Monthly Patching Updates | OneNeck

July Patching Update: Bolstering Security in the Blistering Summer Heat

Zack Prichard — Wed, 17 Jul 2024 17:10:49 +0000

Welcome to July’s edition of the OneNeck IT Solutions patching blog. As the summer heat intensifies, so do the risks posed by unpatched vulnerabilities. Staying vigilant in our cybersecurity efforts is crucial protection and will help keep your organization from getting burned. This month, we bring you critical updates from Microsoft and significant patches within the Linux environment to ensure your systems remain secure and efficient.

Microsoft’s July Patching Overview

This month, Microsoft has addressed a total of 142 vulnerabilities, categorized as follows:

26 Elevation of Privilege Vulnerabilities
24 Security Feature Bypass Vulnerabilities
59 Remote Code Execution Vulnerabilities
9 Information Disclosure Vulnerabilities
17 Denial of Service Vulnerabilities
7 Spoofing Vulnerabilities

Two actively exploited zero-day vulnerabilities were patched this month for Microsoft products. CVE-2024-38080 is a Windows Hyper-V Elevation of Privilege Vulnerability that could allow attackers to gain elevated access to affected systems. CVE-2024-38112 is a Windows MSHTML Platform Spoofing Vulnerability that could deceive users into interacting with malicious content. These vulnerabilities require immediate attention to prevent potential exploitation and maintain the security of your systems.

Highlighted Patches for July:

CVE-2024-38080: Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2024-38112: Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-35264: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-37985: Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers

Exchange Updates

Microsoft’s Hotfix for Exchange, released in April, addresses numerous known issues from the March Exchange Security Update. Since OneNeck’s customers have not been affected by these issues, we have postponed applying the Hotfix to their Exchange Servers and will wait for the next Exchange Update.

In the Hotfix, Microsoft introduced support for ECC certificates and Hybrid Modern Authentication for OWA/ECP, which are available exclusively for Exchange Server 2019. These features will be included in the next Security or Cumulative Update for Exchange 2019.

Additionally, Microsoft has acknowledged the need for DKIM and DMARC for Exchange Server On-Prem following Google and Yahoo’s Q1 2024 announcement. However, no updates are currently available to the public. Customers routing their mail through MS365 should be mostly unaffected by the changes from Google and Yahoo.

As mentioned last month, Microsoft has released an Exchange Server Roadmap update, defining their plans for Exchange Server SE (Subscription Edition). This edition is aimed to be released early in the third quarter of 2025, coinciding with the end-of-life date for Exchange Server 2016 and 2019. Exchange Server SE will be the code equivalent to Exchange Server 2019 CU15. OneNeck encourages all its customers using Exchange to upgrade to Exchange Server 2019. If you have any questions about how OneNeck can assist you with your upgrade decisions, please contact the Service Desk.

Linux Patching Insights for July

This month’s Linux updates are crucial for maintaining the security and stability of your environment. Noteworthy patches include:

CVE-2024-32462: Security update for flatpak
CVE-2024-5688, CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5696, CVE-2024-5700, CVE-2024-5702: Security update for firefox
CVE-2022-27635, CVE-2022-36351, CVE-2022-38076, CVE-2022-40964, CVE-2022-46329: Security update for linux-firmware
CVE-2023-4408, CVE-2023-50387, CVE-2023-50868: Security update for bind, bind-dyndb-ldap, and dhcp
CVE-2024-32487: Security update for less
CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602: Security update for glibc
CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021, CVE-2024-32465: Security update for git
CVE-2023-6597, CVE-2024-0450: Security update for python3.11
CVE-2024-33871: Security update for ghostscript
CVE-2023-6597, CVE-2024-0450: Security update for python3.9 available for Red Hat Enterprise Linux 9
CVE-2022-23816, CVE-2022-29901: Oracle Linux Unbreakable Enterprise kernel security update

These updates address a wide range of vulnerabilities essential for protecting your Linux servers against potential breaches and ensuring robust system functionality. Please apply any applicable patches immediately.

Microsoft Office & SharePoint Updates

While our scheduled patching activities are comprehensive, they are designed to complement your internal update processes for a wide range of products, including Microsoft Office and SharePoint. We encourage our clients to regularly review and apply updates across all software to ensure the highest level of security. For insights on integrating these updates seamlessly into your security strategy or how OneNeck can support your efforts, do not hesitate to reach out to our Service Desk.

Closing Thoughts

Maintaining a solid cybersecurity posture through regular patching is crucial as we continue through the summer months. Just as sunscreen protects you from the sun’s harmful rays, promptly applying these updates will help safeguard your systems against potential threats. If you need assistance or have questions, OneNeck supports your cybersecurity efforts.

Stay secure and patched, while keeping yourself protected from the heat of summer’s vulnerabilities.

Each month, OneNeck engineers review newly released updates from vendors, like Microsoft, to understand any known issues, actions required and understand the priority of each. This is done immediately following Patch Tuesday releases, and we monitor for adjustments to patches throughout each month.

The information above is gathered monthly during this review and posted for awareness to our customers. This information is generally updated only once per month and is based on our engineers’ review of the information provided by the vendor at that time. As always, for the most up-to-date patching information, please see the vendor’s website or contact us.

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

June Patching Update: Securing Systems as Temperatures Rise

Zack Prichard — Sun, 16 Jun 2024 19:03:10 +0000

Welcome to June’s edition of the OneNeck IT Solutions patching blog. As we approach the Summer Solstice; the longest day of the year, it’s a perfect reminder to shed light on and address vulnerabilities within your systems. Staying proactive in patching and updating is essential as we move into the summer months. This month, we highlight critical updates from Microsoft and significant patches within the Linux environment to ensure your systems remain secure and efficient.

Microsoft Patching Overview

This month, Microsoft has addressed a total of 51 vulnerabilities, categorized as follows:

25 Elevation of Privilege Vulnerabilities
18 Remote Code Execution Vulnerabilities
3 Information Disclosure Vulnerabilities
5 Denial of Service Vulnerabilities

Notably, one zero-day vulnerability was patched this month for Microsoft products CVE-2023-50868. This vulnerability involves the NSEC3 Closest Encloser Proof and can exhaust CPU resources, potentially leading to a denial of service. When combined, these updates address an array of critical issues, including remote code execution, privilege escalation, and security feature bypasses. Promptly applying these patches is crucial to prevent potential exploits and maintain system integrity.

Highlighted Patching for June

This month’s critical updates include:

CVE-2023-50868: MITRE: NSEC3 Closest Encloser Proof Can Exhaust CPU
CVE-2024-30080: Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2024-30082, CVE-2024-30087 & CVE-2024-30091: Win32k Elevation of Privilege Vulnerability
CVE-2024-30064, CVE-2024-30068, CVE-2024-30088 & CVE-2024-30099: Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-30085: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Exchange Updates

As mentioned in last month’s blog, Microsoft released a Hotfix for Exchange late in April to cumulatively address the issues resulting from the March Exchange Security Update. OneNeck’s customers have not been affected by these issues; as such, our team has held off on applying the Hotfix and will wait for the next Exchange Update.

In the April Hotfix, Microsoft introduced support for ECC certificates and Hybrid Modern Authentication for OWA/ECP, available exclusively for Exchange Server 2019. The following Security or Cumulative Update for Exchange 2019 will also include these features.

Microsoft has recognized the need for DKIM and DMARC for Exchange Server On-Prem following the Q1 2024 announcement from Google and Yahoo. However, at his point in time there have not been any further updates. Customers routing their mail through MS365 should be mostly unaffected by the changes mentioned above rather than sending mail directly from their On-Prem Exchange Server.

Additionally, Microsoft released an Exchange Server Roadmap update this month, outlining their plans for Exchange Server SE (Subscription Edition). This edition is expected to be released early in the third quarter of 2025, coinciding with the end-of-life date for Exchange Server 2016 and 2019. Exchange Server SE will be the code equivalent to Exchange Server 2019 CU15. OneNeck encourages all customers using Exchange to upgrade to Exchange Server 2019. If you have any questions about how OneNeck can assist you with your upgrade decisions, please contact the Service Desk.

Linux Patching Insights for June

This month’s Linux updates are crucial for maintaining the security and stability of your environment. Noteworthy patches include:

CVE-2023-25775: Kernel Security and Bug Fix Update addressing critical kernel vulnerabilities.
CVE-2023-20592: Linux-firmware security update to enhance hardware compatibility and security.
CVE-2023-45235: Edk2 Security Update to improve firmware security.
CVE-2023-50868: Bind and DHCP security update to secure DNS and network configuration.
CVE-2024-0450: Python3 Security Update to fix vulnerabilities in the Python programming language.
CVE-2024-1394: Grafana Security Update and Oracle Linux grafana security update to enhance performance monitoring security.
CVE-2024-23213: Webkit2gtk3 Security Update to secure web content rendering engines.
CVE-2024-24549: Tomcat Security and Bug Fix Update to improve web server security.
CVE-2024-3019: Oracle Linux pcp security update to enhance performance monitoring security.
CVE-2024-31083: Tigervnc / Xorg-X11 Security Update to secure remote desktop and graphical server environments.
CVE-2024-32487: Less Security Update to fix vulnerabilities in the less file pager.
CVE-2024-33602: Glibc Security Update to address critical issues in the GNU C Library.
CVE-2024-4777: Firefox Security Update to ensure secure web browsing.
CVE-2023-1989, CVE-2023-40551, CVE-2024-1086: Oracle Linux Unbreakable Enterprise kernel security update to address multiple kernel vulnerabilities.
CVE-2024-2201: Oracle Linux shim security update to improve boot loader security.

