Threats and Vulnerabilities
Threats and Vulnerabilities
- 33 Topics
- 34 Replies
Hi all, I know this has been discussed in a couple of old threads, but has anyone got any new suggestion for a way to avoid Office applications being quit with no warning when they’re patched? I’ve had a couple of colleagues complain about it recently.Thanks
I am brand new to Automox, so please bare with me. I am testing with the native Zoom patch policy. I have associated a group and targeted one device. After clicking run policy, I don’t get any activity logs for the current day. I’m probably missing something simple, but any help would be greatly appreciated. Thanks
How to still force notify users for reboot even when the users disabled notifications on their endpointNew
Hi All, Would like to check if there is anyway that we can still notify the users for system reboot even when the users disabled the notifications on their endpoint. Currently when users disabled notifications, Automox would just reboot the endpoints when the deferral condition is met. So we would like to include a notification to users before the deferral condition is met.
Hello,I recently queried about the best practice for Linux patch policies.I have since heard from other sources that the Automox support recommended method of Linux patching is to use a custom script and run it as a worklet.Just curious as to whether anyone else has come across this, also curious as to what any Automox peeps opinions are on this. This isn’t the enterprise class Linux supporting system we were sold tbfCheers!
Hello, I have multiple users experiencing issues with workstation patching. Whenever a user clicks “Reboot Now” when prompted; nothing happens. We can click the “Reboot Now” button multiple times and no response. After waiting for 15-20 minutes; they manually reboot the machine only for Automox to reboot their computer later in the day causing them to lose work. Any ideas on what can be done to prevent this from happening? And has anyone else experienced this issue?
April’s Patch Tuesday drops 129 vulnerabilities – the most we’ve seen since 2020. Join us tomorrow, April 13th at 12 pm ET for a review of this month’s patches and guidance on how to prioritize your remediations fast. Jessica Onorati, Team Lead of Organizational Security, joins our Patch Tuesday experts, Eric Feldman and Adam Whitman, to dive into this month’s announcement.
On Thursday, March 31st, Apple has released patches to fix two zero-day vulnerabilities in macOS, iOS, and iPad OS. This marks the fourth and fifth zero-days of 2022 for the OSs listed above. The vulnerabilities are as follows:CVE-2022-22675: A vulnerability in AppleAVD, Apple’s audio and video decoding framework, affects all three operating systems and may have been actively exploited. When exploited, the vulnerability may allow a threat actor to execute arbitrary code with kernel privileges. CVE-2022-22674: An out-of-bounds read issue with the Intel Graphics Driver that may allow an application to view kernel memory, only affecting macOS. This vulnerability may have also been exploited in the wild.So, why are kernel-related vulnerabilities dangerous? Kernel-related exploitations can be particularly dangerous as the kernel is a central component to operating systems (OS) that connects the physical hardware (CPU, memory, etc.) with the software on the operating system.Apple has release
For those of you that have been following along with the Spring4Shell saga at home, yesterday, CVE-2022-22965 was assigned and published for the critical remote code execution vulnerability in Spring Framework dubbed “Spring4Shell.”A patch was also released by Spring - so upgrade to Spring Framework 5.3.18 or 5.2.20 as soon as possible to remediate CVE-2022-22965. Additional details on the patch and workarounds for those unable to patch immediately can be found on the Spring Blog post.Read all of the past updates about Spring4Shell on the Automox blog: https://www.automox.com/blog/spring-cloud-core-vulnerabilities
VULNERABILITY UPDATE: Zero-Day RCE Vulnerabilities Released for Mozilla FirefoxVulnerability Update
It’s a two-fer on a Monday! Quick update for a couple of zero-day remote code execution CVEs discovered in Mozilla Firefox. On the AX Blog, our Technical Marketing Engineer, @JessicaS-Automox has put together a breakdown and remediation steps to take.From the blog: “Mozilla released an out-of-band patch for Firefox that addresses two critical vulnerabilities (CVE-2022-26485 and CVE-2022-26486). Both are actively exploited in the wild as zero-days. Both are use-after-free issues in the browser’s XSLT processing and WebGPU IPC frameworks, respectively...Given this is an actively exploited zero-day, it’s recommended that IT admins prioritize patching this vulnerability within 24 hours to reduce exposure to malicious actors. For Firefox, Firefox ESR, and Thunderbird, you can fix vulnerabilities fast with Automox by using a patch-all policy for Windows and Mac (which will patch every third-party software we support on these OSes). Patch all policies ensure you fix vulnerabilities fast in th
