Skip to main content

Vulnerabilities

To help protect fellow Ottomators in the Automox Community, we're all on neighborhood watch. Please share any new vulnerabilities or fixes you find!

  • 73 Topics
  • 56 Replies
73 Topics
S
smaamaRookie
asked in Vulnerabilities
Newly Added Computer showing up on the dashboard as Unknown

Newly Added Computer showing up on the dashboard as Unknown All the computers on our internal network with automox agent installed are showing in dashboard but with no data and reporting as “Unknown”. Not sure if it firewall but I’m assuming it is not because they show up on the dashboard. I also manually disabled the firewall. Ican reach all the automox site from the affected computers. Below is the log. Any assistance would be appreciated.==============================================================================2024/02/06 20:15:50 loop_windows.go:16: Using powershell located at C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe2024/02/06 20:15:52 loop_windows.go:16: Using powershell located at C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe2024/02/06 20:15:52 loop.go:101: HTTP Client Starting2024/02/06 20:15:52 mqclient.go:164: loaded 1 mqurls2024/02/06 20:15:54 settings.go:219: Cipher too short, value likely not encrypted2024/02/06 20:15:55 settings.go:219: Ciph

260
S
9 months ago
J
jhoyleRookie
asked in Vulnerabilities
Dashboard not refreshing

The dashboard was working great however over the last couple of days it is showing that I have more patches to apply than I really need. For example it shows I have 23 new patches that are critical but when I click on the 23 then go to open up devices needing any of these patches the lists are empty. It’s been this way for a couple of days now. Is there something that updates the dashboard that is separate from the device scans? With the devices showing they do not need this patch but the dashboard showing the 23 critical updates for different devices something is obviously not in synch. Thanks

210
J
9 months ago
S
SophiaAXCommunity Manager
asked in Vulnerabilities
AnyDesk Compromised: Here's What to Do ASAP!

AnyDesk Software GmbH recently announced that their production systems were compromised and that they are revoking code signing certificates prior to AnyDesk Windows version 8.0.8. As a best practice, whenever a code signing certificate is compromised, any executable in your environment signed with that certificate should be identified and removed immediately. Here’s what you should do: Automox supports automated patching of AnyDesk, so we recommend checking your patch policies and implementing the latest AnyDesk patches immediately. Automox has written a script that can be immediately applied in your environment to find and remove AnyDesk Software. Find it here. We also recommend running the above scripts after patching to ensure that no other executables in your environment are signed with the same certificate. These recommendations apply to everyone, regardless of whether you are an Automox customer or not.Have questions? Concerns? Just upset this happened on a Friday afternoon? Fee

1950
S
9 months ago
A
AakashRookie
asked in Vulnerabilities
How can I patch the vulnerabilities using CVE-ID through api

I tried to pass the cve-id in the arguments when I call the api to install the patch in device.{  "command_type_name": "InstallUpdate",  "args": "CVE-2023-36585"}like this, it installing the patches in the devices but when the installation is complete it shows the update is available for that cve-id software, so means it not patched it.So how can I patched the vulnerabilities by passing the cve-id in the args through api.

330
A
9 months ago
A
automox-communityportalRookie
asked in Vulnerabilities
Enabling Update for production server

Dear friends,I have a question.Three months before we have some issue in a production server and we disabled the updates.Now we are planning to turn on the updates.What do you believe will be the consequences for turning the updates on after almost four months? 

271
B
10 months ago
M
MD Shoaib PashaNovice
asked in Vulnerabilities
Third Party Software Updates

Hi Team,We are managing Windows and macOS in our environment so to patch 3rd party S/w which is the best policy to use and how frequent we can run the policy?Ref:  Third-Party Patching Best Practices – AutomoxThanks,Shoaib

1494
M
11 months ago
M
MD Shoaib PashaNovice
asked in Vulnerabilities
Default Group in Automox

Hi Team,We see a Default group is created by Automox. Can you please explain why this group is created? Also, the use of this group?  

