Now Available: Xtraction for Shavlik Protect

Shavlik is pleased to announce the availability of Xtraction for Shavlik Protect.

Screen Shot 07-25-16 at 09.21 AM

Xtraction for Shavlik Protect is a self-service, web based solution that presents critical data from Shavlik Protect as customized dashboards and documents in real time.  There are 2 different offerings available for Xtraction with Shavlik Protect. These offerings include: Xtraction for Shavlik Protect Reporting Bundle or Xtraction Enterprise with the Shavlik Protect Connector .

The Xtraction for Shavlik Protect Reporting Bundle option is a view only license allowing customers to view pre-built dashboards and documents. The pre-built dashboards make it easier for a customer to get up and running quickly with a simplified reporting solution. The full Enterprise version of Extraction is needed for customers that want to create new dashboards or modify existing ones.

Xtraction complements Shavlik Protect by extending reporting visibility without the need to grant access privileges to Shavlik Protect.

Xtraction for Shavlik Protect helps to:

  • Improve speed of response to vulnerabilities
  • Improve accuracy of risk assessments
  • Manage compliance levels
  • Provide self-service reporting access to reduce the administrator burden

For more information and a deeper dive into the out-of-the-box dashboards available with the Xtraction for Shavlik Protect connector, please join me for the Introducing Xtraction for Shavlik Protect webinar on Wednesday, July 27th .

Apple July 2016 Mac OS X Updates

AppleBuilding(own)(editorialuseonly)

As was the case in May, Happy Apple Patch Monday!

Apple’s July 2016 Mac OS X Updates apply to Mac OS X, including versions El Capitan 10.11.6; Security Update 2016-004 for Mavericks 10.9.5 and Yosemite 10.10.5; and Safari, with a new version 9.1.2. In total, there were 72 vulnerabilities fixed with many that create high-risk to enterprises.

OS X 10.11.6 and Security Update 2016-004

Apple is clearly in maintenance mode for released versions of OS X as they prepare to get macOS Sierra ready for release in a few months. There are no apparent significant new features in OS X 10.11.6, some bug fixes, and fixes for 60 vulnerabilities. These vulnerabilities also apply to older versions in the form of Security Update 2016-004.

As is the case in other security updates, Apple is selective about which vulnerabilities are fixed for the older, supported versions. I highly doubt that many of these vulnerabilities only apply to 10.11. In terms of a breakdown of the vulnerabilities fixed by OS X version, we get:

OS X Version Vulnerabilities Fixed
10.9.5 18
10.10.5 19
10.11 and later 60

Interesting vulnerabilities fixed in this release includes seven that apply to QuickTime where processing an image file can lead to arbitrary code execution. These types are golden for hackers since they can be emailed via SPAM or phishing and lure a target to compromise. With all of the terrible headlines in the news lately, it is easy to imagine how a hacker might send a message using news of the day with an image attached which someone would be enticed to open.

There were also a number of other arbitrary code execution vulnerabilities that address the PHP, Graphics, Image, and SSL components. There is one vulnerability, CVE-2016-2108, in the OpenSSL component that is particularly nasty with a CVSS 3.0 score of 9.8 out of 10. With all the attacks on SSL (Heartbleed) in recent times, this alone is a strong reason to upgrade all Macs with this update.

Safari 9.1.2

Safari 9.1.2 applies to OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6 and fixes 12 vulnerabilities. Of the dozen vulnerabilities, six have the impact where, to quote Apple, “Visiting a maliciously crafted website may lead to arbitrary code execution.”

Needless to say, arbitrary code execution is bad news and by simply visiting a maliciously crafted website to do so is really bad news. A real world example is phishing an end user to get them to click on a link and visit a bad website which then causes ransomware to be downloaded and run. The first instance of ransomware in the wild was discovered in March and delivered by an infected BitTorrent client, but it’s only a matter of time before web-based targeting occurs using vulnerabilities like those fixed in Safari 9.1.2.

Other Updates

As is typically the case, Apple also released updates for other key software including iOS 9.3.3, watchOS 2.2.2, tvOS 9.2.1 (I’m wondering if this is version error as May also had a tvOS 9.2.1), and iTunes 12.4.2 for Windows. An interesting note is that on iTunes 12.4.2, all of the vulnerabilities fixed also applied to the OS X updates and came in the form of various xml libraries. There is not a lot of detail in the bulletin to determine the impact of these iTunes fixes, but there are some nasty vulnerabilities, including CVE-2016-1836, which allows arbitrary code execution via a bad XML file (check out my cool playlist and get hacked for example).

Summary

Like the May 2016 updates, this month’s release doesn’t have anything by way of features to encourage users to upgrade, but there are plenty of high-security risks that should encourage all enterprises to update as soon as possible.

July Patch Tuesday 2016

Shavlik_Patch_July12

Even though there are no ‘Zero Day’ vulnerabilities, July’s Patch Tuesday is far from boring. So far, we have Adobe releasing updates for Adobe Flash, Acrobat and Reader. Additionally, Microsoft is releasing 11 updates, six of which are critical. In upcoming news, Oracle is due to have its quarterly Critical Patch Update release next Tuesday, July 19th. We also have the one year anniversary of Server 2003 end of life on July 14th, and it looks like the anniversary update for Windows 10 is slated for August 2nd – although the Insider build looks like it may have just stabilized on 1607 this week.

Starting with Adobe, they have released two bulletins. The first was preannounced last week as APSB16-26, which is a Priority 1 update resolving 30 vulnerabilities. As a reminder, the last Acrobat\Reader update was in May, which was also a priority two with 82 vulnerabilities resolved.