Well, what would a Monday morning be without some vulnerabilities to talk about? Over on the Automox Blog, @Peter-Automox has a breakdown of “Dirty Pipe” - a newly-disclosed kernel-level vulnerability in the Linux OS.From the AX blog: “Dirty Pipe is a vulnerability in the Linux Kernel disclosed Monday morning. Dirty Pipe, or CVE-2022-0847, allows overwriting data in arbitrary read-only files. This can lead to privilege escalation and code injection into root processes. The vulnerability exists in all Linux kernel versions from 5.8 forward and has been patched in Linux 5.16.11, 5.15.25, and 5.10.102….Given the prevalence of Linux in highly sensitive infrastructure, this is a very important vulnerability to mitigate. It is highly recommended that IT and SecOps admins prioritize patching and remediation of this vulnerability in the next 24 hours to reduce organizational risk from this vulnerability.”Remediation steps: If you don’t have an existing Linux patch policy, we recommend a Patch
It wouldn’t be the Friday before a three-day weekend without a new vulnerability. Or, a new vulnerability from a familiar face. Last week, @Peter-Automox wrote about Adobe’s out-of-band updates to patch a critical vulnerability in Adobe Commerce and Magento Open Source. That vulnerability, CVE-2022-24086, is an improper input validation flaw that allows arbitrary code execution and nets a 9.8/10 CVSS score. For this vulnerability, Adobe has released an out-of-band update on Monday, February 14th to remediate the vulnerability.But the fun doesn’t stop there! Adobe has revised the initial security bulletin to include another emergency patch for another zero-day discovered in Magento and Commerce. This new vulnerability, CVE-2022-24087, is also an improper input validation issue similar to their previous vulnerability.This new vulnerability is equally as severe, with a 9.8/10 CVSSv3.1 score, but Adobe is not aware of any exploitation in the wild of this vulnerability. We recommend priorit
It must be a day that ends in “y”, because...Guess who? Anyways, last night Google issued an emergency patch for a zero-day Chrome exploit that’s already been actively exploited in the wild. From the AX blog: “On Monday evening, Google released an emergency Chrome update to patch an actively-exploited zero-day, along with ten other security fixes in Chrome 98.0.4758.102.The zero-day, CVE-2022-0609, is a high severity use-after-free vulnerability in Animation, which is pretty much all that is known right now. We can expect more details to come as the patch rolls out to all Chrome users in the next few weeks...If you use Automox, Chrome patching is natively supported for Windows, macOS, and Linux systems.”A ‘Patch All’ policy will help ensure that your endpoints are covered, but you could also create a policy exclusively for Chrome by following the steps listed in Peter’s article: https://www.automox.com/blog/google-issues-emergency-chrome-patch-for-actively-exploited-zero-day
Oh good, a 9.8-score vulnerability on a Sunday! Our own top-researcher, @Peter-Automox, has full details on the AX blog: “On Sunday, Adobe released out of band updates to patch a critical vulnerability in Adobe Commerce and Magento Open Source. CVE-2022-24086 is an improper input validation flaw that allows an attacker to execute arbitrary code without credentials or administrative privileges.We recommend prioritizing patching as soon as possible (today, ideally), since exploits are being seen in the wild and Magento has previously been a target for attackers. The patch from Adobe is available here for download.If you’re running Adobe Magento or Commerce 2.4.3p1 and earlier, or 2.3.7-p2 and earlier, you are vulnerable to attack. Versions 2.3.3 and lower are not affected, though eCommerce security firm Sansec recommends manually implementing the patch anyways.”As always, head over to the blog to read Peter’s full post...but patch Magento first!
Eww.Hi, folks. What would Friday be without a fun new zero-day? From the AX blog: On Thursday, Apple patched another zero-day, its third this year after patching CVE-2022-22587 (an arbitrary code execution with kernel privileges vulnerability) and CVE-2022-22594 (a vulnerability allowing users browsing activities to be tracked and identified in real-time) in January. The vulnerability impacts all iPhone models from 6s forward, iPad Pro, iPad Air 2 and later, 5th generation iPads and later, iPad mini 4 and later, and iPod touch in addition to the macOS Monterey operating system. Organizations with macOS Monterey devices, iPhones, or iPads should patch immediately, since the vulnerability could already be exploited in the wild. To read the article in full and get links to Apple’s updates, just head over to the AX Blog!
