wonderfully unique software solutions

Patch Tuesday targets zero-day vulnerabilities every month, warns Automox

Monthly ‘Patch Tuesday’ reports have recorded 11 months in a row of zero-day vulnerabilities, according to an update from patch management vendor Automox.

Peter Pflaster, blogging for Automox, said the monthly May patch update noted some 48 vulnerabilities, including two zero-day vulnerabilities for patching, marking 11 months of such vulnerabilities since June 2022.

“The first zero-day [vulnerability] is an important elevation of privilege weakness in Win32k, a core component of Windows operating systems that provides an interface for graphical user interface (GUI) functions at the kernel-level,” he wrote in the announcement, adding that Windows 10 and Windows Server versions 2008-2016 may be affected.

The second zero-day vulnerability, CVE-2023-24932, to be patched in May permits attackers with physical access to an endpoint or admin credentials to bypass Secure Boot. Updating Secure Boot is not straightforward and errors can result in unrecoverable media, warned Pflaster.

“We’ve built a Windows-Security-Mitigate Black Lotus Worklet for CVE-2023-24932,” he added — get the worklet by clicking through from the blog.

“We strongly recommend testing a subset of impacted devices and following any required change control processes prior to applying the script at scale in your organisation.”

Automox’s Pflaster also recommends users prioritise a critical remote code execution weakness in Windows Network File System (NFS), which affects Windows Server 2012-2022 and can be exploited over the network.

“We recommend patching within 72 hours with a priority on internet-facing endpoints or those with sensitive data,” Pflaster said.

Additionally, Automox recommends patching an elevation of privilege vulnerability affecting the Windows Kernel in most versions of Windows 10, 11, and Server 2019-2022.

Attackers can acquire non-privileged credentials, for instance, through social engineering attacks, and can easily elevate system privileges in an attack, gaining system control for installing malware, accessing other endpoints or exfiltrating data, Pflaster said.

Automox most recently revealed a new dashboard, expanded remote control functionality, and additional third-party support for its endpoint management offering in an April 2023 update.

Corey Bodzin, senior vice president of product at Automox, said that IT teams typically manage multiple operating systems across a “complex” workforce, often with limited resources and a “bloated” tech stack.

“IT teams today face a monumental task,” Bodzin said in the announcement.

( Photo by Raúl Cacho Oses on Unsplash )

Recent Articles

N-able teams up with US cybersecurity agency on RMM tactics

Remote monitoring and management (RMM) software vendor N-able has announced it is working with the US Cybersecurity and Infrastructure Security Agency (CISA)...

Nitro with Level Access launches accessibility upgrade for PDF management

E-documentation company Nitro has teamed up with digital accessibility as a service provider Level Access on an accessible version of the former's...

CoreView expects further sales growth as Microsoft launches ‘disruptive’ tools

Microsoft 365 (M365) management software vendor CoreView is gearing up for greater demand, predicted to be fuelled further by AI adoption via...

Keeper Security expands global reach with new investments in zero-trust security

Keeper Security has opened an Asia-Pacific (APAC) headquarters in Japan, reflecting increased global interest and investment in unified, zero-trust enterprise passwords, secrets...

iSpring follows Salesforce integration with Albato no-code automation

Edtech software vendor iSpring Solutions has announced integration of the iSpring Learn learning management system (LMS) with no-code automation from Albato, expanding...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox