pro, iPad Air 2 and later, 5th generation iPads and later, iPad mini 4 and later, and iPod touch in addition to the macOS Monterey operating system. Organizations with macOS Monterey devices, iPhones, or iPads should patch immediately, since the vulnerability could already be exploited in the wild. To read the article in full and get links to Apple’s updates, just head over to the AX Blog!
Hey look!!This week, SAP released security updates to address three critical vulnerabilities dubbed Internet Communication Manager Advanced Desync (ICMAD), and found by security research firm Onapsis: CVE-2022-22536, CVE-2022-22532, and CVE-2022-22533, sporting CVSS scores of 10 (the highest possible), 8.1, and 7.5, respectively. Over on the blog, leading AX researcher @Peter-Automox has written a piece with some great details and remediation tips, which you can read in full right here. If you have any questions, let us know in the comments.
Hey, folks - Chad here with a quick yet important vulnerability update. A new CVSS 9.9 critical vulnerability in the Samba platform allows remote code execution with root privileges. Over on the AX blog, our own @JayG-Automox writes: “ This vulnerability is similar to SambaCry in 2017 which also targeted Samba. This vulnerability is likely more critical as it does not require valid credentials to a writable share making it easier to use as a springboard within the network….The criticality of this vulnerability combined with the wide potential impact makes this a must-remediate for organizations.” So before you go read the blog, get to patching! However, “If patching immediately isn’t an option, Samba recommends a temporary workaround to remediate: Remove the fruit VFS module from the list of configured VFS objects in any "vfs objects" line in the Samba configuration smb.conf file.”You can read Jay’s piece in full here: https://blog.automox.com/samba-fruit-critical-vulnerability
Hi, y’all - quick update for all you #Linux admins. The Linux PwnKit vulnerability is a nasty one, giving an attacker full root access on most major Linux distros. Over on the Automox Blog, our very own @Peter-Automox has written a piece that includes a worklet for quick remediation.Note: the evaluation script simply passes to remediation, which will disable pkexec's ability to operate as intended. Again, please thoroughly test before applying to systems in production. Check out Peter’s blog for the complete worklet: Linux PwnKit Vulnerability Gives Full Root Access on Most Major Distributions
Hi, the latest Windows Server updates are causing severe issues for administrators, with domain controllers having spontaneous reboots, Hyper-V not starting, and inaccessible ReFS volumes until the updates are rolled backYesterday, Microsoft released the Windows Server 2012 R2 KB5009624 update, the Windows Server 2019 KB5009557 update, and the Windows Server 2022 KB5009555 update as part of the January 2022 Patch Tuesday.After installing these updates, administrators have been battling multiple issues that are only resolved after removing the updates. Here is the source of the newshttps://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-dc-boot-loops-break-hyper-v/
UPDATE (12/17/21) - includes new Remediation Code: On December 6, version 2.15.0 was released to address CVE-2021-44228, the now infamous 10/10 CVSS remote code execution (RCE) vulnerability in Log4Shell. Shortly after, CVE-2021-45046 was discovered in version 2.15.0, with a CVSS of 3.7. Version 2.16.0 was released on December 13 to address the new vulnerability.However, on December 17 a researcher discovered a new bypass to allow full RCE once again, which resulted in a CVSS increase from 3.7 to 9.0. If you only upgraded to version 2.15.0, you are not protected from possible RCE, upgrade to 2.16.0 immediately. Visit the Apache website for additional information.Log4Shell is a zero-day unauthenticated Remote Code Execution (RCE) vulnerability in Log4j versions 2.0-beta9 up to 2.14.1 identified as CVE-2021-44228.--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Hi, everybody - Chad here. Well, we’ve all survived another Patch Tuesday, and here’s a quick rundown. For more info, be sure to check out this month’s Patch Tuesday webinar or blog. August proved to be a lighter month than usual, with just 51 vulnerabilities addressed from Microsoft (seven of which are rated as critical, and only 1 being actively exploited in the wild). This shows a 56% reduction in overall vulnerabilities from July, and 33% fewer vulnerabilities on average for each month so far this year. 👏 👏 👏 On the Automox Patch Tuesday blog, @Eric writes, “This month’s vulnerabilities seem to follow a trend, impacting components in Microsoft Windows that perform network communications, internet connections, printing, file repair, and remote connections…The trend is that remote work is here to stay, making the prioritization of patching these components all the more vital.” In Adobe news, they gave everyone a break this month and only released two vulnera
Hope you’re ready for quite a doozy of a Patch Tuesday for July, because we have a lot to cover here. This Patch Tuesday comes in hot with Microsoft’s 116 vulnerabilities (over double June’s 49 vulnerabilities), 12 of which are critical severity, and 2 that have already been exploited in the wild. July represents a dramatic shift from the relatively light releases we’ve witnessed over previous months and highlights an uptick in zero-day exploits and the urgency needed to keep pace with a growing list of threats. While all eyes have been on the Windows Print Spooler (aka PrintNightmare, CVE-2021-34527) due to its scope of impact and high probability of exploitation, there are plenty of other vulnerabilities to keep your eye on. CVE-2021-34473 and CVE-2021-34523 are a pair of high-priority vulnerabilities found in Microsoft’s Exchange Server solution. CVE-2021-34473, a remote code execution vulnerability found and disclosed via the Zero Day initiative, allows an attacker to execute code
Get ya Patch Tuesday Rundown here! As we do every month, we’ve put together a summary of what you can find in this month’s Patch Tuesday updates and what it might mean for you. June was about in line with what we found from Microsoft in last month’s Patch Tuesday with 49 vulnerabilities addressed vs. 55 in May. But, it represents 33% fewer vulnerabilities on average for each month so far this year. Of these 49 vulnerabilities, 5 were rated as critical, one more than last month, and 52% lower on average. Unfortunately, 6 vulnerabilities are being actively exploited in the wild, one more than the highest monthly number seen so far this year. These 6 actively exploited vulnerabilities can enable an attacker to gain control of a system, illegally gain critical information, and compromise the security of infrastructure through a vulnerable system. While Automox recommends that all critical vulnerabilities are patched within a 72 hour window, the fact that many of this month’s critical vulne
Sorry this post is coming in a bit late, but I’m finally back with the Patch Tuesday Rundown for May! May’s Patch Tuesday saw only 55 security fixes compared to the 108 tallied in the month of April. We’re currently tracking 4 critical vulnerabilities, none of which are being exploited in the wild to the best of our knowledge and vendor communications. On the Microsoft side, CVE-2021-26419 is a critical remote code execution vulnerability that impacts Internet Explorer 11 and 9 running on multiple versions of Microsoft Windows and Windows Server. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerabilty through Internet Explorer and then convince a user to view the website. We also see an HTTP Protocol Stack remote code execution vulnerability (CVE-2021-31166) and a Microsoft Windows Object Linking (OLE) Automation execution vulnerability (CVE-2021-31194). For Adobe, they’ve released a trove of 12 new security bullet
Yesterday marked the fourth Patch Tuesday of 2021! April’s Patch Tuesday yielded 108 new Microsoft security fixes, delivering the highest monthly total for 2021 (so far) and showing a return to the 100+ totals we consistently saw in 2020. Included in this month are 19 critical vulnerabilities and a high-severity zero-day that’s currently being exploited in the wild, CVE-2021-28310. This vulnerability is a locally exploited Windows Win32K elevation of privilege bug. To exploit it, an attacker would first have to log on to the system, then run a specially crafted application. The exploitation of this vulnerability would allow an attacker to execute code in the context of the kernel and gain SYSTEM privileges, allowing the attacker access to critical Windows components and information. Not only was Microsoft subject to a number of security fixes, Adobe released four security updates covering seven critical vulnerabilities across Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and R
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.