January Patch Tuesday 2017

Patch Tuesday January 2017 Infographic
January 2017 Patch Tuesday has ushered in a new year of Patch Tuesdays with a manageable number of updates.

Adobe has released update APSB17-01 for Acrobat and Reader, keeping in line with the pattern of releasing an update every two to three months. This update includes 29 vulnerabilities, most of which allow for remote code execution. You will want to make sure this update is applied in a timely manner.

As expected, there is a Flash Player update. As always, when there is a Flash Player update, you need to make sure to update all instances of Flash on systems, meaning Flash plug-ins for IE, Chrome and Firefox as well. Some of these will auto update; others may take some prodding before they will update. This is why having a solution that can scan for all four variations is critical to make sure you have plugged all the vulnerabilities in your environment.

Microsoft has released a total of four bulletins, two of which are critical and publicaly disclosed. Microsoft is resolving 15 unique vulnerabilities this month, 12 of which come from the Adobe Flash update. It’s interesting to note that there is no rollup for Windows 8.1 or Server 2012 this month.

Other than Microsoft and Adobe, there are a few other updates available if you are using Foxit Reader, Skype, etc. Although there several of the Microsoft vulnerabilities have been publicaly disclosed, none of the them have been exploited and there are no zero days.

This could be the calm before the storm. We have not seen this light of a Patch Tuesday since January of 2014. Next month you should expect some adjustments and a heavier Patch Tuesday drop as Microsoft changes methodologies.

This is the last Patch Tuesday that Microsoft will be using security bulletins. After January 10, Microsoft will no longer be publishing traditional security bulletins as individual webpages, but instead will only be publishing security update information to the new Security Update Guide. I’m sure there are many questions about what this means and how it will affect everyone so, if you have not already seen the FAQ put together by Microsoft, I have provided a link here.

As always, we will be running our monthly Patch Tuesday webinar where we will go deeper into the bulletins released and recommendations to prioritize what updates need to be put in place sooner than others. Make sure to sign up for the January Patch Tuesday webinar to catch playbacks of previous months and get access to our infographics and presentations to give you the information you need going into your monthly maintenance.

January 2017 Patch Tuesday Forecast – Shavlik

Patch_Forecast01

Goodbye 2016; Hello 2017!

We have survived another year and what a year that was.

As we start off 2017, I am sure most of you have already heard about the joining of forces between LANDESK and Heat Software to further the expertise stronghold on security and patching. This marrying of the minds comes just in time for those who have not yet picked a new year’s resolution.  Now is the time to make a resolution to increase the health of your security posture and patch your systems regularly.

Even though there are no known zero days or hints of nasty exploits on the horizon, we all know that it is just a matter of time before someone will find something to hack and expose potential vulnerabilities. So, with that in mind, let’s start the year off with good habits and make sure we are following the steps to better Security Hygiene now that the holiday fun and distractions are behind us.

Steps to Better Security Hygiene

  • Make sure you have sanitized incoming email with junk mail and phishing filters. Remember that user targeted vulnerability is where some of the highest risk lies.
  • Make sure you have sanitized the machines and devices of users who have come into contact with public WiFi while traveling in and out of the office and private secured networks. Since users will likely browse the internet, open email with attachments, and in general be exposed to potential attack vectors daily, it is important to sanitize their machines with good signature, non-signature, and behavioral threat assessments.  Remember that signature based threat assessment alone is not enough anymore.
  • Make sure your systems are frequently patched, both the OS and software, and make use of least privilege rules and proper application control. Remember that preventative security measures can mitigate or eliminate 85% of the threats in today’s market.

