Welcome to Automox’s May Patch Tuesday break down where we will be discussing a few of the big news items in the patching world.
In this month’s patch release, we have the standard myriad patches available within the Microsoft ecosystem. But, the biggest news surrounds the Windows 10 May 2019 Update - Version 1903, and a major patch for Windows XP/7/2003/2008 to solve for a "wormable" flaw. On the Apple front, we have a significant patch that secures almost all Macs made since 2011 against the "ZombieLoad" Intel® chip vulnerability. And, if those weren’t enough, we have three critical security updates from Adobe that cover Media Encoder, Flash Player, and Acrobat Reader.
Windows 10 Updated - Version 1903
The big kahuna of updates for Windows 10 comes with some big and small changes that offer everything from new looks to streamlining the Spectre and Meltdown vulnerability patches with improved protections.
Version 1903 also updates Retpoline, mitigating Spectre Variant 2. This potential exploit could have allowed the theft of data held within higher privilege access areas through indirect branches. Previous mitigation led to noticeable performance impacts on the machines but was still successful from a security perspective. The Version 1903 update finally addresses the performance aspect.
A quick note from Microsoft on Retpoline and its conditions:
“Retpoline is enabled by default on devices running Windows 10, version 1809 and Windows Server 2019 or newer and which meet the following conditions:
- Spectre, Variant 2 (CVE-2017-5715) mitigation is enabled.
- For Client SKUs, Spectre Variant 2 mitigation is enabled by default.
- For Server SKUs, Spectre Variant 2 mitigation is disabled by default. To realize the benefits of Retpoline, IT Admins can enable it on servers following this guidance.
- Supported microcode/firmware updates are applied to the machine.” - Source: Microsoft
Windows 10 Update, Updated
One update with Version 1903 that we aren’t excited about is the new controls within the Windows 10 Update itself.
Automox recommends that you tread carefully with this new feature. Delaying potentially destructive feature updates is an excellent idea but can lead to some headaches at scale. Once enabled, this feature may limit your visibility of which devices are up to date, which still have feature updates pending, and when everything will actually get patched.
Goodbye automatically installed feature updates; hello per-device administration!
Windows XP, 7, 2003, and 2008 vs. "Wormable" Exploits
It’s been a long time since Microsoft has advised us to patch Windows XP, but they aren’t taking any chances with the recently discovered "wormable" exploits. Their goal is to proactively stop any chance of another WannaCry-like attack to occur on the older, but still very popular, legacy operating systems. Look out - impacted Windows versions include XP, Vista, Server 2003, Server 2008 and 2008 R2, and all Windows 7 variants.
Microsoft’s Director of Incident Response for the Security Response Center, Simon Pope, shared in the update: “While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”
As usual, you can protect yourself from this new WannaCry with Automox.
"ZombieLoad" vs. Your Mac
Researchers discovered four bugs that can use an Intel processor for handling excess data to compromise everything from real-time web browsing habits to revealing passwords. This is because the Intel processor uses other chips to help handle the data. This data sharing, or "zombie load," was found to be exploitable by allowing data to bleed outside the boundaries of their own app. This patch fixes this leak and the four discovered bugs.
Apple’s update 10.14.5 and the High Sierra and Sierra security updates have been released and are ready to patch this critical processing flaw. You can read more about "ZombieLoad" and its impact on TechCrunch.
Adobe Security Updates
Adobe has released three critical security updates this month that resolve exploitable moments through critical file parsing vulnerabilities in Adobe Media Encoder, Flash Player, and Acrobat Reader.
Categorized under Adobe Bulletins APSB19-29, APSB19-26, and APSB19-18, these three updates are rated as critical and have high priority scores of 3 and 2. These patches are available now, and Automox customers can deploy them through their console.
Current Automox customers can create policies that automatically handle the patching and execution of essential updates like the Adobe, Mac OSX, and Windows 10 updates every single month, as well as a myriad of third-party software.
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.