Cybersecurity and the Law: Taking Proactive Steps Before Needing Legal Action

How the justice system deals with cybercrime is still relatively new and finding its footing. How cybercriminals are leveraging the legal system is relatively new, too.

Imagine a world where your organization gets hacked, and then, to add insult to injury, gets reported by the hackers for being out of compliance. Well, you don’t have to imagine too hard because those days are upon us. While the federal government is making its first forays into cyber protection – in 2022, Congress ordered the US Department of Justice to develop categories of cybercrime so that agencies have a shared language to classify malicious incidents – it seems that threat actors are hot on their tail, using the law to their own advantage and wielding it like a club against anyone who doesn’t want to pay a ransom.

It’s a complicated new world, and we’ll go over a few examples that help illustrate the point. But the broader point is this; instead of waiting for zero lag time from the legal system, companies would be best served putting up an immutable first line of defense against attackers now, by knowing how to craft the perfect offensive security strategy.

Victims Turn to the Legal System

It seems we’ve been fighting cybercrime in back alleys for too long. Legal redress has always been an option, and the security community is now readier than ever to use it.

When a healthcare organization was breached by a ransomware group, they fought back. Even though they knew the anonymous criminal members would never step up to the complaint, the tactic nonetheless worked, and the cloud storage provider used to stash the stolen data was obliged to return the data, which they agreed to do voluntarily.

In similar fashion, the legal system is being used to come down hard on cybercriminals who have gotten away with blatant copyright theft for too long. When cybercriminals tried to spoof Google’s Bard, telling users they could download the generative AI tool and giving them malware instead, the tech titan took legal action and filed a lawsuit against two separate groups. The result could be precedent-setting: “If this is successful, it will serve as a deterrent and provide a clear mechanism for preventing similar scams in the future,” Google stated in a blog post.

While this is encouraging, the nonbiased eye of the law sees both sides. Realizing this, hackers may be the most adept of all at taking advantage of it.

Attackers Use Laws to their Own Advantage

Compliance officers may have a new, and uninvited, team of assistants. As new Securities and Exchange Commission (SEC) rules require companies to report cyber incidents with a “material impact” on stakeholders within four days, cyber group are spotting opportunity and a larger saber to rattle at reticent payees. “Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” noted SEC Chair Gary Gensler in the announcement’s press release. When it comes to what qualifies, it seems organized crime groups are “erring on the side of caution.”

For instance, a ransomware group took the liberty of reporting one of its recent victims to the SEC after illegally infiltrating its systems and causing a data breach. When the organization refused to play ball, the malicious actors took to the legal system, neatly filing a complaint using Form 8K, under item 1.05. And then they posted it to X (formerly Twitter). What a sudden sense of civic duty!

Jokes aside, this really was a jolt to the cybersecurity community. Not only could these rules become an unintended weapon against soon-to-be ransomware victims, experts have pointed out that this unique use of the SEC rules could open the door to additional unforeseen exploitation of other legal measures.

Preventing Legal Woes with Proactive Measures

With a newfound tactic for digital coercion, organizations are under more pressure than ever to comply with the demands of ransomware groups. Even if organizations disclose a data breach and refuse to pay the ransom, they may face legal action from their own customers. However, as has been illustrated, legal routes can also be successful at easing the pain of a cyberattack, and even putting some of the pieces back into place. But wouldn’t it be nice if companies could just avoid all the hassle in the first place?

Organizations can do just that by putting proactive security measures into place before it’s too late, building out an offensive security strategy that takes the fight to them.

Vulnerability Management

Vulnerability Management software continually identifies weak spots within operating systems, software and/or hardware element so hackers can’t find an easy way in. By routinely running automated scans, organizations can ensure they prioritize critical, exploitable vulnerabilities that may provide access to sensitive data or assets.

Penetration Testing

While vulnerability scans provide a valuable picture of what potential security weaknesses are present, penetration testing software or services can add additional context by seeing if the vulnerabilities could be leveraged to gain access within your environment. Penetration testing uses the same techniques as attackers to determine which risks are the most prescient, identifying the attack paths threat actors are most likely to take. Nowadays, people want to know what a hacker sees before the hacker does. Consequently, pen testing is on the rise—the global penetration testing market is set to clear $5 billion by 2031.

Red Teaming

Red team i ng is a full-scale simulation puts your defensive controls and team to the test. It’s one thing to know in theory that your defenses are up to par; it’s another to see your team, your systems, your security stack, and your investments working in tandem to bat down an all-out attack in real time – or not. No matter the result, an experienced team with an effective toolse t and the right mindset will ensure that a blue team walks with a better understanding of what it takes to protect their infrastructure. This way, organizations are well informed to make improvements so that your security team is equipped with experience and bolstered defenses when a real-world attacker inevitably strikes.

Lengthy Legal Actions vs. An Ounce of Offensive Security

As the old poem goes, “If the cliff we will fence, we might almost dispense with the ambulance down in the valley.” The legal system exists and works when things go awry. It takes a lot of heaving and pulling, hours in litigations and somewhere in the ballpark of $600,000 to $3 million for a corporate lawsuit, but eventually and often, the truth does win out. However, companies can spare themselves a lot of time, headaches and PR costs by investing in proactive security solutions that can block attackers at the door. Now, isn’t that easier?

Choose the Right VM Option For Your Organization

Every company has different cybersecurity needs and standard vulnerability management may not be enough. Get The Case for Enterprise-Grade, Risk-Based Vulnerability Management guide and see how essential risk-based VM can be to your company.