Honorable Mentions

Chrome announced at the end of 2016 that beginning in the new year they will be identifying web pages as “Not Secure” if the page includes login or credit card fields AND the page is not served using HTTPS. For additional information on this announcement, see the following article posted on zdnet.com.

http://www.zdnet.com/article/chrome-will-begin-marking-http-pages-as-non-secure/

Your Patch Tuesday Forecast

Based on the trends we saw in 2016, the January 2017 Patch Tuesday will likely include updates for the following:

From Microsoft we are likely looking at around 1-4 installable packages:

  • OS and IE will definitely have multiple updates, but they will come in a single installable package under the new servicing model. Vista would be the only exception to this change as it still receives individual bulletin updates.
  • Office is likely since there were updates consistently pretty much every month in 2016.

From Adobe you can expect 1-3 updates:

  • Adobe typically tries to release Flash Player on Patch Tuesday and has done so pretty consistently all of 2016, so expect that update.
  • Adobe Reader and Acrobat both released an update back in October of 2016 and have been pretty consistently having an update every 2-3 months this year. Those two are a high possibility this month since they did not release last month.

From Chrome you may have 1 update this month:

  • Chrome released a beta version after last Patch Tuesday making it likely there could be an update on or around Patch Tuesday this month.

Total Update Accumulation 3-8 updates for Patch Tuesday next week.

As always, catch our Patch Tuesday blog and commentary next Tuesday and sign up for our Patch Tuesday Webinar next Wednesday, January 11th as we delve deeper into the bulletins and vulnerabilities resolved on Patch Tuesday.

Updates for MAC including recent Zero Day – Are you caught up?

updates for macOS Sierra

It’s December; let’s not forget about the MAC community and the recent updates available for the MAC OS.

Since the release of macOS Sierra 10.12.1, Security Update 2016-002 El Capitan, and Security Update 2016-006 Yosemite on the 24th of October 2016, there have been a number of updates to both Apple and 3rd-party products.

Here are some highlights to consider and possible updates you may want to verify you have.

November 30th – Zero Day Critical update CVE-2016-9079 for a use-after-free vulnerability in SVG Animation in Mozilla Firefox, Firefox ESR, and Thunderbird allowing attackers to execute arbitrary malicious code on a target machine.

Although there have only been documented active exploits on computers running Windows, the vulnerability is present in the Mac OS X version of the browser.

November 29th – Update CVE-2016-4780 for a null pointer de-reference issue in macOS Sierra 10.12 Thunderbolt allowing applications to execute arbitrary code with kernel privileges. This update includes improved input validation.

November 27th – 2 Updates for macOS Sierra 10.12:

  • AppleMobileFileIntegrity had a validation issue where a signed executable could substitute code with the same team ID. Update CVE-2016-7584 added additional validation.

  • FontParser had a buffer overflow in the handling of font files where a maliciously crafted font file could lead to arbitrary code execution. Update CVE-2016-4688 added improved bounds checking.

November 14th – Update CVE-2016-7580 for an issue in macOS Sierra 10.12 Mail where a malicious website could cause a denial of service. This update includes improved URL handling.

November 8th – Critical update APSB16-37 for Adobe Flash Player.  This update contains 9 different CVEs to address a vulnerability that could allow malicious native code to execute without a user being aware.

 

Shavlik Protect 9.2 Update 2

The Shavlik Team is happy to announce the release of Shavlik Protect 9.2 Update 2. This update provides support for installing the Shavlik Protect Console on Windows 10. It also provides 13 bug fixes for known issues that customers have encountered since Update 1. The install is available now on our downloads page. It will install right over the top of Protect 9.2 Gold or Update 1. You can also upgrade directly to 9.2 Update 2 from Protect 9.0 or 9.1.

For customers still running on Shavlik Protect 9.0 or 9.1, this is a good time to look at upgrading. We will be ending support for all versions pre-9.2 by the end of 2016, due to the end of support for SHA1 certificates. Shavlik Protect 9.2 supports SHA 256 and will automatically convert the current SHA 1 console and agent certificates after you upgrade, making for a very seamless transition to a more secure mode of communication. Please review our product life-cycle policy for more details regarding the end of life date for specific versions.

logo_shavlik

Shavlik’s 12 Beers of Christmas 2015 Edition

12-Beers-of-Xmas

Happy holiday’s everyone! Last year, we did our first 12 Beers of Christmas blog post where the team gave some recommendations of their favorite beers. This is a tradition that actually started from an eight-year practice of doing a beer exchange in our office instead of cookies or Secret Santa. So for all you beer fans out there, here is the 2015 edition of the Shavlik 12 Beers of Christmas. Enjoy!