We recommend that you promptly apply all relevant patches to safeguard Linux servers, provide system functionality and ensure robust security.

Microsoft Office & SharePoint Updates

Closing Thoughts

Maintaining a solid security posture through regular patching is crucial as we move into the heart of summer. Just as applying sunscreen shields you from the sun’s harmful rays, quickly applying these updates will help safeguard your systems against potential threats. If you need assistance or have questions, OneNeck supports your cybersecurity efforts.

Stay secure and patched, and let’s keep your systems cool and protected this summer.

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

May Patching Update: Spring Cleaning Your Security

Zack Prichard — Sat, 18 May 2024 20:49:38 +0000

Welcome to May’s edition of the OneNeck patching blog. As we transition deeper into spring, it’s crucial to stay vigilant in our cybersecurity efforts to ensure that exposures don’t replace May flowers. While Microsoft addressed fewer vulnerabilities than last month, they still tackled a significant array of issues. Additionally, our team observed numerous important updates within the Linux environment.

Microsoft’s May Patching Security Overview

This month, Microsoft has addressed a total of 61 vulnerabilities, broken down into the following categories:

17 Elevation of Privilege Vulnerabilities
2 Security Feature Bypass Vulnerabilities
27 Remote Code Execution Vulnerabilities
7 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
4 Spoofing Vulnerabilities

This month’s patch release tackles multiple crucial vulnerabilities. Two zero-day vulnerabilities are notably patched, as well as a publicly disclosed vulnerability affecting .NET 7 & 8 alongside Visual Studio. The prompt resolution of these issues is critical in preserving the security integrity of systems, as they could allow attackers to exploit privileges or bypass security measures, leading to unauthorized access or data exposure.

Highlighted May Patching

This month’s critical updates include:

CVE-2024-30040: Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2024-30051: Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-30046: Visual Studio Denial of Service Vulnerability

Resolution of Known Issues from April 2024 Updates

Microsoft has resolved issues from last month’s updates, which predominantly affected VPN functionalities and NTLM authentication on Windows Servers. For more detailed insights, you can review the updates on the following blogs:

Exchange Updates

Microsoft released a Hotfix for Exchange late last month to address the numerous known issues from the March Exchange Security Update. Fortunately, OneNeck’s customers were unaffected by these issues, so we will hold off on applying the Hotfix to customer Exchange Servers and wait for a future Security Update.

In the April Hotfix, Microsoft introduced support for ECC certificates and Hybrid Modern Authentication for OWA/ECP, available exclusively for Exchange Server 2019. The next Security or Cumulative Update for Exchange 2019 will also include these features.

Microsoft has recognized the need for DKIM and DMARC for Exchange Server On-Prem following the Q1 2024 announcement from Google and Yahoo. However, they do not have any updates to announce at this time. Customers routing their mail through MS365, rather than sending mail directly from their On-Prem Exchange Server, should be mostly unaffected by the changes from Google and Yahoo.

Additionally, Microsoft released an Exchange Server Roadmap Update this month, outlining their plans for Exchange Server SE (Subscription Edition). This edition will likely be released early in the third quarter of 2025, coinciding with the end-of-life date for Exchange Server 2016 and 2019. Exchange Server SE will be the code equivalent to Exchange Server 2019 CU15. OneNeck encourages all customers using Exchange to upgrade to Exchange Server 2019. If you have any questions about how OneNeck can assist you with your upgrade decisions, please contact the Service Desk.

Linux Patching Insights

This month’s Linux updates address various vulnerabilities crucial for maintaining the security and stability of your environments. Notable patches include:

CVE-2023-50269: Security updates for Squid to bolster network management security.
CVE-2023-50868: Updates for Bind and DHCP enhancing DNS and network configuration security across Red Hat and Oracle Linux.
CVE-2024-1488: Security updates for Unbound on Oracle Linux to ensure robust DNS security.
CVE-2024-31083: Tigervnc and X.org server security updates for Oracle Linux, essential for secure remote desktop and graphical server environments.
CVE-2023-40551: Shim security updates enhancing boot loader integrity.
CVE-2023-52425, CVE-2024-1394: Security and bug fix updates for Grafana and Grafana-PCP on Oracle Linux, crucial for maintaining performance monitoring tools.
CVE-2024-21094: Java-11-Openjdk security update to maintain Java application security.
CVE-2024-23213: Webkit2gtk3 security updates to enhance web content rendering security.
CVE-2024-3019: Pcp security, bug fixes, and enhancement updates.
CVE-2024-3864: Firefox security updates across multiple distributions, vital for secure web browsing.

The quick application of these patches is crucial in mitigating risks and maintaining a secure environment.

Microsoft Office & SharePoint Updates

Closing Thoughts

As we move deeper into spring, it’s an ideal time to refresh and reinforce your cybersecurity measures by staying current with essential patching practices. As nature renews, let’s ensure our systems are fortified and secure. Timely and informed patch management is crucial in defending against vulnerabilities. If you have questions or need assistance, OneNeck is here to support your cybersecurity efforts.

Stay secure and patched, and let’s spring into action together.

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

April Patching Update: Busy Season for Vulnerabilities

Zack Prichard — Tue, 16 Apr 2024 20:24:44 +0000

Welcome to April’s edition of the OneNeck IT Solutions patching blog. With spring well underway, unfortunately, the trees and flowers are not the only things blossoming. Our team found itself navigating a busy month in cybersecurity, focusing on an extensive number of patches from Microsoft, including critical updates for two zero-day vulnerabilities and significant updates across various Linux distributions.

Microsoft’s April Patching Overview

Microsoft has addressed a staggering 150 vulnerabilities this month, categorized as follows:

31 Elevation of Privilege Vulnerabilities
29 Security Feature Bypass Vulnerabilities
67 Remote Code Execution Vulnerabilities
13 Information Disclosure Vulnerabilities
7 Denial of Service Vulnerabilities
3 Spoofing Vulnerabilities

This broad range underscores the vital importance of comprehensive patch management. Notably, two zero-day vulnerabilities were addressed:

CVE-2024-26234: Proxy Driver Spoofing Vulnerability
CVE-2024-29988: SmartScreen Prompt Security Feature Bypass Vulnerability

The Proxy Driver Spoofing Vulnerability could lead to significant data breaches by capturing sensitive information or injecting malicious data into sessions. At the same time, the SmartScreen Bypass could reduce the efficacy of one of Windows’ primary defenses against downloaded internet malware. Promptly addressing these vulnerabilities helps maintain the effectiveness of security barriers and prevents attackers from exploiting these sophisticated techniques.

Highlighted Patches

Critical vulnerabilities that require immediate attention include:

CVE-2024-20678: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2024-20670: Outlook for Windows Spoofing Vulnerability
CVE-2024-26221: Windows DNS Server Remote Code Execution Vulnerability

These vulnerabilities present a diverse range of threats—from remote code execution to spoofing—that could compromise the integrity and confidentiality of affected systems. The potential impact of these issues includes unauthorized data access, system control, and bypassing security mechanisms. Organizations must prioritize these updates to mitigate these risks effectively. Timely patch application protects individual systems and fortifies the overall network security, preventing potential cascading effects of breaches stemming from these vulnerabilities.

Linux Patching Insights

This month’s Linux updates are crucial for maintaining the security and stability of your environment. Notable patches include:

CVE-2024-2616: Critical security updates for Firefox, enhancing web security across multiple Oracle and Red Hat distributions.
CVE-2024-26602: Important Kernel security and bug fix updates for Oracle and Red Hat Linux.
CVE-2023-50868: Important updates for Dnsmasq, bolstering network management security.
CVE-2024-21626: Docker security update crucial for container management.
CVE-2023-45234: Security update for Edk2, enhancing system firmware security.
CVE-2024-0646 and CVE-2023-46589: Kernel and Tomcat security updates are vital for system and web application security.
CVE-2024-0775 and CVE-2023-45871: Updates for Oracle Linux’s Unbreakable Enterprise kernel, addressing critical vulnerabilities.

The range of patches this month underscores the importance of comprehensive security measures across various components of Linux systems. From web browsing and container management to core kernel operations and network services, each update plays a pivotal role in closing security gaps and enhancing the resilience of IT infrastructures. By proactively applying these updates, organizations can significantly reduce their exposure to cyber threats and ensure the continuity of their operational capabilities. These efforts are crucial to upholding stringent security standards and safeguarding sensitive data and system processes against emerging vulnerabilities.