Get the guide

ENISA’s New Report Highlights Cyber Investments and Pushes Vulnerability Management

This past November, the European Union Agency for Cybersecurity (ENISA) released its NIS Investments Report 2023, a rundown of how critical EU operators have been investing in cybersecurity pursuant to the NIS Directive. It not only covers how dollars have been spent, but suggest how they ought to be going forward.

One particular point of emphasis? Vulnerability management.

Vulnerability Management Timelines

The report noted the time it takes for certain EU operators to perform basic vulnerability management tasks. Over half (51%) of all organizations in the transport sector take at least a month to patch critical CVEs, while 21% need between one and six months. As of yet, only 28% can fix “critical vulnerabilities on critical assets” within a week.

However, Mieng Lim, VP of Product Management at Fortra, notes that these face-value figures may not tell all. She notes, “Resolving a vulnerability is complex. Sometimes introducing a patch, especially within legacy applications, can create problems within adjacent systems and even break them.” Which is why she suggests, “Take your time. We know zero dwell time is the goal but remember to look at the bigger picture. Sometimes it takes time to see how things are going to play out, so don’t be afraid to take that time, test the fixes, and retest if necessary.”

She also emphasizes the criticality of prioritizing which vulnerabilities to go after, especially for strapped security teams. “A lot of people think that VM slows things down. But it really helps you get to the important things faster by identifying which CVEs are the most worth your time. Because sometimes a lower score vuln can have a surprisingly big impact, it’s important to get all the context you can. A complete vulnerability management solution suite with pen testing and red teaming can give you a 360-degree view and help you know what’s really important.”

The Top-Listed Threat: Software Supply Chain

VM is also a prominent feature in securing the software supply chain, the first-mentioned of 10 significant cyber challenges expected to shape the cybersecurity landscape over the next decade.

Citing “the most significant data breach in history,” the report noted how 18,000 customers were impacted by the Solar Winds software compromise and highlighted the ENISA expectation that by 2030, organizations would have widely adopted DevOps as standard practice.

It called attention to the fact that 80% of code in modern applications relies on open-source software, and that researchers detected at least one OS vulnerability in 84% of all commercial and proprietary databases. In a survey of all types of databases, high-risk vulnerabilities were found in a staggering 48%.

This tees up the conclusion that as the world continues to rely on more and more potentially insecure build components, security really does have to come from within. When those insecure features are easily discoverable CVEs, vulnerability management needs to become a staple for organizations hoping to survive in the digital world going forward.

Smart Cities as a Single Point of Failure

Another opportunity for attackers to take advantage of vulnerabilities – with massive, far-reaching consequences – will be within the digital ubiquity of smart cities. Information and Communication Technology (ICT) in particular is susceptible as a single point of failure.

The report projects that ICT networks within smart cities will amass incredible amounts of data by 2030. This will increase their value to attackers, so if vulnerability management is not built in during the development process (now), hidden vulns could be exploited and weaponized with great success, “[crippling] an entire region.”

The Top-Listed Solution: Vulnerability Management

The evolving EU cybersecurity policy framework seeks to develop initiatives to combat those horizon threats, and of the three example policies listed in the report, the one leaning heavily on VM came first. The Cybersecurity Resilience Act (CRA) introduces common security rules specifically aimed at minimizing product vulnerabilities and ensuring VM across the lifecycle of those products. Its goal is to mitigate the obvious challenges posed by insecure digital products in the marketplace, whether in someone’s software supply chain or their own infrastructure.

Future Proofing with VM

Juhan Lepassaar, Executive Director of the EU Agency for Cybersecurity, stated, “Managing vulnerabilities is essential and must go hand-in-hand with “secure by design initiatives. In the meantime, we do need to continually invest in areas such as identifying, managing, and reporting vulnerabilities that can have an impact on the security of the whole Digital Single Market.”

As the industry moves forward in developing new technologies, particularly those bolstered by AI, this “security by design” principle will play an ever more crucial role. Vulnerability management is central to that role and will be the gate that swings wide in either direction.

If VM is included in “security by design” implementations now, it could be the means to bar many lower-level attackers out for easy pickings in an ever-growing smorgasbord of digital assets. If done poorly, it could allow undiscovered assets and vulnerabilities to proliferate like dandelions within our evolving digital-physical architecture until the stakes are too high and the solutions are too little, too late.

In this report, ENISA has raised the warning flag that “boring” security maintenance routines like vulnerability management will soon prove our saving grace or our downfall. Companies that plan to future-proof their digital enterprise would be wise to invest now.

Taking a Proactive Approach with Fortra VM

Choosing a modern vulnerability management solution like Fortra Vulnerability Management (Frontline VM) is an ideal long-term solution that helps you identify, classify, and prioritize vulnerabilities on an ongoing basis. With automated scanning capabilities and on-demand reporting, you can routinely stay ahead of vulnerabilities and set your team up for proactive success in the years to come.

Choose the Right VM Option For Your Organization

Every company has different cybersecurity needs and standard vulnerability management may not be enough. Get The Case for Enterprise-Grade, Risk-Based Vulnerability Management guide and see how essential risk-based VM can be to your company.

Get the guide

Patch Tuesday Update - December 2023

Frontline.Cloud will include the Microsoft Patch Tuesday checks in the NIRV 4.32.0 and Frontline Agent 2.2 releases.