Randy, Manager, Software Engineering
Mark, Software Engineer
Beer recommendation: Surly Todd – The Axe Man
Style: IPA
ABV: 7.2%
IBU: 100
Description: Todd – The Axe Man is a recipe created by Amager Bryghus in Denmark. The recipe was created for Todd Haug of Surly Brewing. A potent IPA loaded with fresh American aroma hops on a base of rich Golden Promise malt, Surly’s signature malt. Randy says that if you like IPAs, this one is a no brainer. Mark finds it a perfect substitute for Pliny the Elder, which is hard to come by in Minnesota.

So Todd – The Axe Man quickly became an office wide favorite, but since this is supposed to be the “12 beers of Christmas” and not the “1 beer that 12 people liked this Christmas”, I have asked the rest of the team to go down to their next picks.

Matt, Software Engineer
Beer recommendation: Toppling Goliath Pseudo Sue
Style: American Pale Ale
ABV: 7%
IBU: 50
Description: Due to the lack of availability of Pliny, and the rise in popularity of Todd – The Axe Man and by such its growing lack of availability, Matt finds Pseudo Sue the next best thing. This single hop ale showcases the Citra hop. Named for the largest T-rex fossil ever discovered, she roars with ferocious aromas of grapefruit, citrus, mango and evergreen. Delicate in body with a mild bite in the finish.

Brent, Software Engineer
Beer recommendation: Greenbush Unicorn Killer (He would have picked Todd, but Randy and Mark had already beat him to it.)
Style: Spice Beer\Pumpkin Ale
ABV: 7.4%
Description: While Brent is not normally a fan of spice beer, hey says this one is perfectly balanced. Notes of caramel, bread, cinnamon, and clove make this heavier version of the seasonal pumpkin ale a good one.

Travis, Product Support Engineer
Beer recommendation: McMenamins Hammerhead Ale
Style: American Pale Ale
ABV: 6%
Description: Travis is part of our support org out of Salt Lake City. This rich chestnut colored gem is a model of harmony between hops and malted barley. Hammerhead’s signature Cascade hop nose and intense hopped flavor blend nicely with the caramel tones from the crystal malt.

Geoffrey, Technical Support Engineer
Beer recommendation: Wasatch Brewing Ghostrider
Style: White IPA
ABV: 6%
Description: Also with our Salt Lake City team, Geoffrey recommends this as a “gateway” to the wide world of IPAs.  It is smooth and flavorful and light and perfect for any meal pairing. Plus, it goes to show that Utahn’s can make good beer. In the three years I have been with LANDESK, I have seen quite a change in SLC. The beer scene has improved greatly and Wasatch is one of the big contributors to that improvement.

Brian, QA Engineer
Beer recommendation: Dogfish Head 120 Minute IPA (not to be confused with 120 Minute Pineapple)
Style: Imperial IPA
ABV: 18%
IBU: 120 (That is a ton of hops)
Description: Now Brian is in QA, so that should be noted here. Quality Assurance is approving this beer. He says “it’s like getting voluntarily smacked in the face with a bag of hops.” Too extreme to be called beer? Brewed to a colossal 45°P, boiled for a full two hours while being continually hopped with high alpha American hops, dry-hopped every day in the fermenter for a month, and aged for a month on whole leaf hops, 120 Minute IPA is by far the strongest IPA ever brewed. And at 21% ABV and 120 IBU’s, you can see why we are calling this the Holy Grail for Hopheads.

