Skip to main content

Vulnerabilities

To help protect fellow Ottomators in the Automox Community, we're all on neighborhood watch. Please share any new vulnerabilities or fixes you find!

  • 74 Topics
  • 56 Replies
74 Topics
AX-YazMoreno
AX-YazMorenoAutomox Employee
posted in Vulnerabilities
🛠️ How to Remediate Vulnerabilities, Test Worklets, and Survive CrowdStrike Reports

Hey IT heroes—We see you. You’ve got 20 tabs open, a half-deployed worklet, and a CrowdStrike report whispering, “You’re not going home on time.” But what if we told you there’s a better way? Join us next week for a no-fluff, expert-led webinar where we’ll walk through real-world vulnerability remediation with testing confidence and just the right amount of “oops-proofing.” 🎓 What We’ll Cover: How to make sense of a CrowdStrike exposure report AKA “translating cyber-paranoia into action.” Worklet walkthroughs with before/after testing Because clicking “Deploy” without testing is the IT version of bungee jumping blindfolded. Sweet32 as your next favorite nightmare We’ll use this infamous KB as our real-world example. You’ll laugh, you’ll cry, you’ll patch. What to do after deployment Enforce, verify, and yes—back out gracefully if things go sideways.  🧑‍💻 Who It’s ForIf you’ve ever yelled “WHY DIDN’T THAT APPLY?” at your screen—this webinar is for you.🔗 The Link Between You an

960
AX-YazMoreno
F
Funsho SalawuRookie
asked in Vulnerabilities
What is the Link between Automox and Copycat?

Hi All,We had a strange pop-up on devices during/after a recent deployment using Automox. The message came from an application or executable called CopyCat (followed by a image of a white cat holding silver keys).For our piece of mind, can anyone confirm if this is a standard component of Automox, or do I need to be worried?Advise would be appreciated.

1023
JasonK-Automox
J
jhoyleRookie
asked in Vulnerabilities
Dashboard not refreshing or not synching

The dashboard was working great however over the last couple of days it is showing that I have more patches to apply than I really need. For example it shows I have 23 new patches that are critical but when I click on the 23 then go to open up devices needing any of these patches the lists are empty. It’s been this way for a couple of days now. Is there something that updates the dashboard that is separate from the device scans? With the devices showing they do not need this patch but the dashboard showing the 23 critical updates for different devices something is obviously not in synch. Thanks

1475
jack.smith
S
SophiaAXCommunity Manager
published in Vulnerabilities
Protect Your Systems: Critical Vulnerability in Upstream xz/liblzma Package
Protect Your Systems: Critical Vulnerability in Upstream xz/liblzma Package

It wouldn’t be a highly anticipated long weekend without a vulnerability popping up to kick it off! 🙃A significant potential exploit, CVE-2024-3094 with a CVSS score of 10.0, has been uncovered in the upstream xz/liblzma package, raising serious concerns about the security of SSH servers. Read on for remediation tips and the latest information.We’ve dropped info on who is affected, what remediation steps you can take now, and where to find more information in this blog post. Have questions or updates that we haven’t caught yet? Let us know.Stay vigilant and secure - and don’t let this ruin your weekend! 

400
S
S
SophiaAXCommunity Manager
asked in Vulnerabilities
FINAL ROUND: Log4Shell vs Chrome Zero Day | March Vulnerabilities Mayhem

We have reached the final round of March Mayhem where your votes decide which vulnerability is the most infamous! 🎉 Check out the full bracket… Cast your final vote!!

470
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Vulnerabilities Mayhem: Chrome Zero Day vs Spectre

Cast your vote for this March Mayhem matchup! 👇You already know Automox has your back when it comes to staying safe from these critical vulnerabilities and keep your apps up to date! 

280
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Vulnerabilities Mayhem: Confluence Code Injection vs Log4Shell

Cast your vote for this March Mayhem matchup! 👇You already know Automox has your back when it comes to staying safe from these critical vulnerabilities! 