Microsoft addressed 33 vulnerabilities in this release, including 4 rated as Critical and 8 Remote Code Execution vulnerabilities.

CVE/Advisory	Title	Tag	Microsoft Severity Rating	Base Score	Microsoft Impact	Exploited	Publicly Disclosed
CVE-2023-36696	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Windows Cloud Files Mini Filter Driver	Important	7.8	Elevation of Privilege	No	No
CVE-2023-36391	Local Security Authority Subsystem Service Elevation of Privilege Vulnerability	Windows Local Security Authority Subsystem Service (LSASS)	Important	7.8	Elevation of Privilege	No	No
CVE-2023-36020	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Microsoft Dynamics	Important	7.6	Spoofing	No	No
CVE-2023-36009	Microsoft Word Information Disclosure Vulnerability	Microsoft Office Word	Important	5.5	Information Disclosure	No	No
CVE-2023-36011	Win32k Elevation of Privilege Vulnerability	Windows Win32K	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35625	Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability	Azure Machine Learning	Important	4.7	Information Disclosure	No	No
CVE-2023-21740	Windows Media Remote Code Execution Vulnerability	Windows Media	Important	7.8	Remote Code Execution	No	No
CVE-2023-36 019	Microsoft Power Platform Connector Spoofing Vulnerability	Microsoft Power Platform Connector	Critical	9.6	Spoofing	No	No
CVE-2023-36010	Microsoft Defender Denial of Service Vulnerability	Windows Defender	Important	7.5	Denial of Service	No	No
CVE-2023-36012	DHCP Server Service Information Disclosure Vulnerability	Windows DHCP Server	Important	5.3	Information Disclosure	No	No
CVE-2023-36003	XAML Diagnostics Elevation of Privilege Vulnerability	XAML Diagnostics	Important	6.7	Elevation of Privilege	No	No
CVE-2023-36004	Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability	Windows DPAPI (Data Protection Application Programming Interface)	Important	7.5	Spoofing	No	No
CVE-2023-36005	Windows Telephony Server Elevation of Privilege Vulnerability	Windows Telephony Server	Important	7.5	Elevation of Privilege	No	No
CVE-2023-36006	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	Microsoft WDAC OLE DB provider for SQL	Important	8.8	Remote Code Execution	No	No
CVE-2023-35638	DHCP Server Service Denial of Service Vulnerability	Windows DHCP Server	Important	7.5	Denial of Service	No	No
CVE-2023-35639	Microsoft ODBC Driver Remote Code Execution Vulnerability	Windows ODBC Driver	Important	8.8	Remote Code Execution	No	No
CVE-2023-35641	Internet Connection Sharing (ICS) Remote Code Execution Vulnerability	Windows Internet Connection Sharing (ICS)	Critical	8.8	Remote Code Execution	No	No
CVE-2023-35642	Internet Connection Sharing (ICS) Denial of Service Vulnerability	Windows Internet Connection Sharing (ICS)	Important	6.5	Denial of Service	No	No
CVE-2023-35643	DHCP Server Service Information Disclosure Vulnerability	Windows DHCP Server	Important	7.5	Information Disclosure	No	No
CVE-2023-35644	Windows Sysmain Service Elevation of Privilege	Windows Kernel-Mode Drivers	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35628	Windows MSHTML Platform Remote Code Execution Vulnerability	Windows MSHTML Platform	Critical	8.1	Remote Code Execution	No	No
CVE-2023-35629	Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability	Windows USB Mass Storage Class Driver	Important	6.8	Remote Code Execution	No	No
CVE-2023-35630	Internet Connection Sharing (ICS) Remote Code Execution Vulnerability	Windows Internet Connection Sharing (ICS)	Critical	8.8	Remote Code Execution	No	No
CVE-2023-35631	Win32k Elevation of Privilege Vulnerability	Windows Win32K	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35632	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Windows Internet Connection Sharing (ICS)	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35633	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35634	Windows Bluetooth Driver Remote Code Execution Vulnerability	Microsoft Bluetooth Driver	Important	8	Remote Code Execution	No	No
CVE-2023-35635	Windows Kernel Denial of Service Vulnerability	Windows Kernel	Important	5.5	Denial of Service	No	No
CVE-2023-35636	Microsoft Outlook Information Disclosure Vulnerability	Microsoft Office Outlook	Important	6.5	Information Disclosure	No	No
CVE-2023-35619	Microsoft Outlook for Mac Spoofing Vulnerability	Microsoft Office Outlook	Important	5.3	Spoofing	No	No
CVE-2023-35621	Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability	Microsoft Dynamics	Important	7.5	Denial of Service	No	No
CVE-2023-35622	Windows DNS Spoofing Vulnerability	Microsoft Windows DNS	Important	7.5	Spoofing	No	No
CVE-2023-35624	Azure Connected Machine Agent Elevation of Privilege Vulnerability	Azure Connected Machine Agent	Important	7.3	Elevation of Privilege	No	No

Quickly Find and Fix Your Most At-Risk Weaknesses

Watch this demo to see how Frontline VM can help.

Watch now

How to Recover After Failing a Cybersecurity Audit

Failing a cybersecurity audit can mean several things.

While it’s important to adhere to compliance regulations, blunders do happen. What does it mean when these blunders lead to you failing a cybersecurity audit, and how can you recover?

Consequences of Failing a Cybersecurity Audit

First, there’s the up-front legal fines that come with falling on the wrong side of compliance. Here are a few illustrative examples.