Exchange Server

As a reminder, Microsoft will no longer be releasing Cumulative Updates for Exchange Server 2016. As a result, our team strongly recommends that all customers upgrade to Exchange Server 2019. If you have questions about how OneNeck can assist you with your upgrade decisions, do not hesitate to contact the Service Desk (800-272-3077).

Microsoft Office & SharePoint Updates

Closing Thoughts

April’s extensive patch release reminds us of the dynamic nature of cybersecurity threats and the ongoing need for vigilance. Renew your commitment to cybersecurity this spring by staying updated and proactive. For any support or questions, OneNeck is here to assist you.

Stay secure and patched, and let’s spring into action to keep our networks as vibrant and resilient as the season.

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

March Patching Update: Ensuring a Secure Spring

Zack Prichard — Mon, 18 Mar 2024 19:30:09 +0000

Welcome to March’s edition of the OneNeck IT Solutions patching blog. As spring approaches, we’re here to help ensure your IT environment is prepared and protected against the latest identified vulnerabilities. This month’s update highlights a variety of patches across Microsoft products and Linux environments, aiming to keep your systems secure and efficient.

Microsoft’s March Patching Overview

In March, Microsoft tackled a total of 59 vulnerabilities, detailed as follows:

24 Elevation of Privilege Vulnerabilities
3 Security Feature Bypass Vulnerabilities
18 Remote Code Execution Vulnerabilities
6 Information Disclosure Vulnerabilities
6 Denial of Service Vulnerabilities
2 Spoofing Vulnerabilities

Fortunately, there are no zero-day vulnerabilities to address this month, allowing IT teams to focus on routine updates and fortifications against potential future exploits.

March’s Patching Highlights

This month’s updates require particular attention to the following vulnerabilities:

CVE-2024-21407: A Critical Remote Code Execution Vulnerability in Windows Hyper-V.
CVE-2024-21400: An Elevation of Privilege Vulnerability in Microsoft Azure Kubernetes Service Confidential Container.
CVE-2024-26199: An Elevation of Privilege Vulnerability in Microsoft Office.
CVE-2024-20671: A Security Feature Bypass Vulnerability in Microsoft Defender.

These patches address a range of issues, from remote code execution, which could allow unauthorized access to systems, to enact an elevation of privilege. Including a Security Feature Bypass Vulnerability in Microsoft Defender highlights the necessity of this month’s updates, as it affects a core component of Microsoft’s security infrastructure, potentially leaving systems vulnerable to various threats. Administrators are urged to prioritize these patches to mitigate the risks associated with these vulnerabilities, ensuring the protection of systems against exploitation.

Featured Linux Patching Updates

Our Linux Team has closely examined the landscape and identified several critical updates for this month. Each patch plays a significant role in maintaining the security and stability of Linux environments:

CVE-2023-45863: Important updates for Oracle Linux Unbreakable Enterprise Kernel version 4.14.35 and 5.4.17, enhancing kernel security.
CVE-2023-4623: Critical security update for the Oracle Linux kernel, bolstering system defenses.
CVE-2023-42753: Important update for Oracle Linux, addressing security and bug fixes for enhanced system stability.
CVE-2023-4921: Security update for Oracle Linux Unbreakable Enterprise Kernel version 4.1.12, targeting vulnerabilities for improved security.
CVE-2023-50868: Significant security update for Oracle Linux’s Unbound, enhancing the security framework of network resolution.
CVE-2023-6622: Updates for Oracle Linux Unbreakable Enterprise Kernel, patching critical security gaps.
CVE-2024-0646: Kernel Security Update, crucial for maintaining the integrity and security of the Linux kernel.
CVE-2024-1551, CVE-2024-1552, CVE-2024-1553: This is a series of important Firefox security updates vital for secure web browsing and system security.
CVE-2024-21885: An important security update for Oracle Linux’s TigerVNC, ensuring secure remote desktop connections.

These updates safeguard your Linux servers against potential breaches and system vulnerabilities. Given the critical nature of these vulnerabilities, we recommend a thorough review and timely application of these patches to maintain optimal security and functionality within your Linux environment.

Exchange Server

OneNeck strongly cautions customers not to apply the Security Updates for Exchange this month carelessly. Doing so may cause issues with OWA, Exchange Monitoring, and attachment inspection/scanning conditions. We encourage you to review all documentation available from Microsoft regarding this month’s update before proceeding. Customers who are contracted with us for Exchange Management will have the update installed under separate change requests.

Additionally, it is crucial to note that Microsoft will no longer be releasing Cumulative Updates for Exchange Server 2016. As a result, our team strongly recommends that all customers upgrade to Exchange Server 2019. If you have questions about how OneNeck can assist you with your upgrade decisions, do not hesitate to contact the Service Desk (800-272-3077).

SQL Server 2019 Cumulative Update

There is a known issue with KB5033688 (Cumulative Update 25 for SQL Server 2019), released on February 15^th, 2024. This fix might create access violation dump files when the SESSION is reset for reuse. Microsoft is continuing to work on a resolution for this issue. We anticipate this fix will likely be included in the next Cumulative Update release.

Microsoft Office & SharePoint Updates

Closing Thoughts

As we march into spring, the proactive application of these updates is key to maintaining a strong cybersecurity posture. Stay ahead of potential threats by ensuring your environment is up-to-date. If you need assistance or have questions, OneNeck is here to support you.

Stay secure and patched, and let’s welcome a safe start to spring together.

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

February Patching: Leaping Ahead of Vulnerabilities

Zack Prichard — Wed, 21 Feb 2024 19:28:52 +0000

As we embrace the extra day this leap year brings, OneNeck is here to ensure that February’s additional time is met with heightened cybersecurity vigilance. This month, we navigate through a blend of routine maintenance and critical zero-day patches that demand immediate attention. Let’s leap into this month’s updates, highlighting not only the routine patching tasks but also addressing essential vulnerabilities that could significantly impact the security posture of your IT environment.

Microsoft’s Patching Synopsis

Microsoft has addressed 73 vulnerabilities, categorized as follows:

16 Elevation of Privilege Vulnerabilities
3 Security Feature Bypass Vulnerabilities
30 Remote Code Execution Vulnerabilities
5 Information Disclosure Vulnerabilities
9 Denial of Service Vulnerabilities
10 Spoofing Vulnerabilities

This release includes patching two zero-day vulnerabilities, highlighted in the following, underscoring the importance of timely updates.

February’s Patching Highlights

Key vulnerabilities spotlighted for this month include:

CVE-2024-21351 – Windows SmartScreen Security Feature Bypass
CVE-2024-21412 – Internet Shortcut Files Security Feature Bypass
CVE-2024-21410 – Exchange Server Elevation of Privilege Vulnerability
CVE-2024-21413 – Outlook Remote Code Execution Vulnerability

Given their critical nature, these vulnerabilities demand immediate attention from IT professionals. The risk they pose, if left unpatched, could lead to significant breaches, data loss, and system compromise. We urge organizations to prioritize these updates to safeguard their networks against attacks.

Exchange Updates

OneNeck has proactively addressed the Exchange Server vulnerability identified in this month’s update cycle for those under our Exchange Management service. Furthermore, for clients utilizing Exchange 2019 and covered under our management services, deploying this month’s Cumulative Update will proceed through distinct change requests. Note: Microsoft has discontinued Cumulative Updates for Exchange Server 2016. In light of this, we strongly advocate for all our clients to consider migrating to Exchange Server 2019 to ensure continued security and support. If you have questions about how OneNeck can assist you, please reach out to our Service Desk (800-272-3077).

Linux Patching Overview

This month, our Linux Team has meticulously identified a series of necessary patches for bolstering your Linux environments’ security and functionality. Here’s a detailed breakdown of these vital updates:

CVE-2023-42753: Security update for the RHEL 7 Kernel, enhancing system defenses.
CVE-2023-5633, CVE-2023-20569, CVE-2023-42753: Addresses multiple vulnerabilities for the RHEL 8 Kernel,
CVE-2023-40283, CVE-2023-42753, CVE-2023-46813: Security enhancements for the RHEL 9 Kernel, closing multiple critical gaps.
CVE-2024-20926, CVE-2024-20945, CVE-2024-20952: Java-1.8.0-Openjdk and Java-11-Openjdk security updates are crucial for maintaining Java applications’ security integrity.
CVE-2023-44446: Update for Gstreamer-Plugins-Bad-Free, safeguarding multimedia processing.
CVE-2024-0409, CVE-2024-21885, CVE-2024-21886: Xorg-X11-Server security updates, crucial for graphical system stability and security.
CVE-2024-0751, CVE-2024-0753, CVE-2024-0755: Firefox security updates for secure web browsing.
CVE-2024-0229, CVE-2024-21885, CVE-2024-21886: Tigervnc security updates, enhancing remote desktop security.

