To help protect fellow Ottomators in the Automox Community, we're all on neighborhood watch. Please share any new vulnerabilities or fixes you find!
- 40 Topics
- 36 Replies
Hi, y’all - quick update for all you #Linux admins. The Linux PwnKit vulnerability is a nasty one, giving an attacker full root access on most major Linux distros. Over on the Automox Blog, our very own @Peter-Automox has written a piece that includes a worklet for quick remediation.Note: the evaluation script simply passes to remediation, which will disable pkexec's ability to operate as intended. Again, please thoroughly test before applying to systems in production. Check out Peter’s blog for the complete worklet: Linux PwnKit Vulnerability Gives Full Root Access on Most Major Distributions
Hi, the latest Windows Server updates are causing severe issues for administrators, with domain controllers having spontaneous reboots, Hyper-V not starting, and inaccessible ReFS volumes until the updates are rolled backYesterday, Microsoft released the Windows Server 2012 R2 KB5009624 update, the Windows Server 2019 KB5009557 update, and the Windows Server 2022 KB5009555 update as part of the January 2022 Patch Tuesday.After installing these updates, administrators have been battling multiple issues that are only resolved after removing the updates. Here is the source of the newshttps://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-dc-boot-loops-break-hyper-v/
Let’s wrap up 2021 with one more look at vulnerabilities for the month of December. Microsoft didn’t hold back, releasing 67 vulnerability patches. Adobe takes second place, patching 60 vulnerabilities across 11 products. Mozilla patched 35 vulnerabilities, one of which is critical. Google rounds it out by patching 5 vulnerabilities this month. But we all know who took the cake – the Log4Shell vulnerability.Let’s address the one we all know and (don’t really) love – the Log4Shell zero-day. An RCE vulnerability was patched with 2.15.0 on December 6, but a new vulnerability was found in that release. It was originally given a CVSS score of 3.7 and 2.16.0 was delivered. Shortly thereafter, a new bypass was found that allows full RCE in 2.15.0, upping the score to 9.0. Do not remain on 2.15.0, you are not fully protected. Upgrade to 2.16.0 to be fully patched. For more details on this vulnerability, check out our blog.Even though our focus was mainly on Log4Shell, let’s review what else ca
UPDATE (12/17/21) - includes new Remediation Code: On December 6, version 2.15.0 was released to address CVE-2021-44228, the now infamous 10/10 CVSS remote code execution (RCE) vulnerability in Log4Shell. Shortly after, CVE-2021-45046 was discovered in version 2.15.0, with a CVSS of 3.7. Version 2.16.0 was released on December 13 to address the new vulnerability.However, on December 17 a researcher discovered a new bypass to allow full RCE once again, which resulted in a CVSS increase from 3.7 to 9.0. If you only upgraded to version 2.15.0, you are not protected from possible RCE, upgrade to 2.16.0 immediately. Visit the Apache website for additional information.Log4Shell is a zero-day unauthenticated Remote Code Execution (RCE) vulnerability in Log4j versions 2.0-beta9 up to 2.14.1 identified as CVE-2021-44228.--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Hi, everybody - Chad here. Well, we’ve all survived another Patch Tuesday, and here’s a quick rundown. For more info, be sure to check out this month’s Patch Tuesday webinar or blog. August proved to be a lighter month than usual, with just 51 vulnerabilities addressed from Microsoft (seven of which are rated as critical, and only 1 being actively exploited in the wild). This shows a 56% reduction in overall vulnerabilities from July, and 33% fewer vulnerabilities on average for each month so far this year. 👏 👏 👏 On the Automox Patch Tuesday blog, @Eric writes, “This month’s vulnerabilities seem to follow a trend, impacting components in Microsoft Windows that perform network communications, internet connections, printing, file repair, and remote connections…The trend is that remote work is here to stay, making the prioritization of patching these components all the more vital.” In Adobe news, they gave everyone a break this month and only released two vulnera
Hope you’re ready for quite a doozy of a Patch Tuesday for July, because we have a lot to cover here. This Patch Tuesday comes in hot with Microsoft’s 116 vulnerabilities (over double June’s 49 vulnerabilities), 12 of which are critical severity, and 2 that have already been exploited in the wild. July represents a dramatic shift from the relatively light releases we’ve witnessed over previous months and highlights an uptick in zero-day exploits and the urgency needed to keep pace with a growing list of threats. While all eyes have been on the Windows Print Spooler (aka PrintNightmare, CVE-2021-34527) due to its scope of impact and high probability of exploitation, there are plenty of other vulnerabilities to keep your eye on. CVE-2021-34473 and CVE-2021-34523 are a pair of high-priority vulnerabilities found in Microsoft’s Exchange Server solution. CVE-2021-34473, a remote code execution vulnerability found and disclosed via the Zero Day initiative, allows an attacker to execute code