PCI DSS – The payment card industry will exact fines ranging from $5,000 to $100,000 (depending on the size and scope of your crime and company) every month until you get back in line.
HIPAA – Civil monetary penalties for HIPAA violations range from as little as $100 to as much as $50,000 per violation, and an audit could turn up several of those.
SOX – The stakes are high for failing to accurately report financial data, and almost make non-compliance the ‘last mistake you’ll ever make’ with fines as high as $5 million dollars and up to 20 years in prison. And that’s not even mentioning the additional SEC penalties (from $50k to $2.5 million a pop) and the potential to lose your stock exchange listing.

And, legal ramifications for state and government privacy violations can extend beyond fines alone. You can face time in prison for serious GDPR infringement. Those who fail to meet California’s CCPA standards are open to individual or class action lawsuits. And defense contractors who don’t stand up to Cybersecurity Maturity Model Certification (CMMC) requirements won’t be eligible t o bid for government contracts. Then, there’s the issue of compensation. The offending institute has to make things right by the customers it jeopardized by being non-compliant in the first place. For a bank, this might mean reissuing cards if financial information has been stolen. For others, it might mean offering free credit monitoring services for the next few years.

And let’s not forget all the clean-up costs of apologetic PR campaigns, brand re-imaging, and potential layoffs if the issue becomes public. Credibility loss is a silent killer, and while data breaches typically get all the press, compliance audits can get their share of attention when a company has to email all its customers notifying them that they’ve been the victim of unsafe security practices.

The Culprits Behind Compliance Violations

Compliance casualties can stem from a number of issues, including:

Lack of access controls | Too many times, privileges and permissions are too loosely applied. Whether out of convenience, an exaggerated sense of trust, simple oversight, or the desire to remove friction from operations, this security blunder can have serious consequences. Verizon data reveals that business insiders account for 1 in 5 data breaches. A common culprit? “Privilege creep.”
Inadequate expertise | We are (still) in the slump of a cybersecurity skills crisis, and security practitioners are being pulled a million places at once. Once specialists, this breed has now had to adapt to the constant lack by becoming a jack of all trades. While this has its upsides, it causes other areas to suffer; like when you fail your audit because you didn’t have a dedicated cloud security expert, data loss prevention guru, or compliance manager. If you don’t have it, outsource it.
Insufficient security awareness education | Anyone can fall victim to a phishing attack. With spiffy new AI capabilities, getting duped just got that much easier. Even before this last year’s unprecedented wave of AI, Business Email Compromise losses rose by nearly 50% in two years, costing roughly $2.7 billion in adjusted losses. While you can’t fail an audit for being phished, it’s always a good time to ensure your employees are learning how to be more security savvy, be it through social engineering pen tests or additional training. That way, when new implementations come down the pike (Multi-factor Authentication (MFA), Secure File Transfer (SFT), Digital Rights Management (DRM)), they won’t balk at the changes.

Recovering from a Failure

Thankfully, one failed audit doesn’t have to determine everything. If your company is savvy, it can use it as a learning experience to improve. If done right, your efforts can even cast your organization in a better light than before. Once issues come to a head in a compliance infraction (and subsequent audit red flag), the first step is to remediate the immediate problem by fixing any violations. That can look like:

Patching vulnerabilities | If there’s a hole, patch it. New software security patches are issued regularly and can be for old and new software versions. It’s important to use a vulnerability management solution to identify where you might have weaknesses that require a patch.
Getting the latest versions | If an update was released with newer, safer features and you didn’t take the time to install it, it throws more egg on your face in an audit. Too much to keep track of? Automate patch management, updates, and even key rotation with the right IT operations automation solutions.
Tightening access controls | One-time authentication is not enough for today’s sneaky threat actors. You need to validate at the door (think of letting someone into your house) to make sure only the right people have access. You’ll also need to continuously validate at every new entry point thereafter. The right IAM solution can even make this simple.
Cracking down on password policies | You’d be surprised at how many of these bad boys sink ships. It’s one thing to have been breached fair and square by a high-powered password cracking agent. It’s another to have an auditor find out you didn’t have secure password policies in the first place – or, that they were never enforced.
Creating new policies | Sometimes the right steps just weren’t in place the first time. The pandemic sent everyone running to the cloud so fast that we are still seeing old security gaps from when the right rules, container security, or API protections were not put in place initially. Audits don’t have to be a Boogey Man; think of them as a warning.

Next, validate your remediations by using tools or services to verify that all the fixes made were indeed successful. Handing off a list of compliance checkboxes to implement is one thing – verifying the team has been able to commit the time and resources to completely follow through is another, especially if the failed audit didn’t “go public.” It’s easy to slip into old habits once the initial shock has worn off or suffer mistakes due to over-tasked teams.

Check for scripting typos and retest patches for compatibility. Go over your new changes to make sure their implementation didn’t cause any additional unforeseen problems. And if red teaming was part of the initial audit, put another red teamer on the job post-op to make sure all the initial problems are fixed.

Allocate a special team for these double-checks or hire one out if you have to, as your SOC is still responsible for keeping up with the organization’s day-to-day security tasks and an additional remediation burden might be too much.

Avoiding Failure with a Proactive Strategy

Failing compliance audits is often indicative of a broader need for re-evaluating security processes. Consider adding or increasing your proactive security strategy with solutions that can be regularly implemented to check for security weaknesses so there are no surprises when an audit comes along.