Hey look!!This week, SAP released security updates to address three critical vulnerabilities dubbed Internet Communication Manager Advanced Desync (ICMAD), and found by security research firm Onapsis: CVE-2022-22536, CVE-2022-22532, and CVE-2022-22533, sporting CVSS scores of 10 (the highest possible), 8.1, and 7.5, respectively. Over on the blog, leading AX researcher @Peter-Automox has written a piece with some great details and remediation tips, which you can read in full right here. If you have any questions, let us know in the comments.
Hey, folks - Chad here with a quick yet important vulnerability update. A new CVSS 9.9 critical vulnerability in the Samba platform allows remote code execution with root privileges. Over on the AX blog, our own @JayG-Automox writes: “ This vulnerability is similar to SambaCry in 2017 which also targeted Samba. This vulnerability is likely more critical as it does not require valid credentials to a writable share making it easier to use as a springboard within the network….The criticality of this vulnerability combined with the wide potential impact makes this a must-remediate for organizations.” So before you go read the blog, get to patching! However, “If patching immediately isn’t an option, Samba recommends a temporary workaround to remediate: Remove the fruit VFS module from the list of configured VFS objects in any "vfs objects" line in the Samba configuration smb.conf file.”You can read Jay’s piece in full here: https://blog.automox.com/samba-fruit-critical-vulnerability
Hi, y’all - quick update for all you #Linux admins. The Linux PwnKit vulnerability is a nasty one, giving an attacker full root access on most major Linux distros. Over on the Automox Blog, our very own @Peter-Automox has written a piece that includes a worklet for quick remediation.Note: the evaluation script simply passes to remediation, which will disable pkexec's ability to operate as intended. Again, please thoroughly test before applying to systems in production. Check out Peter’s blog for the complete worklet: Linux PwnKit Vulnerability Gives Full Root Access on Most Major Distributions
Hi, the latest Windows Server updates are causing severe issues for administrators, with domain controllers having spontaneous reboots, Hyper-V not starting, and inaccessible ReFS volumes until the updates are rolled backYesterday, Microsoft released the Windows Server 2012 R2 KB5009624 update, the Windows Server 2019 KB5009557 update, and the Windows Server 2022 KB5009555 update as part of the January 2022 Patch Tuesday.After installing these updates, administrators have been battling multiple issues that are only resolved after removing the updates. Here is the source of the newshttps://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-dc-boot-loops-break-hyper-v/
UPDATE (12/17/21) - includes new Remediation Code: On December 6, version 2.15.0 was released to address CVE-2021-44228, the now infamous 10/10 CVSS remote code execution (RCE) vulnerability in Log4Shell. Shortly after, CVE-2021-45046 was discovered in version 2.15.0, with a CVSS of 3.7. Version 2.16.0 was released on December 13 to address the new vulnerability.However, on December 17 a researcher discovered a new bypass to allow full RCE once again, which resulted in a CVSS increase from 3.7 to 9.0. If you only upgraded to version 2.15.0, you are not protected from possible RCE, upgrade to 2.16.0 immediately. Visit the Apache website for additional information.Log4Shell is a zero-day unauthenticated Remote Code Execution (RCE) vulnerability in Log4j versions 2.0-beta9 up to 2.14.1 identified as CVE-2021-44228.--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Hi, everybody - Chad here. Well, we’ve all survived another Patch Tuesday, and here’s a quick rundown. For more info, be sure to check out this month’s Patch Tuesday webinar or blog. August proved to be a lighter month than usual, with just 51 vulnerabilities addressed from Microsoft (seven of which are rated as critical, and only 1 being actively exploited in the wild). This shows a 56% reduction in overall vulnerabilities from July, and 33% fewer vulnerabilities on average for each month so far this year. 👏 👏 👏 On the Automox Patch Tuesday blog, @Eric writes, “This month’s vulnerabilities seem to follow a trend, impacting components in Microsoft Windows that perform network communications, internet connections, printing, file repair, and remote connections…The trend is that remote work is here to stay, making the prioritization of patching these components all the more vital.” In Adobe news, they gave everyone a break this month and only released two vulnera
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.