Nick, Software Engineer
Beer recommendation: Hacker-Pschorr Oktoberfest Märzen
Style: Oktoberfest/ Märzen
ABV: 5.8%
Description: This is a decedent of the original Märzen style beer. Bavarian barley slow roasted, caramelized to a rich, red amber color combined with the purest spring waters from the Alps, exclusive yeast and the finest Hallertau hops.

Neil, Territory Sales Manager
Beer recommendation: Andechser Bergbock Hell
Style: Heller Bock
ABV: 7%
Description: From one of our Sales reps across the pond.  He says this was a staple when he lived in Germany.  He also recommends the Dunkel from Andechser.  Aromatic and mild.

Tyler, Software Engineer
Beer recommendation: New Glarus Scream
Style: Imperial IPA
ABV: 9%
IBU: 85
Description: Scream boasts an inspired 85 IBUs that reverberate cleanly though this IIPA. New Glarus Brewery grown estate hops join other Wisconsin grown hops to dominate this brew from Kettle Boil to Dry Hopping. You hold a deceptively seductive Original Gravity of 20.9 degrees Plato following the always 100% naturally bottle conditioned fermentation. Luscious Wisconsin grown and malted barley along with English Maris Otter malt is the bold heart of this lustful sensory enchantment. Surrender is inevitable so enjoy today.

Ben, Territory Sales Representative
Beer recommendation: Heritage American Expedition
Style: Wheat Ale
ABV: 4.5%
IBU: 10
Description: a light bodied American wheat ale. Bathed in farmers honey and spiced with ginger, it will give any traveler the fortitude and perseverance to carry on.

Bob, Channel Account Manager
Beer recommendation: Southern Tier 2xStout
Style: Sweet Stout
ABV: 7.5%
Description: Double Milk Stout
“2 varieties of hops & 3 types of malts”
Milk stout, also called ‘cream’ or ‘sweet’ stout, is a stout containing lactose, a sugar derived from milk. Because lactose is unfermentable by beer yeast, it adds sweetness and body to the finished beer. Milk stouts have been claimed to be nutritious, and were marketed as such in the early 1900s with claims that would make the FDA wince. One ad read, “Ideal for nursing mothers, for the healthy, for the invalid, and for the worker.” Surely! Of course, we couldn’t stop at a traditional milk stout. Ours is a double, an addition to our 2X line, and at 7.5% abv is every bit as delicious as it sounds. To your health!

Byron, Systems Administrator
Beer recommendation: Left Hand Milk Stout Nitro
Style: Sweet Stout
ABV: 6%
Description: This English style of beer, also known as Sweet Stout or Cream Stout, first appeared in London in the late 1800’s. The early brewers touted the health benefits of the milk sugar in this beer which today relates mainly to the increased amount of calories (no real health benefits…sorry). The milk sugar adds a well-rounded sweetness to this dark beer and makes it an outstanding, year ‘round stout.

And because I don’t want to be left out you get a bonus 13th Beer of Christmas!

Chris, Product Manager
Beer recommendation: Samuel Smiths Yorkshire Stingo
Style: English Strong Ale
ABV: 8%
Description: I found this in London at a pub called the Chandos.  Since then I found this is distributed in the US which is AWESOME! Bottle conditioned only. Some of the oak casks at Samuel Smith’s date back more than a century with the individual oak staves being replaced by the Old Brewery coopers over the years. Gradually the casks soak in more & more of the character of the ale fermented in stone Yorkshire squares. Yorkshire Stingo is aged for at least a year, matured in these well-used oak casks in the brewery’s underground cellars deriving fruit, raisin, treacle toffee, Christmas pudding and slight oaky flavors, before being further naturally conditioned in bottle.

Whatever holiday you may be celebrating, may it be filled with joy, family, great food, and great beer.

From all of us at Shavlik, have a happy holiday season!

Federal agencies, cybersecurity, and an order from the White House to step up their game

168799504

Dateline 2015:

Scary stuff, right? Unfortunately, this should all sound very familiar as there has been a steady stream of headlines around the rising concerns of securing U.S. federal agencies from cyber attack.