Compliance should be perfunctory and redundant for companies with a robust proactive security posture. There should be nothing they’re checking for that you’re not checking for already, and there’s no better way to stay ahead of that security game than with a regimen of compliance-specific vulnerability scans and appropriate pen tests.

Fortra’s Frontline VM is the leading solution to ensure PCI DSS and other compliances. A user-friendly SaaS security platform, it simplifies vulnerability management and pen testing reporting and can also integrate a Payment Credential CVC site seal to show your organization’s ability to securely accept online payments.

Our Pen Testing Services are a great option if you need to outsource your penetration testing, including web application pen testing, network pen testing, wireless application pen testing, and more.

Fortra’s Core Impact further locks down compliance by providing your team with their own best-in-breed penetration testing solutions. This automated pen testing tool is intuitive and easy for practitioners of all backgrounds to use. Less experienced testers can carry out pen tests that utilize the latest exploits, and more advanced analysts can automate the more routine elements of a test. Ease of use is key to establishing a pen testing cadence that will be consistent enough to constantly keep you compliant.

With the right vulnerability scanning, penetration testing, and red teaming solutions and services in place, you can have an audit-proof posture now and stay current with any compliance requirements to come.

Learn more about proactive security strategies

Find out how to better protect all of the potential entry points in your organizational infrastructure in our guide, Attack Surface Management 101.

Get the guide

Debunking Popular Myths About Vulnerability Management

“Vulnerability Management” can be a security term that carries a lot of unnecessary weight. The irony is that the right vulnerability management (VM) solutions can actually take the weight off – your security team, your organization, and your other assets.

Understanding how means debunking some of the more popular myths around this topic and discovering the truth behind one of security’s most underrated tools.

The Most Common VM Myths

We’ve all heard them. Now it’s time to put those vulnerability management myths to the test and see how they hold up.

Myth #1: It Takes an Expert to Set Up a VM program

This is actually not true. The right VM solution will be easy to stand up and easy to use. Made for the modern era, some of today’s VM platforms are simple to deploy – even on small networks – and intuitive, so no in-depth training is required. Additionally, a vendor can help streamline remediation by providing ongoing guidance in finding, mitigating, and remediating vulnerabilities so as your IT infrastructure (and subsequent vulnerabilities) evolves, you can respond at scale.

Myth #2: Vulnerability Assessments Produce a Laundry List of Results

Many people opt out of critical vulnerability management assessments because they don’t know where to start. And at one time, those fears were well-founded. Old assessments just churned out a list of vulnerabilities, leaving practitioners with no way of knowing which were the most pressing. Now, there are risk-based vulnerability management solutions available that use threat intelligence and information on your individual infrastructure to prioritize which vulnerabilities are the highest risk to your organization. Additionally, penetration testing services can validate the exploitability of some of these weaknesses and also validate remediation efforts.

Myth #3: Regular VM Will Disrupt Operations

On the contrary. This is like saying stopping for gas will disrupt the flow of driving. “A lot of companies are afraid that regular vulnerability scans will interrupt the flow of operations,” notes Fortra’s Mieng Lim. “If they’re done right, they won’t have to. And there’s no interruption greater than the fallout from a cyberattack.” Vulnerability scans should be viewed as ongoing maintenance and no different from the other IT tasks we consider routine. These days, scans can be scheduled during off-hours, so they use minimal bandwidth and further fade into the autonomous background.

Myth #4: If You Have Pen Testing, You Don’t Need VM

Actually, they work better together; vulnerability management provides visibility, while pen testing provides vital context. VM can tell you how many vulns you have and where they reside, while pen testing identifies which of those CVEs presents the greatest potential for compromise. VM can tell you where to patch, and pen testing verifies if that patch was applied properly and is effective. Together, the two combine to create the perfect one-two punch.

Don’t Believe Out-Dated Myths

Cybersecurity is a fast-moving industry. It’s important to stay current on the latest technological advancements, or you may miss key features and capabilities as they emerge. It’s fair that some lingering beliefs remain from the “security early days”; for example, the VM scans of yesteryear certainly did not produce the most informative (or prioritized) data, and so old prejudices persist. However, as technology has improved, these problems were put on the chopping block a long time ago.

If you think you know vulnerability management, think again. If it’s not easy, intuitive, or truly a time-saver, your current version (and perception) might be out of date.

Why You Should Want a Vulnerability Management Solution

There are several desirable advantages to having a well-established vulnerability management solution. First of all, how can you know where you’re going without a roadmap? Your whole security setup is ostensibly to protect your internal assets from outside attackers. Great. Do you know where they’re going to attack? If you had an accurate inventory of all your weak spots, you’d have a pretty good guess.

Additionally, a compliance audit is never the time to be on the receiving end of an unexpected vulnerability. The right vulnerability management solution can prepare you for specific compliance frameworks like PCI DSS and make the actual audit just a matter of course. Know what they’re testing for and test for it yourself with a proactive VM solution.

Time is money in a modern SOC, and unfortunately, both are often tight. A VM platform is designed to maximize your limited resources, not take more away. This small investment in time will pay big dividends when your team knows which vulnerabilities to patch first, which ones have the highest impact, and which ones to leave behind. In a scenario where teams are stretched as it is, it’s important to make every effort count.

Choose the Right VM Option For Your Organization

Every company has different cybersecurity needs and standard vulnerability management may not be enough. Get The Case for Enterprise-Grade, Risk-Based Vulnerability Management guide and see how essential risk-based VM can be to your company.