While categorized as moderate, the following updates are still important for maintaining the integrity and security of various system components and services:

CVE-2023-43804, CVE-2023-45803: These patches for Python-Urllib3 address vulnerabilities in HTTP client software, mitigating risks that could compromise web communication security.
CVE-2023-39615: The Libxml2 security update for XML processing ensures the security and integrity of XML applications.
CVE-2022-44638: A Pixman update strengthening the core image rendering libraries, protecting systems from vulnerabilities affecting graphic content processing.
CVE-2023-7104: Fortifies Sqlite database stability and security, preventing data integrity issues.
CVE-2023-27043: Enhances the overall security framework of Python3 applications, addressing vulnerabilities in scripting and automation.
CVE-2023-5981, CVE-2024-0553, CVE-2024-0567: Updates to Openssh ensuring secure system access and communication.
CVE-2024-0553: Gnutls security update marks improvements in SSL/TLS communication security, addressing vulnerabilities in encrypted data transmission.

While these patches are classified as moderate in severity, their implementation is vital for proactively safeguarding Linux environments against a range of security threats. We recommend system administrators apply these updates promptly to ensure ongoing security and stability.

Microsoft Office and SharePoint Updates

While our scheduled patching activities are comprehensive, they are designed to complement your internal update processes for a wide range of products, including Microsoft Office and SharePoint. We encourage our clients to regularly review and apply updates across all software to ensure the highest level of security. For insights on integrating these updates seamlessly into your security strategy or to find out how OneNeck can support your efforts, do not hesitate to reach out to our Service Desk.

TLS 1.0 and TLS 1.1 Update Advisory

As previously announced, Microsoft will disable TLS 1.0 and TLS 1.1. While no specific date has been set, we urge all customers to prepare their environment for these changes. For more information, visit the Tech Community Blog.

Closing Thoughts

This month, taking a “leap” into cybersecurity vigilance reminds us of the extra steps we can take to fortify our digital defenses. With each monthly patching cycle, we reaffirm our commitment to your cybersecurity. Remember, staying up-to-date with patches is a key defense strategy. Please contact us for any assistance or questions; our team is ready to help.

Stay secure and patched; let’s use this extra day– and every day– as an opportunity to continue safeguarding your IT infrastructure together.

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

January Patching Update: Secure Start to the Year

Zack Prichard — Wed, 17 Jan 2024 22:27:07 +0000

Happy New Year from all of us at OneNeck! As we enter 2024, we’re back with our monthly patching blog, committed to guiding you through the latest updates and patches. A fresh year brings new opportunities to enhance cybersecurity measures, ensuring that your IT infrastructure remains robust against emerging threats. Starting the year on a secure footing is vital, and our first patching update of the year is designed to help you maintain a resilient and robust defense against cyber threats.

Microsoft’s January Security Overview

In the first month of 2024, Microsoft has addressed a range of vulnerabilities:

10 Elevation of Privilege Vulnerabilities
7 Security Feature Bypass Vulnerabilities
12 Remote Code Execution Vulnerabilities
11 Information Disclosure Vulnerabilities
6 Denial of Service Vulnerabilities
3 Spoofing Vulnerabilities

Notably, this month has no zero-day vulnerabilities in need of patching, which is a decidedly positive start to the year!

Patching Highlights for this Month

The following are among the most critical patches and should be prioritized:

CVE-2024-20674: A security feature bypass vulnerability in Windows Kerberos.
CVE-2024-20700: A remote code execution vulnerability in Windows Hyper-V.
CVE-2024-20683 & CVE-2024-20686: Elevation of privilege vulnerabilities in Win32k.
CVE-2024-20677: A remote code execution vulnerability in Microsoft Office.
CVE-2024-21318: A remote code execution vulnerability in Microsoft SharePoint Server.

Additionally, global issues with the BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666) updates have been reported, affecting various Windows OS versions. Microsoft has released a guide on automating the update to WinRE images for Windows 10 and Windows 11 to address this security issue, which can be found here.

January’s Linux Patching Updates

Our Linux Team has carefully examined the patches for this month, ensuring crucial vulnerabilities are brought to your attention. Here’s the breakdown:

CVE-2023-39193: Addresses a critical security concern within Oracle Linux 7’s Unbreakable Enterprise Kernel (UEK) version 4.1.12, enhancing system defenses against malicious attacks.
CVE-2023-4623: Fortifies Oracle Linux 7’s UEK version 4.14, patching vulnerabilities that potentially compromise system integrity.
CVE-2023-5178: Updates Oracle Linux 7’s UEK version 5.4.17, targeting security gaps to bolster the kernel’s protective measures.
CVE-2023-44446: Enhances GStreamer 1’s security, patching vulnerabilities to maintain the integrity and stability of multimedia content processing.
CVE-2023-5869: Focuses on securing PostgreSQL, a powerful open-source database system, against exploits that could affect data confidentiality and integrity.
CVE-2023-5557: Updates Tracker Miners, essential tools for indexing and searching data, to close security potentially exploitable loopholes.
CVE-2023-42917: Provides vital security improvements to WebKit2GTK, the engine behind numerous GNOME applications, ensuring safer web content rendering.
CVE-2023-45871: Bolsters the security framework of the RHEL 9 Kernel, critical for the operational safety and reliability of Red Hat Enterprise Linux systems.

While classified as moderate, the following updates are essential for maintaining the integrity and security of various system components and services.

CVE-2022-44638: Fortifies the Pixman library, by patching vulnerabilities that compromise graphic content security.
CVE-2023-39615: Provides crucial updates to LibXML and closes gaps that can execute arbitrary code or access sensitive information.
CVE-2022-24963: Focusing on the Apache Portable Runtime (APR) library, and closes security holes affecting a broad range of software, from web servers to database systems.
CVE-2023-38473: Enhances the security of Avahi, by addressing vulnerabilities that disrupt service discovery or compromise network communications.

Furthermore, updates are rolling out for widely used utilities like Curl and OpenSSL, targeting vulnerabilities to prevent unauthorized access and data breaches.

Microsoft Office & SharePoint Updates

While our scheduled patching activities are comprehensive, they are designed to complement your internal update processes for a wide range of products, including Microsoft Office and SharePoint. We encourage our clients to regularly review and apply updates across all software to ensure the highest level of security. For assistance on integrating these updates seamlessly into your security strategy or to find out how OneNeck can support your efforts, please reach out to our Service Desk.

TLS 1.0 and TLS 1.1 Disabling Updates

Updates to disable TLS 1.0 and TLS 1.1 are forthcoming. There have yet to be announcements of a specific date, but customers are encouraged to ensure their environment is ready for these changes. For more information, please refer to the Tech Community Blog.

New Year, Same Focus on Security

As always, OneNeck is here to assist with your cybersecurity needs. Stay tuned for the next patching blog, and remember to keep your systems secure and up to date.

Stay secure and stay patched!

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

December 2023 Patching Insights: Closing the Year on a Secure Note

Zack Prichard — Mon, 18 Dec 2023 18:22:41 +0000

Welcome to the December 2023 edition of OneNeck’s monthly patching blog. Our cybersecurity team remains vigilant, continuously analyzing the latest patches essential for maintaining your IT infrastructure’s security. With the year coming to a close, it’s crucial to ensure that your systems are updated to mitigate potential vulnerabilities that could compromise your network.

Microsoft’s December Security Brief

For December, Microsoft has addressed a total of 34 vulnerabilities, which are categorized as follows:

10 Elevation of Privilege Vulnerabilities
8 Remote Code Execution Vulnerabilities
6 Information Disclosure Vulnerabilities
5 Denial of Service Vulnerabilities
5 Spoofing Vulnerabilities

This month’s update cycle is particularly noteworthy for addressing an AMD zero-day vulnerability disclosed in August, but that has remained unpatched until now. The vulnerability, tracked as CVE-2023-20588, was a division-by-zero flaw affecting some AMD processors that could potentially lead to information disclosure.

Patching Highlights for the Month

Among the vulnerabilities addressed, the following patches are particularly critical and should be prioritized.

CVE-2023-35628: This patch addresses a Remote Code Execution Vulnerability in the Windows MSHTML Platform.
CVE-2023-36019: Fixes a Spoofing Vulnerability in the Microsoft Power Platform Connector.
CVE-2023-35636: Remedies an Information Disclosure Vulnerability in Microsoft Outlook.

Linux Patching for December

Our Unix Team has identified several vulnerabilities with essential patches that should be conducted without delay:

CVE-2023-46847: Critical security and bug fix update for Squid.
CVE-2022-45884; CVE-2022-3523: Focuses on security enhancements and bug resolutions for the Kernel.
CVE-2023-6204; CVE-2023-6209: Bolsters Firefox browser security.
CVE-2023-34058: Enhancement for open-vm-tools.
CVE-2022-32885: Update targeting both security and functionality improvements in Webkit2gtk3.
CVE-2023-3972: Security enhancement for insights-client.
CVE-2023-38545: Bolsters security for Curl.
CVE-2023-44487: Network protocol enhancements for Nghttp2.
CVE-2023-23583: Update for Microcode_ctl, focusing on system firmware security.
CVE-2023-40217: Security update for Python.
CVE-2023-5367: Security improving Tigervnc’s secure functionality.
CVE-2023-1989: Update for the Unbreakable Enterprise Kernel’s (UEK) security.