I recently had a conversation with Ben Tacheny, the U.S. Federal Territory Sales Representative here at Shavlik. Needless to say, Ben has been very busy as of late. He had a lot of really good insights and guidance that I wanted to share.

Q: Ben, what kinds of security problems are federal government agencies facing today?

Happy National Beer Day!

For those of you who are followers of our team, you know that we here at Shavlik enjoy a good beer. Today we are going to go off topic and focus on National Beer Day. I have been working on a house project that is nearly complete, but didn’t make it in time for National Beer Day. I am changing over from bottling my own home brew to kegging. I have almost everything ready. Even got the first beer I plan to keg already started (Belgian Tripel). The kegerator itself is, unfortunately, on back order until end of April. **Sigh**

Kegerator

September Patch Tuesday Round-Up

ShavlikSecurityThis month may have been a light release from Microsoft, but there was still plenty of updates to deploy. Microsoft released four security updates, one of which was critical, resolving 42 vulnerabilities. On the Non-Microsoft front, there were releases from Adobe and Google to take note of. Adobe Flash had a patch Tuesday release resulting in an IE advisory and a Google Chrome release to update the Flash plug-in. The Flash update resolved 12 vulnerabilities. There was no security updates for Office this month, but there were 18 non-security updates. One of those has run into some issues and had to be pulled. Here is a priority breakdown for security updates this month and details on known issues:

Shavlik Priority 1 Updates (Priority 1 updates should be applied as soon as possible):

  • MS14-052: Cumulative Security Update for Internet Explorer (2977629) – This update is rated as critical by Microsoft. It resolves 37 vulnerabilities which could allow for remote code execution. The updates are all relating to memory corruption issues. One of the vulnerabilities resolved (CVE-2013-7331) has been exploited in targeted attacks in the wild. There are a large number of vulnerabilities and one publicly exploited making this a high priority for update.
  • APSB14-21: Security updates available for Adobe Flash Player – This update is rated as a Priority 1 by Adobe. The update resolves 12 vulnerabilities which have a variety of impacts including memory corruptionbypass memory randomization, code execution, bypass same origin policy, and security feature bypass.
  • MSAF-029: Microsoft Security Advisory: update for vulnerabilities in Adobe Flash in Internet Explorer – This update allows Internet Explorer to support the latest Adobe Flash release which resolves 12 vulnerabilities and is rated as a Priority 1 by Adobe.
  • CHROME-111: Chrome 37.0.2062.120 – Resolves four vulnerabilities including one high priority vulnerability. The update also includes support for the latest Adobe Flash plug-in which puts it up in the priority list for this month.

Shavlik Priority 2 Updates (Priority 2 updates should be tested and rolled out in a reasonable time frame, typically within 10-30 days of release):

  • MS14-053: Vulnerability in .Net Framework could allow Denial of Service – This update resolves one privately reported vulnerability which could lead to a DoS, but by default an install of .Net will not be vulnerable to this vulnerability. The flaw is exposed if ASP.NET is installed and registered with an IIS server. This would require customer to install ASP.NET manually.
  • MS14-054: Vulnerability in Windows Task Scheduler could allow for elevation of privilege – This update resolves one privately reported vulnerability in Microsoft Windows which could allow for elevation of privilege. The attacker must, however, have a valid logon credential and be able to log on locally to exploit this vulnerability.
  • MS14-055: Vulnerabilities in Microsoft Lync Server could allow Denial of Service – This update resolves three privately reported vulnerabilities in Microsoft Lync Server. The attacker must send a specially crafted request to the Lync Server to exploit this vulnerability.