150
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Mayhem Round 3: My Guess is Log4Shell Takes it All

We have made it to the last two rounds of March Mayhem where we pit the most infamous vulnerabilities against each other! Make sure to cast your votes before this Thursday! My prediction is that Log4Shell takes the cake! Confluence Code Injection vs Log4ShellChrome Zero Day vs SpectrePlus, if you start a free 15-day trial and add an endpoint in March, not only will you learn how to reclaim hours in your workday (in just 15 minutes), but you’ll also qualify to win grand prizes! More details here!

310
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Mayhem Round 2: Spectre vs BlueKeep

Cast your vote for this matchup of March Mayhem! 👇P.S. Automox provides a script to disable remote desktop protocol and mitigate the BlueKeep vulnerability

200
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Mayhem Round 2: Chrome Zero Day vs Zerologon

Cast your vote for this matchup of March Mayhem! 👇Automox has your back when it comes to mitigation and remediation by keeping all of your software patched and up to date! 

170
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Mayhem Round 2: Eternal Blue vs Log4Shell

Cast your vote for this matchup of March Mayhem! 👇Did you know that Automox helps you deep scan and fix the critical Log4Shell vulnerability with easy to use automation scripts?!

200
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Mayhem Round 2: Leaky Vessels vs Confluence Code Injection

Cast your vote for this matchup of March Mayhem! 👇Heads up, Automox can help you stay safe from BOTH of these vulnerabilities by keeping your apps up to date!

180
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Vulnerabilities Mayhem Round 2!

Last week, we completed round 1 of the March Vulnerabilities Mayhem bracket! Here is how we’re looking one step closer to finding the most infamous vulnerability…Keep an eye out today for the next round of matchups so you can VOTE here and.or on LinkedIn! Plus, if you start a free 15-day trial and add an endpoint in March, not only will you learn how to reclaim hours in your workday (in just 15 minutes), but you’ll also qualify to win grand prizes! More details here!VOTE HERE:Spectre vs BlueKeep Chrome Zero Day vs Zerologon Eternal Blue vs Log4Shell Leaky Vessels vs Confluence Code Injection

1310
S
S
Stuart LairdRookie
asked in Vulnerabilities
Patching already running software

Does the autogenerated worklet for Patch Only use the MSIRESTARTMANAGERCONTROL=”Disable” flag for attempting to patch running software or can we have an option to enable that? Given modern compliance requires patching Critical in 2 days rolling the dice on a first checkin Patch policy to try to beat autostart software is not viable.  Using Worklets is also not viable as they would require manual updating when a new patch became available. What are people doing, or what is considered best practise for things like Teams Machine-Wide, WebEx and Zoom.  We use WebEx for our phones and Zoom and Teams and whatever other client meeting software is required.

260
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Mayhem Round 1: BlueKeep vs Shellshock

Welcome to Round 1 of March Mayhem, where the most infamous vulnerabilities face off! Next up we have… BlueKeep - CVE-2019-0708 Shellshock - CVE-2014-6271  🚀 P.S. Use this Automox Worklet to disable remote desktop protocol and mitigate the BlueKeep vulnerability! Cast your vote now!

300
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Mayhem Round 1: Meltdown vs Spectre

Welcome to Round 1 of March Mayhem, where the most infamous vulnerabilities face off! Next up we have… Meltdown - CVE-2017-5754 Spectre - CVE-2017-5753 (Spectre-V1), CVE-2017-5715 (Spectre-V20) Cast your vote now!

220
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Mayhem Round 1: Zerologon vs Heartbleed

Welcome to Round 1 of March Mayhem, where the most infamous vulnerabilities face off! Next up we have…Zerologon - CVE-2020-1472 Heartbleed - CVE-2014-0160💥 P.S. Automox can help you apply critical security updates to stay safe from the Zerologon vulnerability!Cast your vote now!

170
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Mayhem Round 1: Chrome Zero Day vs Apache Struts

Welcome to Round 1 of March Mayhem, where the most infamous vulnerabilities face off! Next up we have…Chrome Zero Day - CVE-2022-0609 Apache Struts  - CVE-2023-50164💥 P.S. Automox helps keep your Google Chrome software patched and up to date! Cast your vote now!

180
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Mayhem Round 1: Log4Shell vs Spring4Shell

Welcome to Round 1 of March Mayhem, where the most infamous vulnerabilities face off! Next up we have…Log4Shell - CVE-2021-44228 Spring4Shell - CVE-2022-22965💥 P.S. Automox helps you deep scan and fix the critical Log4Shell vulnerability with Worklets! Cast your vote now!

190
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Mayhem Round 1: Follina vs Eternal Blue

Welcome to Round 1 of March Mayhem, where the most infamous vulnerabilities face off! Next up we have…Follina - CVE-2022-30190 Eternal Blue - MS17-010P.S. Automox provides a Follina Zero Day workaround!Cast your vote now!

160
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Mayhem Round 1: Confluence Code Injection vs Nimda

Welcome to Round 1 of March Mayhem, where the most infamous vulnerabilities face off! Next up we have…Atlassian Confluence Code Injection - CVE-2022-26134 Nimda - MS01-023💥 P.S. Automox can help you keep Atlassian apps updated to avoid that Confluence code injection vulnerability AND standardize Windows Firewall configuration!Cast your vote now! 

190
S
S
SophiaAXCommunity Manager
posted in Vulnerabilities
March Vulnerabilities Mayhem: Your Votes Decide Which Vulnerability is the Most Infamous

We’re celebrating March Mayhem all month long by pitting the most notorious vulnerabilities against each other! Which one was the most infamous? Your votes decide it! Round 1 starts TODAY and new rounds start every Monday this month. You can vote on LinkedIn or in the Automox Community. Want to vote on all three platforms? We won’t tell. We’ll tally up the votes and update the bracket at the end of every week. Along the way, we’ll share extra information about which Automox fixes can keep you safe from those dangerous vulnerabilities. Check out the starting bracket and vote in our first matchup! Round 1 is ready! Let’s go! 👇 P.S. Automox can help you fix the Leaky Vessels vulnerability by keeping Docker, Docker-CE, and Buildx up to date! 👇

2410
S
A
AakashRookie
asked in Vulnerabilities
How to patch the unmatched vulnerabilities in automox

Hello Everyone, I want to know that how we can patch the vulnerabilities which is unmatched in the automox, I import the tenable result csv in automox and automox is able to find only 1 patchable vulnerabilities and there is almost 67 unmatched vulnerabilities, so how can we patch that.

1683
M
A
AakashRookie
asked in Vulnerabilities
Patch Execution through api give 404 error

Actually I export the csv from tenable and import to the automox via api and the csv is uploaded successfully, but when I try to patch the vulnerabilities it give 404 not found error{  "actions": [    {      "action": "patch-with-worklet",      "solutionId": 5169549,        "devices": [        2859677      ],      "workletId": 157    }  ]} this is the body part which I added to patch the vulnerability and I also check that the device id, solution id and worklet id all are correct, then why it give me error as 404 not found So how can I resolve this issue  I use this url endpoint "https://console.automox.com/api/orgs/105757/action-sets/105072/actions"for executing the patch."https://console.automox.com/api/worklet-catalog?page=0&limit=500" and use this url to get the worklet id."https://console.automox.com/api/orgs/105757/remediations/action-sets/107894/solutions?page=2" and use this to get device id and solution id.Please let me know if there is wrong in something this or there is

361
S
R
rav001Rookie
asked in Vulnerabilities
Update Available Status

When does the “update available” status go away? I have rejected it from this device that is assigned to a manual approval policy. Do I have to ignore it at a device level? Even if it says update available, that doesn't mean it will install, correct? What does the status change to if the update is approved for install and the device is pending install? SQL Update has been ignored at policy level 

340
R
Terms & ConditionsCookie settings