Happy National Beer Day!

For those of you who are followers of our team, you know that we here at Shavlik enjoy a good beer. Today we are going to go off topic and focus on National Beer Day. I have been working on a house project that is nearly complete, but didn’t make it in time for National Beer Day. I am changing over from bottling my own home brew to kegging. I have almost everything ready. Even got the first beer I plan to keg already started (Belgian Tripel). The kegerator itself is, unfortunately, on back order until end of April. **Sigh**

Kegerator

September Patch Tuesday Round-Up

ShavlikSecurityThis month may have been a light release from Microsoft, but there was still plenty of updates to deploy. Microsoft released four security updates, one of which was critical, resolving 42 vulnerabilities. On the Non-Microsoft front, there were releases from Adobe and Google to take note of. Adobe Flash had a patch Tuesday release resulting in an IE advisory and a Google Chrome release to update the Flash plug-in. The Flash update resolved 12 vulnerabilities. There was no security updates for Office this month, but there were 18 non-security updates. One of those has run into some issues and had to be pulled. Here is a priority breakdown for security updates this month and details on known issues:

Shavlik Priority 1 Updates (Priority 1 updates should be applied as soon as possible):

  • MS14-052: Cumulative Security Update for Internet Explorer (2977629) – This update is rated as critical by Microsoft. It resolves 37 vulnerabilities which could allow for remote code execution. The updates are all relating to memory corruption issues. One of the vulnerabilities resolved (CVE-2013-7331) has been exploited in targeted attacks in the wild. There are a large number of vulnerabilities and one publicly exploited making this a high priority for update.
  • APSB14-21: Security updates available for Adobe Flash Player – This update is rated as a Priority 1 by Adobe. The update resolves 12 vulnerabilities which have a variety of impacts including memory corruptionbypass memory randomization, code execution, bypass same origin policy, and security feature bypass.
  • MSAF-029: Microsoft Security Advisory: update for vulnerabilities in Adobe Flash in Internet Explorer – This update allows Internet Explorer to support the latest Adobe Flash release which resolves 12 vulnerabilities and is rated as a Priority 1 by Adobe.
  • CHROME-111: Chrome 37.0.2062.120 – Resolves four vulnerabilities including one high priority vulnerability. The update also includes support for the latest Adobe Flash plug-in which puts it up in the priority list for this month.

Shavlik Priority 2 Updates (Priority 2 updates should be tested and rolled out in a reasonable time frame, typically within 10-30 days of release):

  • MS14-053: Vulnerability in .Net Framework could allow Denial of Service – This update resolves one privately reported vulnerability which could lead to a DoS, but by default an install of .Net will not be vulnerable to this vulnerability. The flaw is exposed if ASP.NET is installed and registered with an IIS server. This would require customer to install ASP.NET manually.
  • MS14-054: Vulnerability in Windows Task Scheduler could allow for elevation of privilege – This update resolves one privately reported vulnerability in Microsoft Windows which could allow for elevation of privilege. The attacker must, however, have a valid logon credential and be able to log on locally to exploit this vulnerability.
  • MS14-055: Vulnerabilities in Microsoft Lync Server could allow Denial of Service – This update resolves three privately reported vulnerabilities in Microsoft Lync Server. The attacker must send a specially crafted request to the Lync Server to exploit this vulnerability.

Watch List:

  • Adobe delayed release of APSB14-20 – The update will be a Priority 1 from Adobe as it resolves several critical vulnerabilities. The release was delayed to the week of September 15, meaning it will drop any day now. Once it does, you can expect to bump this up to the Priority list for rolling out this month.
  • Office non-security patch pulled by Microsoft – Microsoft did not release any security updates for Office this month, but 18 non-security updates have released.  An issue was discovered with KB2889866, an update for OneDrive, which would cause syncing to another users library to fail and moving of links etc, to no longer be picked up by sync.

For access to Shavlik’s Patch Tuesday webinar or presentation you can go to our webinars page and check out the ‘Recent Webinars’ section and click view. You can also sign up for the October Patch Tuesday webinar where we will discuss the Patch Tuesday release for all of the critical apps that affect you.