These patches safeguard your Linux servers against potential breaches and system vulnerabilities. We recommend reviewing the detailed advisories for each CVE to understand the implications and take appropriate action.

In addition, December also brought several moderate-level updates enhancing the security and functionality of various Linux components. Notable among these are a security update for Samba (CVE-2023-3961), enhancing file and print service security; updates for DNS server software BIND (CVE-2022-3094) and DNS request handling in c-ares (CVE-2020-22217); a firmware update enhancement in fwupd (CVE-2022-3287); and security improvements for the printing system CUPS (CVE-2023-32324) and the text editor Emacs (CVE-2022-48337). While less critical, these updates are still necessary for maintaining a well-protected and efficient Linux environment.

Microsoft Office and Exchange Patching

Per our standard practice, OneNeck does not conduct patching for Microsoft Office products during our scheduled updates. We urge all customers to apply the latest Microsoft Office updates promptly. Should you need assistance or have any inquiries regarding this process, please don’t hesitate to contact our Service Desk.

Exchange

We continue to recommend that all customers upgrade to Exchange Server 2019. For those with OneNeck Exchange Management contracts, we will handle the Exchange Security Updates separately.

TLS 1.0 and TLS 1.1 Updates

As a reminder, Microsoft will soon implement updates to disable TLS 1.0 and TLS 1.1. We strongly advise preparing your systems for these updates to ensure seamless application functionality. For detailed information and guidance, please refer to Microsoft’s official communication.

Looking Forward to the New Year

As we conclude our December patching cycle, we encourage you to stay proactive by implementing these updates. Our team at OneNeck is always ready to support you in strengthening your cybersecurity posture.

Stay secure and stay patched; we look forward to bringing you more updates in the new year!

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

November Patching Update: Important Advisory and Vulnerabilities

Zack Prichard — Mon, 20 Nov 2023 16:11:04 +0000

Welcome to OneNeck’s monthly patching blog for November 2023. As your proactive partner in cybersecurity, our team is dedicated to identifying and addressing the most critical updates that can impact your IT infrastructure. Our engineers are committed to dissecting and understanding the latest vendor-released patches, ensuring that our Managed Patch Services keep your systems secure and operational.

Microsoft Security Brief

In November, Microsoft has patched 58 vulnerabilities, sorted into the following categories:

16 Elevation of Privilege Vulnerabilities
6 Security Feature Bypass Vulnerabilities
15 Remote Code Execution Vulnerabilities
6 Information Disclosure Vulnerabilities
5 Denial of Service Vulnerabilities
11 Spoofing Vulnerabilities

Notably this month, 3 zero-day vulnerabilities are currently being actively exploited.

Patching Highlights for November

These patches require your immediate attention due to their high-risk potential:

CVE-2023-36025: Addresses a Security Feature Bypass Vulnerability in Windows SmartScreen.
CVE-2023-36033: Fixes an Elevation of Privilege Vulnerability in the Windows DWM Core Library.
CVE-2023-36036: Remedies an Elevation of Privilege Vulnerability in the Windows Cloud Files Mini Filter Driver.
CVE-2023-36397: Patches a Remote Code Execution Vulnerability in Windows Pragmatic General Multicast (PGM).
CVE-2023-36413: Corrects a Security Feature Bypass Vulnerability in Microsoft Office.

ASP.NET Core Applications Advisory

Developers utilizing ASP.NET Core 8.0 applications should be aware of the following advisory from Microsoft and take particular note of CVE-2023-36038 – an ASP.NET Core Denial of Service Vulnerability, where a remote unauthenticated user can issue specially crafted requests to a .NET application which may result in denial of service.

Linux Patching Updates

Our Unix Team has compiled an extensive list of Linux patches and vulnerabilities that demand attention this month:

CVE-2023-3609; CVE-2023-32233; CVE-2023-35001: Patches for Red Hat Enterprise Linux 7 (Kernel), addressing critical security issues and enhancing system stability.
CVE-2023-3341: Linux security update for BIND, crucial for maintaining domain name system integrity.
CVE-2023-5721; CVE-2023-5724; CVE-2023-5725; CVE-2023-5728; CVE-2023-5730; CVE-2023-5732; CVE-2023-44488: A series of vital Firefox updates, reinforcing browser security and addressing various vulnerabilities.
CVE-2023-40217: An important update for Python 3.x, enhancing security features and fixing vulnerabilities.
CVE-2023-5217; CVE-2023-44488: For libvpx, focusing on addressing security concerns in this multimedia library.
CVE-2023-44487: An update for nghttp, ensuring robustness against potential network protocol vulnerabilities.
CVE-2023-38545; CVE-2023-38546: Bolsters security features for curl.
CVE-2023-0567; CVE-2023-0568; CVE-2023-0662; CVE-2023-3247; CVE-2023-3823; CVE-2023-3824: Updates for PHP, addressing various security issues to ensure script integrity and system safety.
CVE-2023-44487: Addresses security vulnerabilities and enhances web server protection within Tomcat.
CVE-2022-0934: Ensures DNS forwarding and DHCP server stability within dnsmasq.
CVE-2021-40211: A security update for ImageMagick, crucial for maintaining security in image processing tasks.
CVE-2023-3609; CVE-2023-35001; CVE-2023-32233: Key patches for Oracle Linux 7 (Kernel 3.10), focusing on kernel vulnerabilities and system enhancements.
CVE-2022-34918; CVE-2023-2513; CVE-2023-4387; CVE-2023-22024; CVE-2023-3772; CVE-2023-35001; CVE-2023-4206; CVE-2023-3611; CVE-2023-4459; CVE-2023-3776: For Oracle Linux 7 (Kernel 4.1.12), targeting various kernel security issues.
CVE-2023-42753; CVE-2023-22024: Oracle Linux 7 (Kernel 4.14) patches, enhancing kernel protection and stability.
CVE-2023-20588; CVE-2023-5090; CVE-2023-20569; CVE-2023-42753; CVE-2023-22024: Regarding Oracle Linux 7 (Kernel 5.4), focusing on kernel security and functionality improvements.

Microsoft Office and Exchange Updates

Please note that OneNeck does not patch Microsoft Office products during scheduled patching. We recommend customers apply Microsoft Office updates immediately. If you have questions about how our team can assist you within in your Microsoft environment, contact our Service Desk.

Exchange

For Exchange, we continue to recommend upgrading to Exchange Server 2019 and remind you that we’re here to apply necessary Exchange Security Updates for managed clients.

TLS 1.0 and TLS 1.1 Disabling Updates

Updates disabling TLS 1.0 and TLS 1.1 are on the horizon. Ensure you prepare your environment for these changes to maintain application functionality. For more information, visit Microsoft’s post on the timeline and process of these updates.

November Patching Cycle

As November’s patching cycle concludes, we invite you to remain engaged for next month’s updates. Keeping your systems up-to-date is more than a best practice—it’s necessary. Our team is ready to assist if you have any questions or need support.

Stay secure and stay patched!

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

October Patching Update: Key Vulnerabilities & Fixes

Zack Prichard — Tue, 17 Oct 2023 14:59:33 +0000

Welcome to OneNeck’s monthly patching blog for October 2023. As your steadfast partner in IT security, our mission is to spotlight pivotal updates crucial to maintaining the integrity of your systems. Our dedicated engineers delve deep every month to dissect vendor-released patches, determining their ramifications and guiding necessary actions for our clientele. With OneNeck’s Managed Patch Services, you can rest easy, confident that your systems remain secure, safeguarded, and current.

Key Patching Takeaways for October:

This month, Microsoft addressed a total of 104 flaws. These vulnerabilities are categorized as follows:

26 Elevation of Privilege Vulnerabilities
3 Security Feature Bypass Vulnerabilities
45 Remote Code Execution Vulnerabilities
12 Information Disclosure Vulnerabilities
17 Denial of Service Vulnerabilities
1 Spoofing Vulnerabilities

It’s worth noting that three of these vulnerabilities are zero-day—vulnerabilities known to malicious entities and potentially already being exploited.

Highlighted Patches for the Month:

Given their significant security implications, the following patches necessitate immediate attention:

CVE-2023-41763: Skype for Business – Elevation of Privilege Vulnerability. Here, An attacker could make a specially crafted network call to the target Skype for Business server, which causes the parsing of an HTTP request to an arbitrary address and potentially disclose IP addresses, port numbers or both to the attacker.
CVE-2023-36563: Microsoft WordPad – Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of NTLM hashes.
CVE-2023-35349: Microsoft Message Queuing – Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute code on the target server remotely.