Watch List:

  • Adobe delayed release of APSB14-20 – The update will be a Priority 1 from Adobe as it resolves several critical vulnerabilities. The release was delayed to the week of September 15, meaning it will drop any day now. Once it does, you can expect to bump this up to the Priority list for rolling out this month.
  • Office non-security patch pulled by Microsoft – Microsoft did not release any security updates for Office this month, but 18 non-security updates have released.  An issue was discovered with KB2889866, an update for OneDrive, which would cause syncing to another users library to fail and moving of links etc, to no longer be picked up by sync.

For access to Shavlik’s Patch Tuesday webinar or presentation you can go to our webinars page and check out the ‘Recent Webinars’ section and click view. You can also sign up for the October Patch Tuesday webinar where we will discuss the Patch Tuesday release for all of the critical apps that affect you.

Patch Tuesday Advanced Notification September 2014

PatchWithoutBorderSo far we have four bulletins announced for September 2014, one Critical and three Important. Back in August Microsoft put a hard deadline on implementing the Update 1 (KB2919355) for Windows 8.1 and Server 2012 R2, making it so users need to install Update 1 in order to keep their systems updated.

The first patch Microsoft will be rolling out is for Internet Explorer and is Critical. For the past few months we have seen large numbers of vulnerabilities primarily around memory corruption and memory leaks being resolved in IE. It’s likely we are going to see a continuation of that trend that started back in June, but it’s probably going to be a fairly clean month for IE.

Of the three Important updates, there are two vulnerabilities that could result in a denial of service attack and one that could result in an elevation of privileges. These bulletins affect .Net Framework, the Windows Operating System and Lync Server. The .Net update is going to be the most important thing here and IT managers should make sure they are testing it adequately before rolling it out.

On the third party front, we are expecting an update from Opera any time now. They have updated their change log, but the new version (24) has not yet been made available on their downloads.

For Adobe we anticipate an update for Flash to be quite likely this month. So far in 2014 there has only been one patch Tuesday without a Flash update and that month there were two updates outside of patch Tuesday, one of which was a Zero Day. If there is a Flash release, you can expect a Microsoft Advisory update for IE to update the Flash plug-in and most likely a Google Chrome update to support the plug-in as well.

Microsoft Security Bulletins:

  • 1 bulletin is rated as Critical.
  • 3 bulletins are rated as Important

Vulnerability Impact:

  • 1 bulletin addresses vulnerabilities which could allow Remote Code Execution.
  • 2 bulletins address vulnerabilities which could result in a Denial of Service.
  • 1 bulletin addresses vulnerabilities which could allow Elevation of Privileges.

Affected Products:

  • All supported Windows Operating Systems.
  • All supported Internet Explorer versions.
  • .Net Framework.
  • Lync Server.

Join us as we review the Microsoft and third-party releases for September Patch Tuesday in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, September 10th at 11 a.m. CDT.  We will also discuss other product and patch releases since the August Patch Tuesday.

You can register for the Patch Tuesday webinar here.

Thank You for Joining Shavlik at VMworld 2014

 

ShavlikBoothVMworld2014

Last week I was in San Francisco for VMworld 2014.  We had a great week and a lot of traffic in our booth.  We had over 1500 people stop by the booth between Sunday and Wednesday.  We crammed crowds of VMworlders into the booth for live demonstrations of Shavlik Protect 9.1 (Ryan from our SE team lining up another crowd for a demo and Becky loading up more snap bracelets to give away).  We slapped a couple thousand blue Shavlik snap bracelets (which are also a stylus) on the people who stopped by and a few drive by’s who didn’t stop to talk.

KateVMworld2014

We also had hundreds of Shavlik users stop by the booth as well.  I think I met a couple dozen long time users who remember HFNetChk.  That dated them pretty much all the way back to the beginning of Shavlik and the original command line assessment tool based on the original MBSA.  It was great talking with you all and hearing the things you liked and those things you would like to see improve in the product.  Keep that feedback coming as that is how we ensure the product does what you want.

Make sure to catch us in April at RSA.  If you do you can join us for snap bracelet target practice. Below is Kate from our Field Marketing team loading up with snap bracelets between demos.