This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 22 of them labeled as Critical. Of the 22 Critical vulns, 18 are for scripting engines and browsers. The remaining 4 are remote code execution (RCE) in Remote Desktop, DHCP Server, GDI+, and Word.
During the most recent Kaseya product release webinar, multiple announcements were made regarding the new interface, upcoming functionality, new product additions to the portfolio, and much more. Below are 4 key items discussed during the Webinar:
New Kaseya User Interface/Experience: UI Modernization, Simplified GUI, Improved Usability and Enhanced Consistency.
This month’s Patch Tuesday addresses 74 vulnerabilities, with 16 labeled as Critical. Eight of the Critical vulns are for scripting engines and browser components, impacting Microsoft browsers and Office, along with another 5 Critical vulns in MSXML. Two Critical remote code execution (RCE) vulnerabilities are patched in GDI+ and IOleCvt.
Patching is the process of repairing system vulnerabilities discovered within the infrastructure or an enhancement to an existing application with addon features. The number of patches required on a consistent basis can be overwhelming. Therefore, it is necessary to devise a patch management process to ensure the proper preventive measures are taken against potential threats, and to assist in attaining new features.
This month’s Patch Tuesday addresses 65 vulnerabilities, with 18 of them labeled as Critical. Thirteen of the Critical vulns are for scripting engines and browser components, impacting Microsoft browsers and Office. Three remote code execution (RCE) vulnerabilities are patched in the Windows DHCP Client, as well as an RCE vuln in Windows Deployment Services TFTP Server and Privilege Escalation in Microsoft Dynamics 365. Adobe’s release is light, with only two CVEs patched in Photoshop CC and Digital Editions.
With constant growth in the IT infrastructure, and with services going in many different directions (in-house assets, data centers, cloud ecosystems, etc.), it is getting very difficult to keep track of changes, version controls, and much more. This is leading to even more difficulty in managing such infrastructure for multiple clients.
This month’s Patch Tuesday is very large, with 74 vulns being addressed of which 20 are labeled as critical. Fifteen of these critical vulns are in the Scripting Engine and browsers, with the remainder being GDI+, SharePoint, and DHCP. Microsoft also issued an Advisory for an Exchange 0-day, along with a patch for one of the two reported vulns.
Although this is not a new feature in Kaseya, I feel as though it is one of the most rarely used. Live Connect on Demand installs a temporary agent on a machine which allows Live Connection to that specific machine, up to a maximum of 12 hours. The best part of this being that as the agent session ends, the agent is automatically uninstalled from the machine.
This month’s Patch Tuesday is medium in size, with 47 vulnerabilities covered and only 7 labeled as Critical. Twenty-six of the vulns apply to Windows Servers and Workstation operating systems. Two of the Critical apply to Hyper-V and could lead to RCE on the host system.
Kaseya has now started working even harder towards product improvements, and with more and more acquisitions, they have further expanded their IT Complete Platform. During the last product release webinar, multiple announcements were made regarding the release process, upcoming functionality, new product additions to the portfolio, and more.