1682
M
11 months ago
M
MD Shoaib PashaNovice
asked in Vulnerabilities
Install Optional and recommended Windows Updates settings under Policy

Hi Team,In Policy, we have settings named as Install Optional and recommended Windows Updates and default it is set to NO.  Can you please elaborate what are the optional updates that will exclude from patching?Also provide us the list of updates that will not install if we set to NO. Thanks,Shoaib

1001
S
11 months ago
S
SophiaAXCommunity Manager
posted in Vulnerabilities
Patch Now: Attackers Exploit CVE-2022-47966

Nation-state threat actors have exploited CVE-2022-47966 and CVE-2022-42475, leaving many businesses vulnerable to cyberattacks.We have created the Mitigate CVE-2022-47966 (Windows/Linux) Worklets, intended to temporarily mitigate the risk of exploitation of CVE-2022-47966.The Worklets will create and enable host-based firewall rules to block any malicious IPs identified in the Vulnerability Report as well as drop all inbound connections to port 80 or port 443 on target devices hosting the vulnerable ManageEngine software.More information (including mitigation recs) can be found here. 

650
S
1 year ago
JessicaS-Automox
JessicaS-AutomoxAutomox Employee
published in Vulnerabilities
What is a CVE?F.A.Q.

CVEs are a critical part of the cybersecurity knowledge base, but if you’re new to the industry it can be a little confusing at first. Let’s break it down! What does CVE stand for?CVE stands for “Common Vulnerabilities and Exposures”. Clear as mud? But that does really hit the nail on the head. If there is a security vulnerability identified in a product that can be fixed, it will be tied to a CVE. But a CVE is a numeric identifier, formatted as CVE-YYYY-XXXXX, where YYYY is the year and XXXXX can be a 4 to 6 digit unique number.What is a CVE number?A CVE number is a universally used numeric identifier assigned to one, and only one, vulnerability. This allows the community to have clarity on issues as they discuss them, rather than relying on vendor-specific identifiers. Sometimes vulnerabilities are given a name (typically by the party who identified it), like “Dirty Cow” or “Dirty Pipe”, but the CVE number is always assigned and is universal. With the ever-increasing number of vulner

1551
L
1 year ago
sparrowhawk
sparrowhawkNovice
asked in Vulnerabilities
Patching MS Office applications, politely!

Hi all, I know this has been discussed in a couple of old threads, but has anyone got any new suggestion for a way to avoid Office applications being quit with no warning when they’re patched? I’ve had a couple of colleagues complain about it recently.Thanks

4203
sparrowhawk
1 year ago
R
rbridgmanRookie
asked in Vulnerabilities
Activity Logs

I am brand new to Automox, so please bare with me.  I am testing with the native Zoom patch policy.  I have associated a group and targeted one device.  After clicking run policy, I don’t get any activity logs for the current day.  I’m probably missing something simple, but any help would be greatly appreciated.  Thanks

640
R
1 year ago
J
JayDoakRookie
asked in Vulnerabilities
Auto remove client after set time?

Is there a way to automatically remove stale clients after a set time? I would love to have the ability to automatically remove devices that have not been online for a duration of time such as 60 days. 

1241
BrandonG-Automox
2 years ago
A
adrian7818Rookie
asked in Vulnerabilities
How to still force notify users for reboot even when the users disabled notifications on their endpoint

Hi All, Would like to check if there is anyway that we can still notify the users for system reboot even when the users disabled the notifications on their endpoint. Currently when users disabled notifications, Automox would just reboot the endpoints when the deferral condition is met. So we would like to include a notification to users before the deferral condition is met.

1110
A
2 years ago
M
MRayboneNovice
asked in Vulnerabilities
Linux Patching Policies #2...

Hello,I recently queried about the best practice for Linux patch policies.I have since heard from other sources that the Automox support recommended method of Linux patching is to use a custom script and run it as a worklet.Just curious as to whether anyone else has come across this, also curious as to what any Automox peeps opinions are on this.  This isn’t the enterprise class Linux supporting system we were sold tbfCheers!

2051
E
2 years ago
M
MRayboneNovice
asked in Vulnerabilities
Policies to patch Linux systems...

Hello,We’re adding in some LInux systems to our Automox infrastructure, but the method of patching them is totally unclear when it comes to policies etc.  Does anyone have any examples, or any Linux based patching via Automox documentation available?Cheers,Mark.

3382
M
2 years ago
P
PRuffinRookie
asked in Vulnerabilities
Automox Reboot Pop Up (Prompt) not responding

Hello, I have multiple users experiencing issues with workstation patching. Whenever a user clicks “Reboot Now” when prompted; nothing happens. We can click the “Reboot Now” button multiple times and no response. After waiting for 15-20 minutes; they manually reboot the machine only for Automox to reboot their computer later in the day causing them to lose work. Any ideas on what can be done to prevent this from happening? And has anyone else experienced this issue?

3071
K
2 years ago
Afonso_Alves_31
Afonso_Alves_31Pro
asked in Vulnerabilities
Child Zones

Is there a way to create child zone? Or the only option is through the main zone?

1562
Afonso_Alves_31
2 years ago
JessicaS-Automox
JessicaS-AutomoxAutomox Employee
published in Vulnerabilities
Patch Tuesday Rundown - April 2022

Happy Patch Tuesday Week Y’all!  Let’s do a quick rundown of Patch Tuesday, then we’ll send you over to some of our other resources that you can use to tackle these updates. This month, there are 238 total vulnerabilities this month. Woah, that’s a lot.  Here’s the full breakdown: 129 Microsoft,  2 Apple (out-of-band from March), 1 Google, 78 Adobe and 28 Mozilla. Of the Microsoft vulnerabilities, 12 have a severity rating of critical. All of these are Remote Code Execution vulnerabilities. We recommend you patch these within 72 hours. For Apple, we highlighted the two out-of-band zero days that they patched in March. We wrote more about that in our blog, but we recommend patching this within 72 hours as well. Google’s vulnerability this month for Chrome V8 Javascript engine has been actively exploited. Since Chrome is also so popular and widely used, we recommend prioritizing this update. Adobe released updates for Acrobat and Reader, Commerce, After Effects, and Photoshop, fixing a t

1440
JessicaS-Automox
2 years ago
LaurenH
LaurenHAutomox Employee
posted in Vulnerabilities
We'll help you prioritize Patch Tuesday’s long list of 129 vulnerabilities [Tomorrow's Webinar]

April’s Patch Tuesday drops 129 vulnerabilities – the most we’ve seen since 2020. Join us tomorrow, April 13th at 12 pm ET for a review of this month’s patches and guidance on how to prioritize your remediations fast. Jessica Onorati, Team Lead of Organizational Security, joins our Patch Tuesday experts, Eric Feldman and Adam Whitman, to dive into this month’s announcement.    

830
LaurenH
2 years ago
Brittany
BrittanyPro
posted in Vulnerabilities
VULNERABILITY UPDATE: Apple Announces Two Zero-Day Vulnerabilities for macOS and iOS

On Thursday, March 31st, Apple has released patches to fix two zero-day vulnerabilities in macOS, iOS, and iPad OS. This marks the fourth and fifth zero-days of 2022 for the OSs listed above. The vulnerabilities are as follows:CVE-2022-22675: A vulnerability in AppleAVD, Apple’s audio and video decoding framework, affects all three operating systems and may have been actively exploited. When exploited, the vulnerability may allow a threat actor to execute arbitrary code with kernel privileges. CVE-2022-22674: An out-of-bounds read issue with the Intel Graphics Driver that may allow an application to view kernel memory, only affecting macOS. This vulnerability may have also been exploited in the wild.So, why are kernel-related vulnerabilities dangerous? Kernel-related exploitations can be particularly dangerous as the kernel is a central component to operating systems (OS) that connects the physical hardware (CPU, memory, etc.) with the software on the operating system.Apple has release

1280
Brittany
2 years ago
Brittany
BrittanyPro
posted in Vulnerabilities
VULNERABILITY UPDATE: Vulnerabilities Confirmed in Spring Core and Spring Cloud

