After the publication of Golden AMI Pipeline integration with Qualys, some Qualys customers reached out asking how to integrate Qualys Vulnerability Management scanning into other types of CI/CD Pipelines. To answer these questions, we’ve published the new guide, Assess Vulnerabilities and Misconfiguration in CI/CD Pipelines.
The upcoming release of the Qualys Cloud Platform (VM, PC), version 8.21.2, includes several new features in Qualys Cloud Platform and support for multiple technologies in Qualys Policy Compliance. The 8.21.2 release is scheduled to go live on 16th Sept, 2019.
This release of Qualys Patch Management version 1.3 includes new features, highlights as follows.
- Patch Scheduling enhancement: “No Patch Window” – When scheduling a patch deployment, instead of having to specify a Patch Window time frame, you can select “None”. This will allow a job to continue to run until all of the Assets in the job are able to perform the deployment, instead of timing out at the end of the Patch Window. This is especially useful in situations where you have an emergency patch that absolutely must be installed as soon as possible. If an Asset is offline when the job is set to run, it will run the job once the Cloud Agent checks in again.
- Suppress reboot – You can choose to suppress the reboot notification and subsequent reboot after a patch deployment. This feature allows you to deploy patches, and then use another mechanism to restart the Assets. Any Asset that has the reboot suppressed will still report the Reboot Required flag to the platform.
- Create Job in “Enabled” state – Previously, you would create a Deployment Job in a Disabled state, and then Enable the job from the Jobs screens. Now, you can choose to have the Job saved in an Enabled state, reducing the amount of clicks required to start a Job.
- Opportunistic Patch Download – When creating a Job, you can now opt to have the Cloud Agent download the patches in the background before the job runs, reducing the amount of time the job takes to complete.
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.
In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.
The July 2019 release includes the following new policy and updates:
- 13 updated policies
- 11 new technologies
- 6 new DISA STIG policies
- 1 new Industry and Best Practice policies
- 1 Microsoft Security Baseline policy
September Patch Tuesday – 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc
This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 17 of them labeled as Critical. Of the 17 Critical vulns, 8 are for scripting engines and browsers, 4 are for the Remote Desktop Client, and 3 are for SharePoint. In addition, Microsoft has again patched a critical vulnerability in LNK files, along with a vuln in Azure DevOps / TFS. Adobe has also released patches for Flash and Application Manager.
Cisco published an update for Cisco IOS XE operating system to patch a critical vulnerability that could allow a remote attacker to bypass authentication on devices running an outdated version of Cisco REST API virtual service container.
The security issue is tracked as CVE-2019-12643 and has received a maximum severity rating score of 10 based on CVSS v3 Scoring system.
Are you a FedRamp-certified organization looking to more effectively maintain your FedRAMP status? There are tools available to help simplify the process and while the process involves some terminology, it is easily understood as outlined below. Additionally, it is supported by pre-built dashboards in the Qualys Cloud Platform that help organizations meet SLAs for required remediations.
In the August 2019 Patch Tuesday release, Microsoft disclosed 7 RDP Vulnerabilities, out of which 4 are labeled as critical and 3 as important. All the critical vulnerabilities exist in Remote Desktop Services – formerly known as Terminal Services – and do not require authentication or user interaction. To exploit the vulnerabilities, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The cyber industry has named them as Seven Monkeys pertaining to seven CVEs released. Microsoft has released patches for these vulnerabilities and at least two of these (CVE-2019-1181 & CVE-2019-1182) can be considered “wormable” and equates them to BlueKeep. Of the three “Important” RDP vulnerabilities, one (CVE-2019-1223) is a DoS, and the other two (CVE-2019-1224 and CVE-2019-1225) disclose memory contents. Microsoft update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
August 2019 Patch Tuesday – 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns
Update Aug 13, 2019: Detect and Patch Windows Remote Desktop Vulnerabilities
This month’s Microsoft Patch Tuesday addresses 93 vulnerabilities with 29 of them labeled as Critical. Of the 29 Critical vulns, 10 are for scripting engines and browsers, 6 for Windows Graphics/Font Library, and 4 are for Office apps. In addition, Microsoft has patched 4 (!) Critical RCEs in Remote Desktop (plus 3 Important), 2 for Hyper-V, 2 in DHCP Client/Server, and one for LNK files. Adobe has also released a large number of patches covering multiple products.