Get ya Patch Tuesday Rundown here! As we do every month, we’ve put together a summary of what you can find in this month’s Patch Tuesday updates and what it might mean for you. June was about in line with what we found from Microsoft in last month’s Patch Tuesday with 49 vulnerabilities addressed vs. 55 in May. But, it represents 33% fewer vulnerabilities on average for each month so far this year. Of these 49 vulnerabilities, 5 were rated as critical, one more than last month, and 52% lower on average. Unfortunately, 6 vulnerabilities are being actively exploited in the wild, one more than the highest monthly number seen so far this year. These 6 actively exploited vulnerabilities can enable an attacker to gain control of a system, illegally gain critical information, and compromise the security of infrastructure through a vulnerable system. While Automox recommends that all critical vulnerabilities are patched within a 72 hour window, the fact that many of this month’s critical vulne
Sorry this post is coming in a bit late, but I’m finally back with the Patch Tuesday Rundown for May! May’s Patch Tuesday saw only 55 security fixes compared to the 108 tallied in the month of April. We’re currently tracking 4 critical vulnerabilities, none of which are being exploited in the wild to the best of our knowledge and vendor communications. On the Microsoft side, CVE-2021-26419 is a critical remote code execution vulnerability that impacts Internet Explorer 11 and 9 running on multiple versions of Microsoft Windows and Windows Server. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerabilty through Internet Explorer and then convince a user to view the website. We also see an HTTP Protocol Stack remote code execution vulnerability (CVE-2021-31166) and a Microsoft Windows Object Linking (OLE) Automation execution vulnerability (CVE-2021-31194). For Adobe, they’ve released a trove of 12 new security bullet
Yesterday marked the fourth Patch Tuesday of 2021! April’s Patch Tuesday yielded 108 new Microsoft security fixes, delivering the highest monthly total for 2021 (so far) and showing a return to the 100+ totals we consistently saw in 2020. Included in this month are 19 critical vulnerabilities and a high-severity zero-day that’s currently being exploited in the wild, CVE-2021-28310. This vulnerability is a locally exploited Windows Win32K elevation of privilege bug. To exploit it, an attacker would first have to log on to the system, then run a specially crafted application. The exploitation of this vulnerability would allow an attacker to execute code in the context of the kernel and gain SYSTEM privileges, allowing the attacker access to critical Windows components and information. Not only was Microsoft subject to a number of security fixes, Adobe released four security updates covering seven critical vulnerabilities across Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and R
If you weren’t able to attend our Patch Tuesday Webinar or just want a refresher on everything that was discussed, we have a recap available here. Join Justin Knapp, Automox’s Product Marketing Manager, as he discusses the latest vulnerabilities identified in this Patch Tuesday roundup!
March brought us back to a more exciting time, compared to February. Microsoft has addressed 89 new vulnerabilities this month, representing a 60% increase from the previous month. Of this total, 14 are rated as “critical” with 5 that are being actively being exploited in the wild. And you didn’t think I’d miss the whole Microsoft Exchange incident, did you? 4 of those exploited vulnerabilties are specific to Microsoft Exchange Server. These Microsoft Exchange vulnerabilities were important enough for the “CISA,” the US Cybersecurity and Infrastructure Security Agency, to issue an emergency directive following the release of fixes for these zero-day vulnerabilities in Microsoft Exchange. In the midst of more severe vulnerabilities, Adobe had a modest release of three security updates addressing a handful of vulnerabilities, 5 of which are critical affecting Creative Cloud Desktop Application (APSB21-18), Adobe Connect (APSB21-19), and Adobe Framemaker (APSB21-14). Admins contending wit
This month’s Patch Tuesday is a bit less tumultuous compared to last month, with 56 new vulnerabilities, including 11 critical updates, from Microsoft. While the overall number of vulnerabilities fixed this month is relatively low, there is a zero-day (CVE-2021-1732) being exploited in the wild. Additionally, 11 of the Critical rated updates fix Remote Code Execution vulnerabilities. Adobe has also released fixes for numerous vulnerabilities across Dreamweaver, Illustrator, Photoshop, Magneto, Acrobat, and Reader. APSB21-09 specifically addresses updates for Adobe Reader that are currently being exploited in the wild. You can find a list of all of the Patch Tuesday updates from Firefox, Adobe, Apple, and Microsoft in our Patch Tuesday Index. Our Automox experts also put together their monthly breakdown of this month’s Patch Tuesday releases here. Lastly, it’s not too late to register for our monthly Patch Tuesday Webinar happening tomorrow at 12pm ET!
CVE-2020-1350 is a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server and is classified as a ‘wormable’ vulnerability with a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected. There is a patch available today here and through Windows Update and hence Automox. An alternative workaround for this solution is the following registry key change. If you aren’t able to deploy the patch today we highly recommend making use of this workaround until such time as you can patch all your Microsoft DNS servers. Worklet for remediation: Evaluation code: Exit 1 Remediation code: New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\DNS\Parameters" TcpReceivePacketSize -Type DWORD -Value 0xFF00 -ForceRestart-Service -Name DNS
https://windows-internals.com/printdemon-cve-2020-1048/ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1048 This vulnerability has been weaponized and is now widely available. If exploited, it will install a persistent backdoor that will not remediate even after a patch.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.