Continuing the trend of large Microsoft Patch Tuesdays, this month’s addresses 111 vulnerabilities with 16 of them labeled as Critical. The 16 Critical vulnerabilities cover SharePoint, Browsers, Scripting Engines, Media Foundation, Microsoft Graphics, Microsoft Color Management, and the VS Code Python Extension. Adobe released patches today for Acrobat/Reader, and DNG SDK.
We are excited to announce that the Qualys Community discussion forums are migrating to the Salesforce platform on June 6-7 weekend.
This 30-day notification explains why we are changing the underlying platform, how it benefits Qualys customers, and what you should expect.
The Salesforce platform offers Qualys community some significant advantages:
The upcoming release of the Qualys Cloud Platform (VM, PC), version 10.1.0, includes several new features and enhancements in Qualys Cloud Platform and Qualys Policy Compliance. This release will also add support for new technologies in Qualys Policy Compliance for OCA.
10.1.0 is scheduled to go live across the shared platforms in the second week of May, 2020. Continue reading …
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.
In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.
The April release includes support for new technologies, 4 CIS Benchmark policies, 2 Industry and Best Practice policies, and provides updates to several existing policies in the Qualys Content Library.
Qualys’ Certification Page at CIS has been updated.
This month’s Microsoft Patch Tuesday addresses 113 vulnerabilities with 19 of them labeled as Critical. The 19 Critical vulnerabilities cover Adobe Font Manager Library (0-day), SharePoint, Hyper-V, Scripting Engines, Media Foundation, Microsoft Graphics, Windows Codecs, and Dynamics Business Central. Adobe released patches today for ColdFusion, After Effects, and Digital Editions.
Secure Remote Endpoints from Vulnerabilities in Video Conferencing & Productivity Applications like Zoom
With millions working, learning and collaborating remotely due to COVID-19 challenges, there’s an explosion of remote endpoints running Zoom and other collaboration and productivity applications such as Outlook, Teams, Webex, Slack, Office 365 and more. As remote endpoints are accessing organizations’ critical assets and data, more and more cyberattacks are targeting remote endpoints for exploiting weaknesses and vulnerabilities in collaboration tools like Zoom.
Today we are excited to announce several new features, workflows, and new technology support in Qualys Vulnerability Management and Policy Compliance.
These new features will be deployed as a part of QWEB 10.0 and Portal 3.0 release versions.
The security landscape is constantly changing, and you need to adopt proactive measures to stay ahead of security breaches by being extremely vigilant about every little change in your environment. In our previous blog, we discussed how you can leverage the ready-to-use monitoring profiles in your CI/CD pipeline to start monitoring your critical system and application files. However, just setting files to monitor isn’t sufficient. You need a layer of ‘real-time detection’ to eliminate all blind spots in your network. Hence, once you are done configuring the “what to monitor” part in your environment, the next step is to configure the correlation rules to generate real-time alerts for changes and create authorized or unauthorized incidents automatically. Receiving instant alerts upon file changes in your network is the next line of defense mechanism for you to mitigate impending loss of data.
In this era of Digital Transformation, microservices are rapidly gaining popularity within continuously deployed systems. Organizations have moved away from the rigid monolithic architectures to more flexible ones that are based on microservices. Lots of organizations handling large amounts of real-time data use microservices such as Kafka and ElasticSearch, mainly due to the operational simplicity and speed of performance that they provide. However, this substantially increases the attack surface because of the exposed APIs and open ports.
Automatically Discover, Prioritize and Remediate Windows Adobe Type Manager Library Remote Code Execution Vulnerability (ADV200006) using Qualys VMDR®
On March 23, Microsoft released zero day advisory ADV200006 to address two critical remote code execution vulnerabilities in Adobe Type Manager Library that affects multiple versions of Windows and Windows Server.
The vulnerabilities exist within the way that Windows parses OpenType fonts. For example, an attacker could convince a user to open a specially crafted document or view it in the Windows Preview pane. Windows Preview pane is used by the Windows Explorer (which is called File Explorer in Windows 10) file manager application to preview pictures, video, and other content. Successful exploitation would require an attacker to convince a user to open a malicious document or visit a malicious page that exploits the WebClient service which is normally listening for WebDAV file shares.
Qualys released a blog post earlier on how to identify ADV200006 in your environment:
Microsoft Released Out-of-Band Advisory – Windows Adobe Type Manager Library Remote Code Execution Vulnerability (ADV200006)
Here we describe how to resolve it with Qualys VMDR®.