Readability

Get the guide

Frontline 6.5.7 Release

The 6.5.7 Release is now live. In this release, there are multiple enhancements to the PCI Self Service UI and an overall Visual UI Enhancement.

PCI Self Service Enhancements

New Roles – Designated PCI User and Admin roles have been added for the PCI Scan Administration and Management section.
Dispute Digest – An option to designate a specific user preference is available so users have ability to opt-in to receive the email digest of recent disputed vulnerability notifications.
Retained Notes for Resubmission – Previously submitted notes can now be displayed, sorted, and selected for quicker dispute resubmission.
Dispute Age – On the Dispute Management page, the age of the dispute is now displayed.

General Enhancements

Visual Indicator of Scan Type – Vulnerability Management (VM) and Web Application Scanning (WAS) are now displayed in the list of scans for a Scan Group.

You can view release notes here.

Contact Us

We can help with any security vulnerability questions.

Best Security Practices for Digital Banking

Online banking is nearly universal in 2023. No more long lines at the credit union, late-night ATM trips, or waiting for a check to be cashed. Digital banking has revolutionized the financial industry and the way we do business as a whole.

However, it has also indelibly increased the risk of cyberattacks, social engineering scams, and online compromise to the financial community.

Here are some of the top risks facing the industry today, along with current best practices for keeping financial transactions secure.

Top Threats Facing Financial Institutions

The Verizon 2023 DBIR notes that this year, 95% of attacks are financially motivated. It’s true; all organizations have money to steal. But that doesn’t keep banks, credit unions and other financial institutions from being a particularly tantalizing and lucrative target.

Here are some of the top cyber threats financial services organizations need to watch out for in 2023:

Exploited Vulnerabilities | From websites to banking apps, vulnerabilities can leave the financial sector at risk when a CVE goes unpatched or an undiscovered weakness gets discovered by the wrong side. Once the vulnerability is found, a typical exploit kit will often download a malware payload designed to give threat actors remote access to the system. In fact, the National Credit Union Association noticed a recent rise in cyberattacks as a result of a number of critical vulnerabilities being exploited.
Stolen/Compromised Credentials | The Verizon 2023 DBIR notes that stolen or compromised credentials are to blame for no less than 50% of all breaches, including those involving financial services. However, the impact of a breach is much higher for finance firms; it costs them approximately $5.9 million per data breach, 28% higher than the global average.
BEC Attacks | By its very nature, high-target industries like finance and insurance are particularly susceptible to instances of Business Email Compromise (BEC), or “CEO Fraud.” BEC scams typically involve a request from a seemingly known source requesting a financial transaction, like a wire transfer. According to the Financial Services Sharing and Analysis Center (FS-ISAC), BEC crimes saw a 300% increase in 2022. Per recent FBI Internet Crime (IC3) Reports, BEC is the most lucrative online scheme several years running. The FBI 2022 Internet Crime Report notes that total losses originating from BEC equaled $2.7 billion dollars last year, dwarfing ransomware’s $34.3 million by a magnitude of 78 times.
Ransomware | Ransomware payouts are getting higher, and financial institutions are feeling the pinch. According to the 2023 DBIR, the median cost to victims has more than doubled in the past two years. Threat actors consistently pursue the industries with the highest payouts and, consequently, the most to lose. This is why finance firms consistently make the list as one of this year’s hardest-hit industries, as the 2023 DBIR states. According to research by Comparitech, financial services has lost over $32 billion in just the last five years.
Third Party Vendor Breach | According to a recent survey by fintech provider CSI, third-party vendor breach (or supply chain compromise) was among the top five cybersecurity concerns of bankers this year, with 15% ranking it as the top. A 2023 World Economic Forum report stated that a full third of organizations have been “collateral damage” in a third-party cybersecurity incident, and KPMG research shows that 76% of CISOs now value the security of their partner ecosystem as much as their own.
Basic Web Application Attacks | This year, basic web application attacks, miscellaneous errors and system intrusion accounted for 77% of all breaches in the finance and insurance sector. “Basic web application attacks” means non-sophisticated, lower-level ploys that could easily have been prevented by better basic controls. These include fuzzing, cross-site scripting, injection attacks, brute force credentialing, and other low-hanging cybercriminal fruit.

Unique Challenges of Online-Only Banks

Given the hybrid models in use by banking institutions these days, all banks are facing similar issues as they scramble to offer app-based banking and digital service models. However, this convenience comes with a price.

Online-only banks are seen as less secure. Though reputable online banks are insured just like their brick-and-mortar counterparts, there is still distrust around banks that don’t have a physical Main Street component. Recently this came up with Silicon Valley Bank, one of the biggest, most trusted financial institutions among tech entrepreneurs and an online-only bank. The fact that 85% of their deposits were not insured cast a pall over the online banking community as a self-fulfilled bank run caused the FDIC to take control of assets.
Larger technology stack, larger attack surface. An additional challenge is that the more assets you have in cyberspace, the more at-risk you are of a cyberattack. In one instance, a virtual bank attracted a higher-than-anticipated amount of traffic as the result of a promotional campaign. While this would typically be good news, in this case it backfired, causing system capacity issues at a time when the bank needed the business the most. It’s a numbers game, and the reliance on sprawling technology stacks could lead to higher chances of DDoS attacks, latency, and supply chain attacks. Whether you lose money by paying a ransom sum or by losing business, the bottom line is still the same.
Cryptocurrency is online and uninsured. Typically, the FDIC insures up to $250k of all money deposited into a federally insured bank account. However, this protection does not extend to crypto assets (or, for that matter, stocks, bonds, commodities, money market mutual funds, and other types of securities). This lowers trust and participation in online-only financial institutions that deal in cryptocurrency and makes investing in the decentralized currency all the more risky. However, banks that are crypto friendly have been warned of this risk and it is up to investors to stay aware.