Important Patching Update from Our Unix Team

For October, a series of significant Unix patches have been released. This month, our team breaks down the following patches:

CVE-2020-22219: Important – Security Update for FLAC. This vulnerability addresses potential code execution flaws related to FLAC audio file parsing.
CVE-2022-40982, CVE-2023-22024, CVE-2023-3106, CVE-2023-3567, CVE-2023-42753: Important – Oracle Unbreakable Enterprise kernel security updates. These patches target vulnerabilities that could lead to unauthorized system access, data leaks, or disruptions in Oracle’s enterprise kernel services.
CVE-2023-20593 & CVE-2023-4004: Important – Oracle Linux kernel security and enhancement updates. These patches mitigate vulnerabilities in the Oracle Linux kernel, focusing on improving system stability and preventing potential privilege escalations.
CVE-2023-20900: Important – open-vm-tools security update. A patch to address potential risks associated with VMware tools, granting a malicious actor Guest Operation Privileges
CVE-2023-35001 & CVE-2023-35788: Important – Kernel security bug fixes and enhancement updates. These patches correct vulnerabilities in the Unix kernel that allow an out-of-bounds write in the flower classifier code that could result in denial of service or privilege escalation.
CVE-2023-4580 & CVE-2023-4585: Important – Firefox security updates where Push notifications stored on disk in private browsing mode were not encrypted, potentially allowing the leak of sensitive information.
CVE-2023-4863: Important – A security update for libwebp that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page.

Microsoft Office Updates:

OneNeck does not patch Microsoft Office products during scheduled patching. We recommend all customers take the necessary action to apply Microsoft Office updates to their environment as soon as possible. If you have questions about how OneNeck can assist you with this in your environment, please contact the Service Desk.

Exchange Updates:

OneNeck encourages all customers to upgrade to Exchange Server 2019. OneNeck will apply Exchange Security Updates (along with the additional actions) under separate Change Requests for customers contracted with OneNeck for Exchange Management.

Microsoft will soon push out updates to disable TLS 1.0 and TLS 1.1. OneNeck encourages all customers to ensure their environment is adequately updated to ensure applications function with this updated security posture. For further details on TLS updates, please check the information provided by Microsoft’s blog post.

We look forward to sharing more insights next month, and as always, we’re here to assist and answer any queries you might have. Keeping your systems updated is crucial for security, and we’re committed to guiding you every step of the way.

Stay secure and stay patched!

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

September Patching: Updates for Exchange Server Vulnerabilities and More

Zack Prichard — Mon, 18 Sep 2023 17:17:16 +0000

Welcome to OneNeck’s monthly patching blog for September 2023. Our team remains committed to informing you about the latest patches and updates that might affect your systems. Every month, our engineers scrutinize newly released updates from vendors to identify any known issues requiring action and assign priority to each patch. As part of our dedication to safeguarding your systems, we offer comprehensive Managed Patch Services to assist clients in keeping their environments secure and up-to-date.

Alert: Microsoft Exchange Server Vulnerabilities

This month, we place a particular highlight on the critical updates concerning the Microsoft Exchange Server. We strongly urge all customers to ensure that their Exchange Servers are updated with the September Security Update for Exchange as soon as possible to protect against numerous critical vulnerabilities.

Last month, we addressed the following vulnerabilities :

CVE-2023-21709, CVE-2023-38181, CVE-2023-38185, CVE-2023-35368, CVE-2023-38182 and CVE-2023-35388

September brings about additions to this list. Microsoft has flagged these CVEs as being critical. These are all concerning Remote Code Execution Vulnerabilities:

Once the updates have been installed, you should also complete the further actions discussed in this article from Microsoft.

Microsoft Patching Updates

This month, Microsoft rectified 59 flaws divided into various categories, including two zero-day or actively exploited bugs:

3 Security Feature Bypass Vulnerabilities
24 Remote Code Execution Vulnerabilities
9 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
5 Spoofing Vulnerabilities
5 Edge – Chromium Vulnerabilities

This month, we are placing a significant focus on a select group of patches that address both critical and high-severity vulnerabilities. We strongly urge you to integrate the following patches into your system to bolster your security posture against potential exploitation:

CVE-2023-36802 – This patch mitigates a vulnerability in the Microsoft Streaming Service Proxy that could allow attackers to elevate privileges within your system.
CVE-2023-36761 – This update addresses a flaw within Microsoft Word that can lead to unintended information disclosure, exposing confidential data to malicious actors.
CVE-2023-38143, CVE-2023-38144 – These updates rectify Windows Common Log File System Driver vulnerabilities. They prevent attackers from exploiting the system to elevate their privileges.
CVE-2023-36744*, CVE-2023-36745* & CVE-2023-36756* – As noted in the Alert section above, these patches are critical in securing the Microsoft Exchange Server against remote code execution vulnerabilities, preventing unauthorized access and potential data compromise.

Important Patching Update from Our Unix Team

This month, our team highlights a selection of updates, including two critical patches, that are essential to securing your system. Here, we breakdown these patches to provide you with the knowledge to fortify your network and data effectively against imminent security threats:

CVE-2023-4057: Addresses a critical security vulnerability within Firefox. It is highly recommended that this update be implemented swiftly to prevent potential breaches.
CVE-2023-38408: This is a critical update enhancing the security structure of OpenSSH, designed to bolster its defenses against potential cyber threats. Prioritize this patch to protect against unauthorized access and potential data breaches.
CVE-2023-35788: This significant update addresses security and bug issues concerning the kernel, readily available for Red Hat Enterprise Linux 7 users.
CVE-2023-32360: Authentication issue addressed with improved state management. An unauthenticated user may be able to access recently printed documents.
CVE-2023-2235: A substantial update bringing security and bug fixes for the kernel, specifically geared towards users utilizing Red Hat Enterprise Linux 8.
CVE-2023-3899: An essential update for the subscription manager, focusing on tightening security protocols and enhancing overall performance.

By updating your systems with these patches, you are taking a proactive step in securing your network and data. Our team stands ready to assist our customers at any time to provide any guidance or support needed throughout this process.

Microsoft Office Patching

OneNeck does not cover Microsoft Office products during scheduled patching. However, we advocate that all customers promptly apply Microsoft Office updates in their environment. For assistance or inquiries, don’t hesitate to contact our Service Desk.

Exchange Updates

We recommend all customers to upgrade to Exchange Server 2019. OneNeck will facilitate the August Exchange Security Update under separate Change Requests for clients enlisted with OneNeck for Exchange Management. For support or further information, please get in touch with our Service Desk at 800-272-3077. Additionally, note that Microsoft will soon deactivate TLS 1.0 and TLS 1.1. Ensure your environment is up to date to prevent any application malfunctions. For details, visit Microsoft’s Blog Post.

As we wrap up, we remind you to stay tuned for next month’s blog and feel free to contact us with any queries or concerns. Remember, staying informed is your first line of defense.

Stay secure and stay patched!

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

August Patching: Navigating Microsoft and Linux Vulnerabilities

Zack Prichard — Wed, 16 Aug 2023 15:17:05 +0000

Our monthly patching blog continues our commitment to keep you abreast of the latest threats and updates that might affect your systems. This month, Microsoft and Linux have released several significant updates, some of which addressed critical vulnerabilities.

Windows Patching Highlights

This month, Microsoft addressed 87 flaws, broken down into the following categories:

18 Elevation of Privilege Vulnerabilities: These could allow attackers to gain elevated privileges, compromising system integrity.

3 Security Feature Bypass Vulnerabilities: These flaws could permit attackers to bypass security features, leading to unauthorized access.

23 Remote Code Execution Vulnerabilities: These vulnerabilities could allow an attacker to remotely execute arbitrary code, leading to unauthorized access and data compromise.

10 Information Disclosure Vulnerabilities: Potentially exposing sensitive information to unauthorized parties.

8 Denial of Service Vulnerabilities: Allowing an attacker to crash or slow down the system.

12 Spoofing Vulnerabilities: Allowing an attacker to disguise themselves as another user.

This month’s updates tackle a variety of vulnerabilities that impact different Windows components. They include fixes for zero-day vulnerabilities that hackers have actively exploited, as well as vulnerabilities in Microsoft Office, Microsoft Exchange, and other areas of the Windows operating system.

August’s Highlighted Patches Include:

CVE-2023-38180 – .NET and Visual Studio Denial of Service Vulnerability: This flaw could allow an attacker to crash or slow down the system.

ADV230003 – Microsoft Office Defense in Depth Update: An improvement to Microsoft Office’s security features.

CVE-2023-36884 – Windows Search Remote Code Execution Vulnerability (update now available): Addressing a previously reported vulnerability that could allow an attacker to execute arbitrary code remotely.

CVE-2023-35385, CVE-2023-36910, & CVE-2023-36911 – Microsoft Message Queuing Remote Code Execution Vulnerability: Could allow unauthorized remote code execution.

