To help protect fellow Ottomators in the Automox Community, we're all on neighborhood watch. Please share any new vulnerabilities or fixes you find!
- 40 Topics
- 36 Replies
Nation-state threat actors have exploited CVE-2022-47966 and CVE-2022-42475, leaving many businesses vulnerable to cyberattacks.We have created the Mitigate CVE-2022-47966 (Windows/Linux) Worklets, intended to temporarily mitigate the risk of exploitation of CVE-2022-47966.The Worklets will create and enable host-based firewall rules to block any malicious IPs identified in the Vulnerability Report as well as drop all inbound connections to port 80 or port 443 on target devices hosting the vulnerable ManageEngine software.More information (including mitigation recs) can be found here.
What is a CVE?F.A.Q.
CVEs are a critical part of the cybersecurity knowledge base, but if you’re new to the industry it can be a little confusing at first. Let’s break it down! What does CVE stand for?CVE stands for “Common Vulnerabilities and Exposures”. Clear as mud? But that does really hit the nail on the head. If there is a security vulnerability identified in a product that can be fixed, it will be tied to a CVE. But a CVE is a numeric identifier, formatted as CVE-YYYY-XXXXX, where YYYY is the year and XXXXX can be a 4 to 6 digit unique number.What is a CVE number?A CVE number is a universally used numeric identifier assigned to one, and only one, vulnerability. This allows the community to have clarity on issues as they discuss them, rather than relying on vendor-specific identifiers. Sometimes vulnerabilities are given a name (typically by the party who identified it), like “Dirty Cow” or “Dirty Pipe”, but the CVE number is always assigned and is universal. With the ever-increasing number of vulner
Hi all, I know this has been discussed in a couple of old threads, but has anyone got any new suggestion for a way to avoid Office applications being quit with no warning when they’re patched? I’ve had a couple of colleagues complain about it recently.Thanks
I am brand new to Automox, so please bare with me. I am testing with the native Zoom patch policy. I have associated a group and targeted one device. After clicking run policy, I don’t get any activity logs for the current day. I’m probably missing something simple, but any help would be greatly appreciated. Thanks
How to still force notify users for reboot even when the users disabled notifications on their endpoint
Hi All, Would like to check if there is anyway that we can still notify the users for system reboot even when the users disabled the notifications on their endpoint. Currently when users disabled notifications, Automox would just reboot the endpoints when the deferral condition is met. So we would like to include a notification to users before the deferral condition is met.
Hello,I recently queried about the best practice for Linux patch policies.I have since heard from other sources that the Automox support recommended method of Linux patching is to use a custom script and run it as a worklet.Just curious as to whether anyone else has come across this, also curious as to what any Automox peeps opinions are on this. This isn’t the enterprise class Linux supporting system we were sold tbfCheers!
Hello, I have multiple users experiencing issues with workstation patching. Whenever a user clicks “Reboot Now” when prompted; nothing happens. We can click the “Reboot Now” button multiple times and no response. After waiting for 15-20 minutes; they manually reboot the machine only for Automox to reboot their computer later in the day causing them to lose work. Any ideas on what can be done to prevent this from happening? And has anyone else experienced this issue?
April’s Patch Tuesday drops 129 vulnerabilities – the most we’ve seen since 2020. Join us tomorrow, April 13th at 12 pm ET for a review of this month’s patches and guidance on how to prioritize your remediations fast. Jessica Onorati, Team Lead of Organizational Security, joins our Patch Tuesday experts, Eric Feldman and Adam Whitman, to dive into this month’s announcement.