The distinct challenges of online banking and the institutions that support it essentially equate to a pseudo-Wild West environment for a lot of the industry. If your money is lost, stolen or pilfered, there’s no guarantee that you’ll get all of it back. That’s never a good line for banks to give their customers, but risks are risks and rules are rules. So how do you protect what the laws and human nature can’t?

How Financial Institutions Can Protect Themselves

The answer lies in being prepared. While financial institutions might be tempted to place the bulk of their focus on next-generation security models that combat advanced security threats, solid security protocols in basic places could go miles in preventing financial service cyberthreats.

As financial service firms are left to take matters into their own hands, a bullet-proof offensive security strategy (and some sort of outside cybersecurity insurance) can help close the gaps and secure business.

Follow Compliance Regulations

Proactive security can also aid adherence to compliance regulations like SOX, PCI DSS, GDPR, and more.

For example, SOX compliance requires an annual audit to ensure sensitive financial data is properly secured. Proactive techniques like penetration testing and red teaming, performed throughout the year, can help organizations comply with the SOX policies of tracking and resolving attempted data breaches and securing data against possible tampering.
They can also aid PCI DSS compliance by testing the efficacy of the 12 primary requirements, and actively enabling one in particular ; number eleven, to regularly test security systems and processes.
Any financial firm doing business internationally in Europe must comply with GDPR, and proactive security measures like penetration testing help to ensure that all necessary security controls are in place to secure GDPR-protected data. They also provide additional in-depth insights into customer and organizational data and offer continuous auditing of incoming technologies, systems, and applications for GDPR compliance.

Implement Effective Offensive Security Strategies

Vulnerability Management| Vulnerability management lays the foundation for the rest of your offensive security program, helping you assess risks with intelligent scanning from BeSECURE. Additionally, most financial institutions have their own web apps, which can be a source of exposure that should not go overlooked. They may warrant a tool like BeSTORM, Dynamic Application Security Testing solution, which can test applications using the same techniques as a cybercriminal, without access to the source code.
Penetration Testing | With Core Security’s Core Impact, security teams of varying experience levels can conduct advanced penetration tests. Guided automation and certified exploits ensure your systems are being tested with the same tactics used by attackers today. Need an outsider’s perspective? Core Security’s penetration testing services can assess your environment, testing your access controls and exploiting vulnerabilities to give you a clear path to remediation.
Red Teaming |Core Security’s Cobalt Strike employs the same advanced tactics used by sophisticated real-world adversaries today. A powerful threat emulation tool, it mimics the actions of a long-embedded threat actor and puts defenses to the test with a dynamic post-exploitation agent and adaptable C2 framework. Additional red team readiness can be provided with Outflank Security Tooling (OST), a red teaming toolset that focuses on stealth and evasion for every step of the attack kill chain. Involved with the creation of the Threat Intelligence-based Ethical Red Teaming (TIBER) framework from its inception, the Outflank team not only tests the capabilities of your financial technologies, but the mettle of your team under pressure.

Online banking is a feature of the modern era, and unfortunately, so are persistent cyberattacks. Financial institutions don’t want to face these ongoing threats unprepared. With a proactive security strategy and the right tools in place, they won’t need to.

Learn more about proactive security strategies

Find out how to effectively manage your financial institution’s attack surface in our guide, The Complete Guide to Layering Offensive Security.

Get the guide

Patch Tuesday Update - October 2023

Microsoft addressed 104 vulnerabilities in this October 2023 release, including 12 rated as Critical and 45 Remote Code Execution vulnerabilities.

Three of the CVEs included in this month’s release are also being exploited in the wild.
- HTTP/2 Rapid Reset Attack (CVE-2023-44487)
  - This vulnerability in HTTP/2 allows attackers to use a set number of HTTP/2 requests to cause high CPU utilization and requests per second on targeted servers that eventually leads to resource exhaustion.
  - See this Microsoft Response blog for more information.
- Skype for Business Elevation of Privilege Vulnerability (CVE-2023-41763)
  - An unauthenticated attacker could leverage this vulnerability to force the Skype for Business server to make a HTTP request to an attacker-controlled host which could reveal the IP or port of the Skype for Business server. Microsoft states that in some cases, the exposed information may be sufficient for an attacker to gain access to the internal network.
- Microsoft WordPad Information Disclosure Vulnerability (CVE-2023-36563)
  - This information disclosure vulnerability could result in the disclosure of NTLM hashes if a local user was tricked into opening a malicious file.