CVE-2023-21709, CVE-2023-38181, CVE-2023-38185, CVE-2023-35368, CVE-2023-38182, & CVE-2023-35388 – Microsoft Exchange Security Updates: Patches for various vulnerabilities that may lead to unauthorized access and data leakage.

CVE-2023-32019 – This update was installed with June 2023 Security Updates, but the setting was disabled. The August updates will switch the setting to enabled.

Linux Patching

Moving on to Linux, we have a collection of vital security updates addressing vulnerabilities across various components. This roundup includes patches for critical vulnerabilities that demand immediate attention and essential updates to maintain overall system integrity.

CVE-2023-20593 – A critical security vulnerability affecting the Linux firmware package in Oracle Linux is resolved. Attackers could exploit this issue to potentially access sensitive information on vulnerable systems.
CVE-2023-1999 – The libwebp library contained a vulnerability addressed in this update. Exploiting this issue allowed attackers to use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best = trial pointer.
CESA-2023:3145 – A vulnerability found in the Apache Portable Runtime Utility Library (apr-util) allowing attackers to execute arbitrary code with elevated privileges.
CVE-2023-25652 – A vulnerability in Git permitting attackers to feed specially crafted input to `git apply –reject`, a path outside the working tree, overwriting it with partially controlled contents.
CVE-2023-24329 – An issue in the urllib.parse component of Python before 3.11.4, where attackers could bypass blocklisting methods by supplying a URL that starts with blank characters, has been resolved.
CVE-2023-32067 – The c-ares DNS resolver library contained a vulnerability enabling attackers to launch denial-of-service attacks on affected systems is now resolved.
CVE-2023-37201 – Provides fixes for vulnerabilities found in Firefox, including where an attacker could trigger a use-after-free condition when creating a WebRTC connection over HTTPS.
CVE-2022-3564 – Patch for a vulnerability within the Linux kernel, preventing attackers from gaining unauthorized access to vulnerable systems.
CVE-2023-2828 – Addresses vulnerability in BIND DNS server exploited to conduct denial-of-service attacks on affected systems.
CVE-2023-32435 – Addresses a memory corruption issue with improved state management.
CVE-2023-2269 – A denial of service problem, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.

Non-Critical Updates

We’ve also identified multiple non-critical updates. Specifically, a security and bug fix update for Java (CVE-2023-22045) addresses a potential unauthorized access vulnerability. A similar update now exists for Samba (CVE-2023-3347). Lastly, a security update for Emacs (CVE-2022-48339) is available, addressing a similar vulnerability for unwanted access. While these vulnerabilities are not considered critical, we recommend applying these patches to maintain a secure environment.

Microsoft Office Updates

OneNeck does not patch Microsoft Office products during scheduled patching. We recommend all customers apply Microsoft Office updates to their environment immediately. If you have questions about how OneNeck can assist you in your environment, don’t hesitate to contact the Service Desk.

Exchange Updates

OneNeck encourages all customers to upgrade to Exchange Server 2019. OneNeck will apply the August Exchange Security Update (along with the additional actions) under separate Change Requests for customers contracted with OneNeck for Exchange Management. For customers not contracted with us for Exchange Management services, don’t hesitate to contact the Service Desk if you have any questions on how OneNeck can assist you in your environment.

Please note our engineers base the information provided here on reviews of the information provided by the vendors at the time of the release. Please see the vendor’s website or contact us for the latest patching details.

Keep an eye out for next month’s blog, and as always, feel free to contact us with any questions or concerns. Stay secure and stay patched!

The information below is gathered monthly during this review and posted for awareness to our customers. This information is generally updated only once per month and is based on our engineers’ review of the information provided by the vendor at that time. As always, for the most up-to-date patching information, please see the vendor’s website or contact us.

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

July Patching: Windows, Office, Python and More

Zack Prichard — Fri, 14 Jul 2023 17:46:09 +0000

Welcome to OneNeck’s monthly patching blog for July 2023. We aim to keep you informed about the latest patches and updates that may be affecting your systems. This month, we have identified several zero-day vulnerabilities or actively exploited bugs that require attention.

Windows Patching Highlights

Here are the most significant patches for July:

CVE-2023-32046 – Windows MSHTML Platform Elevation of Privilege Vulnerability Potentially allows attackers to gain elevated privileges, thus compromising system integrity.
CVE-2023-32049 – Windows Smart Screen Security Feature Bypass Vulnerability. This exposure could allow attackers to bypass security features, potentially leading to unauthorized access.
CVE-2023-36874 – Windows Error Reporting Service Elevation of Privilege Vulnerability. Could allow an attacker to elevate their privileges, potentially leading to unauthorized system changes.
CVE-2023-36884 – Office and Windows HTML Remote Code Execution Vulnerability. Attacker could remotely execute arbitrary code, potentially leading to unauthorized access and data compromise.
CVE-2023-35311 – Microsoft Outlook Security Feature Bypass Vulnerability. Allow for bypass of security features in Outlook, potentially leading to unauthorized access to sensitive information.
ADV230001 – Guidance on Malicious Use of Microsoft Signed Drivers. This advisory guides the handling of situations where Microsoft-signed drivers are being used for malicious purposes.

While Microsoft has not yet released any updates related to CVE-2023-36884, they have provided mitigation advice, which, if applied, might cause certain issues with regular functionality. We will be watching for an out-of-band update this month and may add to our deployments if determined necessary. We will also consider circling back to update devices patched before the out-of-band update release.

Microsoft Office Updates

Be aware that there have been reports of ‘External Email’ banners, which many companies use to identify messages sent from an external sender, stopping functioning after office updates are applied this month. A reported quick fix for the issue is to change the color used in the banner.

Please note that OneNeck does not patch Microsoft Office products during scheduled patching. We recommend that all customers apply Microsoft Office updates to their environment immediately. If you need assistance with this in your environment, don’t hesitate to contact our Service Desk.

Additional Patching Highlights

In addition to the previously mentioned patches, we have identified several other important security updates:

CVE-2023-24329 – A security update for python3 is available. It addresses an issue in the urllib.parse component of Python before 3.11.4 that allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
CVE-2023-32067 –This addresses a vulnerability that could potentially allow an attacker to cause a denial of service.
CVE-2023-34416 –A security update for Firefox. This update addresses a vulnerability allowing an attacker to execute arbitrary code.

Non-Critical Updates

While updates are available for Emacs (CVE-2022-48339) and open-vm-tools (CVE-2023-20867), it’s worth noting that these are categorized as non-critical. Our primary focus remains on addressing vulnerabilities of higher severity to ensure the utmost security of your systems.

Active Directory Federation Service Security Feature Bypass Vulnerability

Upon application of July updates to all Active Directory Federation Service servers, Microsoft recommends enabling a setting on the primary AD FS server. OneNeck will investigate this for any customers contracted with us for Active Directory Management. For customers not contracted with OneNeck for Active Directory Management: please contact the Service Desk if you have questions about how OneNeck can assist you in your environment.

Other Important Notes

Deployment of the Initial Enforcement phase for CVE-2022-37967 regarding Kerberos protocol changes is occurring in July. Additionally, this month, the enforcement phase for CVE-2022-38023 regarding Netlogon protocol changes is being deployed. The Initial Enforcement for this was deployed via last month’s patches.

Keep an eye out for next month’s blog, and as always, feel free to contact us with any questions or concerns. Stay secure, and stay patched!

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

June Patching: Vulnerabilities in VMware and Microsoft

Zack Prichard — Fri, 16 Jun 2023 18:42:12 +0000

Welcome to OneNeck’s monthly patching blog for June 2023. Our aim is to keep you informed about the latest patches and updates that may affect your systems. This month saw the release of several important patches but, thankfully, no zero-day vulnerabilities or actively exploited bugs.

Patching Highlights

Here are the most significant patches for June:

CVE-2023-20867 – An authentication bypass vulnerability in VMware Tools has been identified. This vulnerability could potentially allow unauthorized users to gain access to sensitive information.
CVE-2023-29357 – Pertains to an elevation of privilege vulnerability in the Microsoft SharePoint Server. If exploited, this vulnerability could grant an attacker higher-level privilege, thereby compromising the integrity and confidentiality of your data.
CVE-2023-32031 – A remote code execution vulnerability in Microsoft Exchange Server that is particularly concerning as it could potentially allow an attacker to remotely execute arbitrary code and gain unauthorized access to data or services.
CVE-2023-33131 – This vulnerability is being addressed within a broader set of updates for Microsoft Office. If exploited, it could lead to the execution of malicious code when a user opens a specially crafted file or program.

VMware Tools Updates

At OneNeck, we regularly update virtual machines (VMs) in managed environments. VMware Tools contains an Authentication Bypass vulnerability (CVE-2023-20867) in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. This month, we will work to apply the latest version of VM Tools to remediate CVE-2023-20867 for customers contracted with OneNeck for support of their VMware environment.