Patch Tuesday Advanced Notification September 2014

PatchWithoutBorderSo far we have four bulletins announced for September 2014, one Critical and three Important. Back in August Microsoft put a hard deadline on implementing the Update 1 (KB2919355) for Windows 8.1 and Server 2012 R2, making it so users need to install Update 1 in order to keep their systems updated.

The first patch Microsoft will be rolling out is for Internet Explorer and is Critical. For the past few months we have seen large numbers of vulnerabilities primarily around memory corruption and memory leaks being resolved in IE. It’s likely we are going to see a continuation of that trend that started back in June, but it’s probably going to be a fairly clean month for IE.

Of the three Important updates, there are two vulnerabilities that could result in a denial of service attack and one that could result in an elevation of privileges. These bulletins affect .Net Framework, the Windows Operating System and Lync Server. The .Net update is going to be the most important thing here and IT managers should make sure they are testing it adequately before rolling it out.

On the third party front, we are expecting an update from Opera any time now. They have updated their change log, but the new version (24) has not yet been made available on their downloads.

For Adobe we anticipate an update for Flash to be quite likely this month. So far in 2014 there has only been one patch Tuesday without a Flash update and that month there were two updates outside of patch Tuesday, one of which was a Zero Day. If there is a Flash release, you can expect a Microsoft Advisory update for IE to update the Flash plug-in and most likely a Google Chrome update to support the plug-in as well.

Microsoft Security Bulletins:

  • 1 bulletin is rated as Critical.
  • 3 bulletins are rated as Important

Vulnerability Impact:

  • 1 bulletin addresses vulnerabilities which could allow Remote Code Execution.
  • 2 bulletins address vulnerabilities which could result in a Denial of Service.
  • 1 bulletin addresses vulnerabilities which could allow Elevation of Privileges.

Affected Products:

  • All supported Windows Operating Systems.
  • All supported Internet Explorer versions.
  • .Net Framework.
  • Lync Server.

Join us as we review the Microsoft and third-party releases for September Patch Tuesday in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, September 10th at 11 a.m. CDT.  We will also discuss other product and patch releases since the August Patch Tuesday.

You can register for the Patch Tuesday webinar here.

Thank You for Joining Shavlik at VMworld 2014

 

ShavlikBoothVMworld2014

Last week I was in San Francisco for VMworld 2014.  We had a great week and a lot of traffic in our booth.  We had over 1500 people stop by the booth between Sunday and Wednesday.  We crammed crowds of VMworlders into the booth for live demonstrations of Shavlik Protect 9.1 (Ryan from our SE team lining up another crowd for a demo and Becky loading up more snap bracelets to give away).  We slapped a couple thousand blue Shavlik snap bracelets (which are also a stylus) on the people who stopped by and a few drive by’s who didn’t stop to talk.

KateVMworld2014

We also had hundreds of Shavlik users stop by the booth as well.  I think I met a couple dozen long time users who remember HFNetChk.  That dated them pretty much all the way back to the beginning of Shavlik and the original command line assessment tool based on the original MBSA.  It was great talking with you all and hearing the things you liked and those things you would like to see improve in the product.  Keep that feedback coming as that is how we ensure the product does what you want.

Make sure to catch us in April at RSA.  If you do you can join us for snap bracelet target practice. Below is Kate from our Field Marketing team loading up with snap bracelets between demos.

MS14-045 re-released today and everyone wants to know if they need to uninstall the previous version

Microsoft re-released MS14-045, which was causing blue screens for some customers. Our content team did release an out-of-band content update to add the new version of MS14-045. It was released as a new KB (2993651). The Microsoft bulletin has answers to many common questions in the Update FAQ, but the one question most people are asking me is do they have to uninstall the previous one if it is not blue screening systems. Microsoft states in the FAQ that the patch will install over the top of the previous version, but they are recommending uninstall even if you are not having issues.