For those of you that have been following along with the Spring4Shell saga at home, yesterday, CVE-2022-22965 was assigned and published for the critical remote code execution vulnerability in Spring Framework dubbed “Spring4Shell.”A patch was also released by Spring - so upgrade to Spring Framework 5.3.18 or 5.2.20 as soon as possible to remediate CVE-2022-22965. Additional details on the patch and workarounds for those unable to patch immediately can be found on the Spring Blog post.Read all of the past updates about Spring4Shell on the Automox blog: https://www.automox.com/blog/spring-cloud-core-vulnerabilities

880
Brittany
2 years ago
JessicaS-Automox
JessicaS-AutomoxAutomox Employee
published in Vulnerabilities
What is a Zero-Day Vulnerability?F.A.Q.

Keeping an ear out for new vulnerabilities is part of the daily routine for those of us in the IT/cybersecurity world. But when we see a new one, how do we know if it’s a “drop your coffee and get to it” type of scenario or not? One keyword to help is “zero-day”. Sounds pretty intense. Let’s explain it! What does Zero-Day mean?Zero-day is the identifier for “a vulnerability in a system or device that has been disclosed but is not yet patched.” That’s because, according to Wired, “The term "zero-day" refers to the number of days that the software vendor has known about the hole.” As you can imagine, this can be cause for concern since it can’t be patched, leaving systems vulnerable to exploitation by the bad guys.What can I do in response to a Zero-Day?Unfortunately, it can feel frustrating to see a zero-day when you know there’s no fix to implement. The good news is, even though no patch is released, sometimes there are other actions that the researcher offers to mitigate the possibili

890
JessicaS-Automox
2 years ago
JessicaS-Automox
JessicaS-AutomoxAutomox Employee
published in Vulnerabilities
Patch Tuesday Rundown - March 2022

Hello Community - Happy Spring! I don’t know if it’s spring quite yet for you, but let’s just pretend like it is. It’s time to review Patch Tuesday, so let’s get right into it! Microsoft had 71 vulnerabilities this month - inline with the 12-month rolling average of 73 per month we’ve seen. Only 3 of these are rated critical. And more good news, no exploited vulnerabilities so far this year! That being said, updates should not be delayed. Apple disclosed multiple vulnerabilities throughout last month requiring updates to iOS, iPad, watchOS and macOS. Since Apple doesn’t discuss or confirm vulnerabilities until they’ve conducted their own investigation, we recommend prioritizing these updates for your organization. Google released Chrome 99, and if you haven’t updated yet, be aware that there is an actively exploited zero-day in Chrome 99. They also released a total of 34 security fixes for the month. Be sure to update your instances of Chrome as soon as possible. Adobe has released upd

1040
JessicaS-Automox
2 years ago
A
Anonymous
published in Vulnerabilities
VULNERABILITY UPDATE: Zero-Day RCE Vulnerabilities Released for Mozilla FirefoxVulnerability Update

It’s a two-fer on a Monday! Quick update for a couple of zero-day remote code execution CVEs discovered in Mozilla Firefox. On the AX Blog, our Technical Marketing Engineer, @JessicaS-Automox has put together a breakdown and remediation steps to take.From the blog: “Mozilla released an out-of-band patch for Firefox that addresses two critical vulnerabilities (CVE-2022-26485 and CVE-2022-26486). Both are actively exploited in the wild as zero-days. Both are use-after-free issues in the browser’s XSLT processing and WebGPU IPC frameworks, respectively...Given this is an actively exploited zero-day, it’s recommended that IT admins prioritize patching this vulnerability within 24 hours to reduce exposure to malicious actors. For Firefox, Firefox ESR, and Thunderbird, you can fix vulnerabilities fast with Automox by using a patch-all policy for Windows and Mac (which will patch every third-party software we support on these OSes). Patch all policies ensure you fix vulnerabilities fast in th

2100
A
2 years ago
Terms & ConditionsCookie settings