Flash player also has an update this month. APSB16-25 is a Priority 1 update resolving 52 vulnerabilities, the worst of which would allow an attacker to take full control of the affected system. If you recall last month, Adobe announced a ‘Zero Day’ on June’s Patch Tuesday, but released APSB16-18 on June 16th, along with 35 other CVEs. With that said, if you have not updated Flash Player in a while, you’ll want to put extra emphasis on updating this month ASAP.

Oracle’s Quarterly Critical Patch Update will be coming down the pipeline later this month, and is scheduled for next Tuesday, July 19th.  Be on the lookout for a Critical Java release and plan to include it in your monthly patch maintenance.

Microsoft’s release this month includes six critical updates and five important ones. This month, Microsoft is reporting two public disclosures and is resolving 41 distinct vulnerabilities.

First, let’s talk browser updates: MS16-084 for Internet Explorer is rated critical and fixes 15 vulnerabilities. MS16-085 for Edge is also rated critical and fixes 13 vulnerabilities. Both updates include vulnerabilities that are user targeted, meaning an attacker would be able to exploit a user through specially crafted content. These updates also include several vulnerabilities that can be mitigated by proper privilege management, meaning, if a user who clicks on the specially crafted content is a full admin, the attacker will have full control over the target system.

MS16-086 is a cumulative update for Jscript and VBscript. The bulletin is rated critical and resolves vulnerabilities that are user targeted and mitigated by proper privilege management. This is a continuation of a bulletin chain dating all the way back to MS10-022 and released in April 2010.  The replacement chain is nine deep, and back in December 2015, Microsoft changed the title from “Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution” to “Cumulative Security Update for JScript and VBScript to Address Remote Code Execution.”  The last three in the chain appeared in consecutive Patch Tuesdays from May to July 2016.  It seems a cumulative Jscript\VBScript update may be a fairly regular addition to Patch Tuesdays, so keep an eye out for that.

MS18-087 addresses two vulnerabilities in Windows Print Spooler that could allow for Remote Code Execution and Elevation of Privilege attacks, if the attacker is able to perform a man-in-the-middle attack on either a workstation or print server, or by setting up a rogue print server on a target network.

MS16-088 addresses seven vulnerabilities in Microsoft Office and SharePoint. This update is also rated critical and includes vulnerabilities that are user targeted, and some that can be mitigated by proper Privilege Management. The vulnerabilities could allow Remote Code Execution if a user opens a specially crafted office document. An attack could come in the form of an email attachment or through hosted web content. On SharePoint, the vulnerabilities appear to only allow for Information Disclosure by documentation, provided by Microsoft, and the rating drops to important for SharePoint and Web Apps components. Thus, the urgency is lessened somewhat for those products.

MS16-093 is the last of Microsoft’s critical bulletins this month. This is the Flash Plug-in for IE update. It resolves the 52 vulnerabilities included in APSB16-25, and should be a high priority this month, along with the other Microsoft critical updates.

In addition to the critical updates, there are two important updates this month that warrant special mention. MS16-092 and MS16-094 both include Public Disclosures, meaning they have a vulnerability included that has already leaked enough information to the public to allow an attacker to gain a head start on developing an exploit. As a result, this puts these vulnerabilities at higher risk of being exploited.

MS16-092 (CVE-2016-3272) is an important update in the Windows Kernel on 8.1, and later editions, that could allow a Security Feature Bypass. Likewise, MS16-094 (CVE-2016-3287) is a vulnerability in Secure Boot on the same platforms that could allow for Security Feature Bypass. In both cases, an attacker would need to either use an additional exploit (MS16-092) or have full administrative privileges or physical access to the system (MS16-094), making these two bulletins tougher nuts to crack.

This wraps up our early analysis of the July Patch Tuesday Bulletins.  For more detail join us tomorrow for our regular Patch Tuesday webinar.

 

 

Windows 10 branch upgrades and Shavlik Protect 9.2 Update 3 available!

win10 It has been a busy week here with the 4th of July holiday and a couple of content and product releases.

On Tuesday we released a content update which added support for pushing Windows 10 1511 to Windows 10 1507 systems.  Shavlik Protect 9.2 now supports branch upgrades! For instructions on how to upgrade Window 10 systems to branch 1511, please see our community post.

With the Windows 10 Anniversary update coming on August 2nd, those Windows 10 systems running the original 1507 branch will start their countdown to end of support for updates.  Microsoft has stated a 4 month grace period once a new branch releases before the N-2 branch stops receiving updates.

The recommended approach to supporting these branch upgrades is to keep a pilot group moving ahead to the new branch soon after it releases.  Those systems on the previous Current Branch for Business (in this case 1507) should start migrating to the new CBB (1511).  The 1608 (Anniversary update) branch will become the new Current Branch and you will have around 8 to 10 months to evaluate this within your pilot group before the next branch update releases.

On Thursday this week we released Update 3 for Shavlik Protect 9.2.  This update includes several customer reported bug fixes.  For more details or to download the latest installer visit our downloads page.

More than half of our customer base has already moved to Protect 9.2 and are taking advantage of the great new features and speed of Protect 9.2.  For those customers still on 9.1 or 9.0 please keep in mind that these versions will reach end of service this year.  Protect 9.0 is ending service as it was scheduled to do, but Protect 9.1 is being moved forward because of SHA 1 end of life.  Protect 9.2 supports SHA 256 and after upgrading will migrate the Protect Console and Agent certificates over to SHA 256.  For more details please see our product life-cycle policy here.

  • Shavlik Protect 9.0 will reach end of service on 2016/10/19.
  • Shavlik Protect 9.1 will reach end of service on 2016/12/31.
  • Shavlik Protect Threat Protection in Advanced and AV Add-On editions will also reach end of service on 2016/12/31.