For that reason, Shavlik Protect will still show the original KB if you have already installed the original. The new version replaces the previous one, so if you have not installed it you would not see the original by default. We kept the original in product but marked it as non-deployable so customers who had not already installed would not accidentally do so. This also removed the ability to uninstall if you had already deployed the original update. Our support team has created a set of custom actions to remove the original patch. You can view that KB here.

 

 

Blue Screen (Stop 0x50) after applying update KB2982791 to Windows 7

BSOD

Reports have started popping up regarding a Blue Screen of Death (BSOD) after applying MS14-045 to Windows 7 systems. If you are seeing issues please go to this Microsoft forum post and let them know. Microsoft MVP Susan Bradley and others have started a support case with Microsoft and are asking for anyone else who sees these issues to let them know so they can collect all possible information in one place and help Microsoft quickly find and resolve this issue.

All is not doom and gloom, however. Many reports for members of PatchManagement.org (mailing list focused on patch management issues), have reported successful deployment of these updates. The Shavlik Content Team did not encounter the BSOD during our Patch Tuesday testing. LANDESK and Shavlik employees have not reported issues either. I personally deployed 11 updates including MS14-045 (KB2976897 and KB2982791) to my own Windows 7 x64 system on Wednesday morning without issue. So, while this is not an epidemic affecting all deployments of the Kernal-Mode Driver patch, it should prompt Admins to take a little extra time to test if possible.

 

 

July Patch Day Round-Up

PatchWithoutBorderOracle has released their quarterly Critical Patch Update.  There is a long list of products with updates coming and at the top of that list from a severity standpoint is Java.  With a CVSS base score of 10.0 on some of the vulnerabilities, the 20 new security fixes for Java SE are definitely in need of some immediate attention.  All 20 of the vulnerabilities in Java could be remotely exploited without authentication.  This means exploitable over a network without the need for a username and password.

Oracle Database server may only have 5 vulnerabilities being resolved, but one or more of those have a CVSS base score of 9.0.  Several other products like Fusion, Virtualization, and Retail Applications have CVSS base scores of 7.5 and the rest start to fall steadily from there, but one fairly common theme is the remotely executable without the need for authentication.  Companies running a lot of Oracle software should take some time on Tuesday and review what solutions they have and where they are to see if immediate action is necessary.  Again, for Java, the urgency is going to be far greater.  If you don’t have a breaking dependency on a specific version it would be a good idea to roll out ASAP.

With Oracle’s CPU today Java should be added to the top of the priorities list this month.   Three updates in particular should be considered a top priority as you are conducting your monthly maintenance.  Flash Player, the IE Cumulative Update, and Oracle Java.  The July Patch Tuesday update to IE to resolve 23 memory corruption vulnerabilities, one of which was publicly disclosed, appears to be a continuation of the very large IE Cumulative update from June which had over 50 fixes to memory corruption vulnerabilities.  The Adobe Flash player update resolves three vulnerabilities that allow an attacker to bypass security features.  Adobe Flash has had critical release every month in 2014, and on Patch Tuesday for six of seven months.  It is looking to be a permanent fixture for IT Admins to prioritize each month.  If you haven’t been keeping it up to date, there is ample cause to do so.

Shavlik Technical Support from Start to Finish

We recently caught up with the Shavlik technical support team to learn more about its role in solving customer issues with Shavlik products and services. The Backline Support team, which includes Chase Norton, Adam Gindt, and Charles Winning, has built a strong support staff as well as a lively online community of Shavlik users, who help each other through peer-to-peer questions and use cases.

Q: Can you tell us more about how you help customers find the support they need?

Technically Speaking – The Shavlik Technical Sales Team

We recently caught up with the Shavlik technical sales team to learn more about its role in helping customers make better connections with the Shavlik products and services they are considering or are already using every day. The team, which includes John Rush, Clifton Slater, Ryan Worlten, and Guido Adriaansens, has the customer covered no matter where they are in the world. As you will see, this is a unique gathering of talent. The team even includes a former customer that believed so strongly in Shavlik that they came on board!