On Thursday, March 31st, Apple has released patches to fix two zero-day vulnerabilities in macOS, iOS, and iPad OS. This marks the fourth and fifth zero-days of 2022 for the OSs listed above. The vulnerabilities are as follows:CVE-2022-22675: A vulnerability in AppleAVD, Apple’s audio and video decoding framework, affects all three operating systems and may have been actively exploited. When exploited, the vulnerability may allow a threat actor to execute arbitrary code with kernel privileges. CVE-2022-22674: An out-of-bounds read issue with the Intel Graphics Driver that may allow an application to view kernel memory, only affecting macOS. This vulnerability may have also been exploited in the wild.So, why are kernel-related vulnerabilities dangerous? Kernel-related exploitations can be particularly dangerous as the kernel is a central component to operating systems (OS) that connects the physical hardware (CPU, memory, etc.) with the software on the operating system.Apple has release
For those of you that have been following along with the Spring4Shell saga at home, yesterday, CVE-2022-22965 was assigned and published for the critical remote code execution vulnerability in Spring Framework dubbed “Spring4Shell.”A patch was also released by Spring - so upgrade to Spring Framework 5.3.18 or 5.2.20 as soon as possible to remediate CVE-2022-22965. Additional details on the patch and workarounds for those unable to patch immediately can be found on the Spring Blog post.Read all of the past updates about Spring4Shell on the Automox blog: https://www.automox.com/blog/spring-cloud-core-vulnerabilities
Keeping an ear out for new vulnerabilities is part of the daily routine for those of us in the IT/cybersecurity world. But when we see a new one, how do we know if it’s a “drop your coffee and get to it” type of scenario or not? One keyword to help is “zero-day”. Sounds pretty intense. Let’s explain it! What does Zero-Day mean?Zero-day is the identifier for “a vulnerability in a system or device that has been disclosed but is not yet patched.” That’s because, according to Wired, “The term "zero-day" refers to the number of days that the software vendor has known about the hole.” As you can imagine, this can be cause for concern since it can’t be patched, leaving systems vulnerable to exploitation by the bad guys.What can I do in response to a Zero-Day?Unfortunately, it can feel frustrating to see a zero-day when you know there’s no fix to implement. The good news is, even though no patch is released, sometimes there are other actions that the researcher offers to mitigate the possibili
Hello Community - Happy Spring! I don’t know if it’s spring quite yet for you, but let’s just pretend like it is. It’s time to review Patch Tuesday, so let’s get right into it! Microsoft had 71 vulnerabilities this month - inline with the 12-month rolling average of 73 per month we’ve seen. Only 3 of these are rated critical. And more good news, no exploited vulnerabilities so far this year! That being said, updates should not be delayed. Apple disclosed multiple vulnerabilities throughout last month requiring updates to iOS, iPad, watchOS and macOS. Since Apple doesn’t discuss or confirm vulnerabilities until they’ve conducted their own investigation, we recommend prioritizing these updates for your organization. Google released Chrome 99, and if you haven’t updated yet, be aware that there is an actively exploited zero-day in Chrome 99. They also released a total of 34 security fixes for the month. Be sure to update your instances of Chrome as soon as possible. Adobe has released upd
VULNERABILITY UPDATE: Zero-Day RCE Vulnerabilities Released for Mozilla FirefoxVulnerability Update
It’s a two-fer on a Monday! Quick update for a couple of zero-day remote code execution CVEs discovered in Mozilla Firefox. On the AX Blog, our Technical Marketing Engineer, @JessicaS-Automox has put together a breakdown and remediation steps to take.From the blog: “Mozilla released an out-of-band patch for Firefox that addresses two critical vulnerabilities (CVE-2022-26485 and CVE-2022-26486). Both are actively exploited in the wild as zero-days. Both are use-after-free issues in the browser’s XSLT processing and WebGPU IPC frameworks, respectively...Given this is an actively exploited zero-day, it’s recommended that IT admins prioritize patching this vulnerability within 24 hours to reduce exposure to malicious actors. For Firefox, Firefox ESR, and Thunderbird, you can fix vulnerabilities fast with Automox by using a patch-all policy for Windows and Mac (which will patch every third-party software we support on these OSes). Patch all policies ensure you fix vulnerabilities fast in th
Well, what would a Monday morning be without some vulnerabilities to talk about? Over on the Automox Blog, @Peter-Automox has a breakdown of “Dirty Pipe” - a newly-disclosed kernel-level vulnerability in the Linux OS.From the AX blog: “Dirty Pipe is a vulnerability in the Linux Kernel disclosed Monday morning. Dirty Pipe, or CVE-2022-0847, allows overwriting data in arbitrary read-only files. This can lead to privilege escalation and code injection into root processes. The vulnerability exists in all Linux kernel versions from 5.8 forward and has been patched in Linux 5.16.11, 5.15.25, and 5.10.102….Given the prevalence of Linux in highly sensitive infrastructure, this is a very important vulnerability to mitigate. It is highly recommended that IT and SecOps admins prioritize patching and remediation of this vulnerability in the next 24 hours to reduce organizational risk from this vulnerability.”Remediation steps: If you don’t have an existing Linux patch policy, we recommend a Patch
