Qualys Blog

www.qualys.com
15 posts

October Patch Tuesday: 28 Critical Microsoft Vulnerabilities

Today Microsoft released patches covering 62 vulnerabilities as part of October’s Patch Tuesday update, with 30 of them affecting Windows. Patches covering 28 of these vulnerabilities are labeled as Critical, and 33 can result in Remote Code Execution. According to Microsoft, a vulnerability in Microsoft Office is being actively exploited in the wild.

Continue reading …

September Patch Tuesday: 27 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches

Today Microsoft released a fairly large batch of patches covering 81 vulnerabilities as part of September’s Patch Tuesday update, with 38 of them impacting Windows. Patches covering 27 of these vulnerabilities are labeled as Critical, and 39 can result in Remote Code Execution (RCE).  According to Microsoft, one critical vulnerability impacting HoloLens has a public exploit, and there are active malware campaigns exploiting a .NET vulnerability. Microsoft has also patched the BlueBorne vulnerability that could allow an attacker to perform a man-in-the-middle attack against a Windows system.

Continue reading …

August Patch Tuesday: 25 critical Microsoft vulnerabilities, 43 for Adobe

Today Microsoft released patches covering 48 vulnerabilities as part of August’s Patch Tuesday update, with 15 of them affecting Windows. Patches covering 25 of these vulnerabilities are labeled as Critical, and 27 can result in Remote Code Execution. According to Microsoft, none of these vulnerabilities are currently being exploited in the wild.

Continue reading …

Countdown to GDPR: Manage Vulnerabilities

If your organization needs a compelling reason for establishing or enhancing its vulnerability management program, circle this date in bold, red ink on your corporate calendar: May 25, 2018.

On that day, the EU’s General Data Protection Regulation (GDPR) goes into effect, intensifying the need for organizations to painstakingly protect EU residents’ data from accidental mishandling and foul play.

While complying with GDPR involves adopting and modifying a variety of IT systems and business processes, having comprehensive and effective vulnerability management should be key in your efforts.

Why? Too many preventable data breaches occur because hackers exploit well-known vulnerabilities for which patches are available but haven’t been installed.

Continue reading …

July Patch Tuesday: 19 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches

Today Microsoft released patches covering 54 vulnerabilities as part of July’s Patch Tuesday update, with 26 of them affecting Windows. Patches covering 19 of these vulnerabilities are labeled as Critical, all of which can result in Remote Code execution. According to Microsoft, none of these vulnerabilities are currently being exploited in the wild.

Continue reading …

Countdown to GDPR: Prioritize Vulnerability Remediation

The EU’s GDPR (General Data Protection Regulation) demands that organizations stringently protect EU residents’ data they hold, share and process, which requires having solid InfoSec practices, including threat prioritization.

No, there is no specific mention of prioritization of vulnerability remediation in the regulation’s text. In fact, only a few InfoSec technologies and practices are mentioned by name.

What is stressed throughout the 88-page document is the call for both data “controllers” and data “processors” to protect this customer information by implementing “appropriate technical and organisational measures”, a phrase repeated multiple times.

Continue reading …

Petya Ransomware: What You Need to Know

On Tuesday, a variant of the ransomware “Petya” began propagating in several countries across Europe. This new variant leverages the EternalBlue exploit used in WannaCry, and also takes advantage of misconfigured permissions to spread throughout the network.

EternalBlue is a leaked exploit developed by the NSA that leverages the vulnerability patched in MS17-010. All unpatched versions of Windows are vulnerable to EternalBlue, excluding recent versions of Windows 10. Microsoft has also chosen to release patches for some end-of-support versions of Windows.

Continue reading …

Visualizing the Stack Clash Vulnerability with Dashboards

Security teams should apply vendor patches immediately to protect their Linux, OpenBSD, NetBSD, FreeBSD and Solaris infrastructure from The Stack Clash vulnerability (also see the security advisory). To help in that effort, this blog post describes a new built-in Qualys AssetView dashboard to visualize The Stack Clash and quickly identify vulnerable assets in your organization.

Continue reading …

Samba Vulnerability CVE-2017-7494

On Wednesday, the Samba Team patched a vulnerability that exists in all versions of Samba including and after version 3.5.0. Exploitation of this vulnerability could result in remote code execution on the affected host.

Samba is used to provide SMB and CIFS services for Linux systems, and is pervasive in both enterprise and consumer products. While the Samba Team is providing patches for the latest versions (4.4.x and higher), some Linux vendors, such as RedHat and Ubuntu, are providing patches for older versions of Samba if they are used in a supported version of the OS. The Samba Team may also release patches for older versions of Samba.

Continue reading …

How to Rapidly Identify Assets at Risk to WannaCry Ransomware and ETERNALBLUE Exploit

In what may be the first public weaponizing of April’s Shadow Brokers dump of NSA exploits, a ransomware attack has crippled IT systems globally and disrupted operations at major organizations, including patient services at UK hospitals.

About 80,000 infections have been detected in about 100 countries at the time of this writing, and the attack, which uses the WannaCry (WanaCrypt0r 2.0) ransomware, continues to spread.

Continue reading …