Q: Can you tell us more about how you help customers learn about Shavlik?

A: Sure, through our sales team we help customers connect with any learning they might need to help them make a decision about purchasing a product or even brushing up on things they may need to know to help them get the most out of Shavlik products.

Q: Do customers call you or are they put in touch with you?

A: We generally support the sales team. The sales team has a pretty good pulse on our customers. Our sales representatives talk to the customer and find out more about their pain points and what they need to learn. From that initial information we consult both sales team and the customer to recommend the best learning tools to address the issue.

Q: What types of tools do you have at your disposal?

A: The learning opportunities we help build for the client include just about anything the customer could need to help inform them in the sales decision. We walk customers through demonstrations, provide on-site demos, lunch and learn sessions, meet and greets, webinars and online product demos.

Q: What have you learned from your vantage point?

A: We have learned that patch is still puzzling for customers and this is really not a surprise. They are reading about security catastrophes every day and their organizations are working hard to put the right processes in place. They are being asked to do more with less and they face a multitude of moving parts like people leaving, changes within their organizations and a growing list of things to manage.

Q: Are there any common themes you are seeing?

A: We often see customers’ eyes opened to the seriousness of 3rd party patching threats and we are seeing a real growth in questions surrounding the patching of virtual machines.

Q: Any advice for customers?

A: Become a student of security. Don’t just leave it as a task to check off. Shavlik makes things easy so that you can keep up on the latest things you need to learn.

Q: Tell us a little about yourselves:

Meet Guido Adriaansens:

Guido Adriaansens, Systems Engineer

Guido Adriaansens, Systems Engineer

Guido is a Systems Engineer for Shavlik products covering EMEA and located in Amsterdam, The Netherlands but can regularly be found in our UK based office. Apart from his (obvious) interest in IT, Guido enjoys sailing, playing squash, and coaching his daughter’s field hockey team.

 

 

 

Meet Clifton Slater:

Clifton Slater

Clifton Slater, Sales Engineer

Clifton is a Sales Engineer for Shavlik, specializing in the Shavlik suite of products, located in central New Jersey. Clifton is an avid reader of Sci-Fi and Fantasy and a die-hard Pittsburgh Steelers fan, (originally hailing from Pittsburgh).

 

 

 

Meet Ryan Worlton:

Ryan Worlton, Sales Engineer

Ryan Worlton, Sales Engineer

Ryan is a Sales Engineer for the Shavlik products, serving the Western region of the US. In his personal time, Ryan loves to be in the outdoors, this spring and summer he plans on spending about 30 days (and nights) in the Utah back country.

 

 

 

Meet John Rush:

John Rush, Systems Engineer

John Rush, Systems Engineer

John is a Systems Engineer at Shavlik located in St. Paul, Minnesota. John participated in a webinar covering SCCM, see it here.

April Patch Tuesday Advanced Notification

Microsoft announced their April 2013 advanced notification for Patch Tuesday.  The April edition of Patch Tuesday will be bringing nine security bulletins.

Security Bulletin Breakdown:

  • 2 bulletins are rated as Critical
  • 7 bulletins are rated as Important
  • 2 bulletins address vulnerabilities that could lead to Remote Code Execution
  • 5 bulletins address vulnerabilities that could lead to Elevation of Privilege
  • 1 bulletin addresses a vulnerability that could lead to Information Disclosure
  • 1 bulletin addresses a vulnerability that could lead to a Denial of Service attack

Affected Products:

  • All Internet Explorer versions
  • All supported Windows Operating Systems
  • InfoPath 2010 SP1
  • SharePoint Server 2010 SP1
  • Groove Server 2010 SP1
  • Office Web Apps 2010 SP1
  • SharePoint Foundation 2010 SP1
I will be going over the April Patch Tuesday patches in detail in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, April 10th at 11:00 a.m. CDT.  I will also be reviewing other non-Microsoft releases that have occurred since the March Patch Tuesday. You can register for the Patch Tuesday webcast here.
Regards,
Chris Goettl