It wouldn’t be the Friday before a three-day weekend without a new vulnerability. Or, a new vulnerability from a familiar face. Last week, @Peter-Automox wrote about Adobe’s out-of-band updates to patch a critical vulnerability in Adobe Commerce and Magento Open Source. That vulnerability, CVE-2022-24086, is an improper input validation flaw that allows arbitrary code execution and nets a 9.8/10 CVSS score. For this vulnerability, Adobe has released an out-of-band update on Monday, February 14th to remediate the vulnerability.But the fun doesn’t stop there! Adobe has revised the initial security bulletin to include another emergency patch for another zero-day discovered in Magento and Commerce. This new vulnerability, CVE-2022-24087, is also an improper input validation issue similar to their previous vulnerability.This new vulnerability is equally as severe, with a 9.8/10 CVSSv3.1 score, but Adobe is not aware of any exploitation in the wild of this vulnerability. We recommend priorit
It must be a day that ends in “y”, because...Guess who? Anyways, last night Google issued an emergency patch for a zero-day Chrome exploit that’s already been actively exploited in the wild. From the AX blog: “On Monday evening, Google released an emergency Chrome update to patch an actively-exploited zero-day, along with ten other security fixes in Chrome 98.0.4758.102.The zero-day, CVE-2022-0609, is a high severity use-after-free vulnerability in Animation, which is pretty much all that is known right now. We can expect more details to come as the patch rolls out to all Chrome users in the next few weeks...If you use Automox, Chrome patching is natively supported for Windows, macOS, and Linux systems.”A ‘Patch All’ policy will help ensure that your endpoints are covered, but you could also create a policy exclusively for Chrome by following the steps listed in Peter’s article: https://www.automox.com/blog/google-issues-emergency-chrome-patch-for-actively-exploited-zero-day
Oh good, a 9.8-score vulnerability on a Sunday! Our own top-researcher, @Peter-Automox, has full details on the AX blog: “On Sunday, Adobe released out of band updates to patch a critical vulnerability in Adobe Commerce and Magento Open Source. CVE-2022-24086 is an improper input validation flaw that allows an attacker to execute arbitrary code without credentials or administrative privileges.We recommend prioritizing patching as soon as possible (today, ideally), since exploits are being seen in the wild and Magento has previously been a target for attackers. The patch from Adobe is available here for download.If you’re running Adobe Magento or Commerce 2.4.3p1 and earlier, or 2.3.7-p2 and earlier, you are vulnerable to attack. Versions 2.3.3 and lower are not affected, though eCommerce security firm Sansec recommends manually implementing the patch anyways.”As always, head over to the blog to read Peter’s full post...but patch Magento first!
Eww.Hi, folks. What would Friday be without a fun new zero-day? From the AX blog: On Thursday, Apple patched another zero-day, its third this year after patching CVE-2022-22587 (an arbitrary code execution with kernel privileges vulnerability) and CVE-2022-22594 (a vulnerability allowing users browsing activities to be tracked and identified in real-time) in January. The vulnerability impacts all iPhone models from 6s forward, iPad Pro, iPad Air 2 and later, 5th generation iPads and later, iPad mini 4 and later, and iPod touch in addition to the macOS Monterey operating system. Organizations with macOS Monterey devices, iPhones, or iPads should patch immediately, since the vulnerability could already be exploited in the wild. To read the article in full and get links to Apple’s updates, just head over to the AX Blog!
Hey look!!This week, SAP released security updates to address three critical vulnerabilities dubbed Internet Communication Manager Advanced Desync (ICMAD), and found by security research firm Onapsis: CVE-2022-22536, CVE-2022-22532, and CVE-2022-22533, sporting CVSS scores of 10 (the highest possible), 8.1, and 7.5, respectively. Over on the blog, leading AX researcher @Peter-Automox has written a piece with some great details and remediation tips, which you can read in full right here. If you have any questions, let us know in the comments.
Hey, folks - Chad here with a quick yet important vulnerability update. A new CVSS 9.9 critical vulnerability in the Samba platform allows remote code execution with root privileges. Over on the AX blog, our own @JayG-Automox writes: “ This vulnerability is similar to SambaCry in 2017 which also targeted Samba. This vulnerability is likely more critical as it does not require valid credentials to a writable share making it easier to use as a springboard within the network….The criticality of this vulnerability combined with the wide potential impact makes this a must-remediate for organizations.” So before you go read the blog, get to patching! However, “If patching immediately isn’t an option, Samba recommends a temporary workaround to remediate: Remove the fruit VFS module from the list of configured VFS objects in any "vfs objects" line in the Samba configuration smb.conf file.”You can read Jay’s piece in full here: https://blog.automox.com/samba-fruit-critical-vulnerability
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.