Microsoft Office Updates

Please note that OneNeck does not patch Microsoft Office products during scheduled patching. We recommend that all customers apply Microsoft Office updates to their environment as soon as possible. If you need assistance with this in your environment, don’t hesitate to contact our team of Microsoft experts.

Exchange Patching Updates

Important news for Exchange users: Exchange Server 2013 has reached End of Life, and Microsoft will provide no further patches for this version. Exchange Server 2016 has reached the end of Mainstream Support and is now under Extended Support. We will continue applying Security Updates Microsoft released for customers contracted with OneNeck for Exchange Management.

Moreover, we strongly encourage all customers to upgrade to Exchange Server 2019. A new Security Update has been released for Exchange Server 2019, which we will apply for customers contracted with OneNeck for Exchange Management and running a supported version of Exchange.

Windows 10 & 11 22H2

OneNeck recommends updating Windows 10 & 11 devices to Feature Update version 22H2 to ensure future security updates will install on your systems. This upgrade is not automatic via standard patching. Additionally, Windows 10 & 11 devices using BitLocker will require a manual update to the Windows Recovery Environment. Please contact our Service Desk if you need assistance with these processes.

Secure Boot Security Bypass Vulnerability

We do not enable Secure Boot on OneNeck- build servers. As a result, we will not be taking any manual action for this update. However, if you have enabled Secure Boot on your servers, we encourage you to review the documentation and take all necessary actions. Our Service Desk is available to assist you with this should you have questions or concerns surrounding your organization’s environment.

OneNeck Has Your Back!

Stay tuned for next month’s patching blog, and as always, feel free to reach out with any questions or concerns. Stay secure, stay patched!

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

Secure Boot Vulnerability, Exchange Updates & LAPS

Zack Prichard — Wed, 17 May 2023 21:31:10 +0000

Secure Boot Security Bypass Vulnerability:

May greeted us with a significant security vulnerability concerning Secure Boot. As a critical security feature, Secure Boot ensures that machines boot using only software trusted by the Original Equipment Manufacturer (OEM). This month brought the identification and subsequent patching of a security bypass vulnerability (CVE-2023-24932) that could compromise the integrity of devices with Secure Boot enabled.

Our standard practice does not involve enabling Secure Boot on OneNeck-built servers. As such, our team is not planning on providing manual action for this update. However, customers who have enabled Secure Boot on their servers should take this vulnerability seriously. We strongly recommend reviewing the related documentation and taking any necessary actions to safeguard your systems. Our Service Desk is readily available to assist our customers with any questions or assistance in their environment.

Exchange Server Updates and EOL Announcements:

This month also brought important updates for Microsoft Exchange Server.

Firstly, Microsoft has released a new Cumulative Update for Exchange Server 2019. For customers contracted with OneNeck for Exchange Management and running this version of Exchange, we will apply this update on your behalf.

In other news, Exchange Server 2013 has now reached End of Life. This designation means that Microsoft will no longer provide patches for this version of Exchange. Thus we recommend customers move away from this version to avoid potential security risks.

Meanwhile, Exchange Server 2016 has transitioned from Mainstream Support to Extended Support. While it is still receiving security updates from Microsoft, starting to plan for the future is essential. We will continue to apply these security updates for customers contracted with us for Exchange Management.

At OneNeck, we encourage all customers to upgrade to Exchange Server 2019 to benefit from the latest features, improved security and continued support. For those unsure how to proceed with the upgrade, our Service Desk will guide you through the process.

Introducing the New Local Administrator Password Solution (LAPS)

Lastly, we’d like to highlight the release of a new version of LAPS last month. This latest iteration extends support for Windows 10 & 11 and Server 2019 & 2022 and introduces new features for Azure Active Directory.

LAPS provides a simple, automated solution for managing local administrator passwords, reducing the risk of security breaches resulting from compromised credentials. If you want to deploy LAPS in your environment or have any questions about its features, please contact us at any time for assistance.

OneNeck Has Your Back!

As always, our goal at OneNeck is to help you navigate the ever-changing landscape of IT. We remain committed to providing you with the latest updates and ensuring your systems are secure, reliable, and optimized. Thank you for your continued trust in OneNeck.

Stay tuned for more updates next month!

Windows 10 & 11 22H2 Rollout and Netlogon Protocol Changes

Zack Prichard — Sun, 16 Apr 2023 21:29:33 +0000

As we move into the second quarter of 2023, several important patching updates have been released that warrant attention. These updates include critical Windows 10 & 11 changes, Netlogon Protocol and more. Here are the key updates from April.

Windows 10 & 11 22H2:

Feature Update version 22H2 for Windows 10 and 11 is in its final rollout phase. Microsoft is offering this update to an expanded set of eligible devices running Windows 10, version 20H2, and later versions. We at OneNeck recommend updating your devices to ensure future security updates install on your systems. This upgrade is not automatic via standard patching, so manual installation is necessary.

Devices that utilize BitLocker require a manual update to the Windows Recovery Environment for Windows 10 & 11. We recommend manually applying this update wherever applicable. If you have questions about how OneNeck can assist you with these processes, please contact the Service Desk.

Netlogon Protocol Changes – CVE-2022-38023:

Windows has released significant updates to address the Netlogon protocol vulnerability (CVE-2022-38023). This security patch for Domain Controllers was first included in the November 8, 2022, and later Windows updates, with the initial enforcement phase starting on April 11, 2023. Beginning in June 2023, Enforcement mode will be enabled on all Windows domain controllers and will block vulnerable connections from non-compliant devices. By July 2023, the ability to set the Compatibility mode setting will be removed.

We recommend auditing for events related to this update. If you have contracted with OneNeck for Active Directory Management, we will notify you if we suspect you might be affected by these changes.

Please note that NetApp has provided guidance regarding the impact of the upcoming patch on ONTAP 9.

Active Directory Permission Updates – CVE-2021-42291:

The final deployment for the Active Directory Permission Updates (CVE-2021-42291) is now scheduled for January 2024, pushed back from the original date of April 2023. If you have questions about how OneNeck can assist you with enabling Audit Mode and monitoring for Events related to this vulnerability, please contact our experts.

Certificate-based Authentication Changes on Windows Domain Controllers:

The final deployment of updates related to certificate-based authentication changes on Windows Domain Controllers is now set for November 2023, moved back from the initial May 2023 date. The initial deployment of this patch for Domain Controllers began in May 2022. If you have questions regarding enabling Audit Mode and monitoring for Events related to this vulnerability, OneNeck is ready to assist.

OneNeck Has Your Back!

As always, we at OneNeck are here to support you through these changes. Reach out to us if you need assistance or have any queries. Stay safe and secure!

Navigating the Outlook Elevation of Privilege Vulnerability

Zack Prichard — Sat, 18 Mar 2023 16:00:10 +0000

In the ever-evolving digital landscape, maintaining the security and integrity of your systems is not just a necessity; patching is a commitment we at OneNeck IT Solutions take seriously. This March, our attention is specifically drawn to a critical issue within Microsoft Office products: the Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397).

Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397)

A zero-day vulnerability, this particular security issue emerged without prior warning. Organizations should consider these vulnerabilities to be especially critical since cyber attackers can often exploit them before there is an opportunity to correct or even identify them fully. In the case of this Outlook vulnerability, a potential attacker could elevate their privileges within the system, leading to an increased level of access and control.

Please note as part of our standard procedure, OneNeck does not include Microsoft Office products during scheduled patching. OneNeck will not automatically distribute the zero-day patch for Outlook. Nevertheless, we strongly recommend all customers take immediate action to apply this important update to their environment as soon as possible.

Exchange Management and Patching

We are going a step further for those of you contracted with OneNeck for Exchange Management. We’re utilizing a script provided by Microsoft to determine if your organization is a target of malicious entities attempting to exploit this vulnerability. This assessment can be conducted for Exchange On-Prem and Exchange Online, providing a comprehensive safeguard regardless of your Exchange configuration. If you have questions about how OneNeck can assist you with either of these processes, don’t hesitate to contact the Service Desk.

Identifying and swiftly responding to such threats is fundamental to our service at OneNeck. In an era where cyber threats can arise and evolve rapidly, the ability to adapt and react quickly is not just an advantage; it’s a necessity. This Outlook Elevation of Privilege Vulnerability is an excellent reminder of the importance of vigilance and proactive actions in the face of cyber threats.

OneNeck Has Your Back!

While patching is essential to maintaining cybersecurity, it’s also a complex and continuous process. Each patch brings challenges and demands, and navigating this landscape requires a blend of technical expertise, industry knowledge, and a deep understanding of each client’s specific needs and contexts.

At OneNeck, our commitment is to support you through each update, each challenge, and each opportunity for improvement. We are not merely your IT solutions provider but your partners in navigating the dynamic landscape of IT security. We are dedicated to providing you with the best possible solutions for your IT security needs.

Stay safe, stay updated, and remember, OneNeck is here to assist you every step of the way.