CVE/Advisory	Title	Tag	Microsoft Severity Rating	Base Score	Microsoft Impact	Exploited	Publicly Disclosed
CVE-2023-35349	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Critical	9.8	Remote Code Execution	No	No
CVE-2023-36902	Windows Runtime Remote Code Execution Vulnerability	Windows Client/Server Runtime Subsystem	Important	7	Remote Code Execution	No	No
CVE-2023-38171	Microsoft QUIC Denial of Service Vulnerability	Microsoft QUIC	Important	7.5	Denial of Service	No	No
CVE-2023-36737	Azure Network Watcher VM Agent Elevation of Privilege Vulnerability	Azure	Important	7.8	Elevation of Privilege	No	No
CVE-2023-41763	Skype for Business Elevation of Privilege Vulnerability	Skype for Business	Important	5.3	Elevation of Privilege	Yes	Yes
CVE-2023-41765	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	Windows Layer 2 Tunneling Protocol	Critical	8.1	Remote Code Execution	No	No
CVE-2023-41766	Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability	Client Server Run-time Subsystem (CSRSS)	Important	7.8	Elevation of Privilege	No	No
CVE-2023-41767	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	Windows Layer 2 Tunneling Protocol	Critical	8.1	Remote Code Execution	No	No
CVE-2023-41768	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	Windows Layer 2 Tunneling Protocol	Critical	8.1	Remote Code Execution	No	No
CVE-2023-41769	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	Windows Layer 2 Tunneling Protocol	Critical	8.1	Remote Code Execution	No	No
CVE-2023-41770	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	Windows Layer 2 Tunneling Protocol	Critical	8.1	Remote Code Execution	No	No
CVE-2023-41771	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	Windows Layer 2 Tunneling Protocol	Critical	8.1	Remote Code Execution	No	No
CVE-2023-41772	Win32k Elevation of Privilege Vulnerability	Windows Win32K	Important	7.8	Elevation of Privilege	No	No
CVE-2023-41773	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	Windows Layer 2 Tunneling Protocol	Critical	8.1	Remote Code Execution	No	No
CVE-2023-41774	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	Windows Layer 2 Tunneling Protocol	Critical	8.1	Remote Code Execution	No	No
CVE-2023-36732	Win32k Elevation of Privilege Vulnerability	Windows Win32K	Important	7.8	Elevation of Privilege	No	No
CVE-2023-36731	Win32k Elevation of Privilege Vulnerability	Windows Win32K	Important	7.8	Elevation of Privilege	No	No
CVE-2023-36730	Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability	SQL Server	Important	7.8	Remote Code Execution	No	No
CVE-2023-36729	Named Pipe File System Elevation of Privilege Vulnerability	Windows Named Pipe File System	Important	7.8	Elevation of Privilege	No	No
CVE-2023-36728	Microsoft SQL Server Denial of Service Vulnerability	SQL Server	Important	5.5	Denial of Service	No	No
CVE-2023-36726	Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability	Windows IKE Extension	Important	7.8	Elevation of Privilege	No	No
CVE-2023-36725	Windows Kernel Elevation of Privilege Vulnerability	Windows NT OS Kernel	Important	7.8	Elevation of Privilege	No	No
CVE-2023-36724	Windows Power Management Service Information Disclosure Vulnerability	Windows Power Management Service	Important	5.5	Information Disclosure	No	No
CVE-2023-36723	Windows Container Manager Service Elevation of Privilege Vulnerability	Windows Container Manager Service	Important	7.8	Elevation of Privilege	No	No
CVE-2023-36722	Active Directory Domain Services Information Disclosure Vulnerability	Active Directory Domain Services	Important	4.4	Information Disclosure	No	No
CVE-2023-36721	Windows Error Reporting Service Elevation of Privilege Vulnerability	Windows Error Reporting	Important	7	Elevation of Privilege	No	No
CVE-2023-36720	Windows Mixed Reality Developer Tools Denial of Service Vulnerability	Windows Mixed Reality Developer Tools	Important	7.5	Denial of Service	No	No
CVE-2023-36718	Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability	Windows Virtual Trusted Platform Module	Critical	7.8	Remote Code Execution	No	No
CVE-2023-36717	Windows Virtual Trusted Platform Module Denial of Service Vulnerability	Windows TPM	Important	6.5	Denial of Service	No	No
CVE-2023-36713	Windows Common Log File System Driver Information Disclosure Vulnerability	Windows Common Log File System Driver	Important	5.5	Information Disclosure	No	No
CVE-2023-36712	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	7.8	Elevation of Privilege	No	No
CVE-2023-36711	Windows Runtime C++ Template Library Elevation of Privilege Vulnerability	Windows Runtime C++ Template Library	Important	7.8	Elevation of Privilege	No	No
CVE-2023-36710	Windows Media Foundation Core Remote Code Execution Vulnerability	Microsoft Windows Media Foundation	Important	7.8	Remote Code Execution	No	No
CVE-2023-36709	Microsoft AllJoyn API Denial of Service Vulnerability	Windows AllJoyn API	Important	7.5	Denial of Service	No	No
CVE-2023-36707	Windows Deployment Services Denial of Service Vulnerability	Windows Deployment Services	Important	6.5	Denial of Service	No	No
CVE-2023-36706	Windows Deployment Services Information Disclosure Vulnerability	Windows Deployment Services	Important	6.5	Information Disclosure	No	No
CVE-2023-36704	Windows Setup Files Cleanup Remote Code Execution Vulnerability	Windows Setup Files Cleanup	Important	7.8	Remote Code Execution	No	No
CVE-2023-36703	DHCP Server Service Denial of Service Vulnerability	Windows DHCP Server	Important	7.5	Denial of Service	No	No
CVE-2023-36702	Microsoft DirectMusic Remote Code Execution Vulnerability	Windows Microsoft DirectMusic	Important	7.8	Remote Code Execution	No	No
CVE-2023-36701	Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability	Windows Resilient File System (ReFS)	Important	7.8	Elevation of Privilege	No	No
CVE-2023-36698	Windows Kernel Security Feature Bypass Vulnerability	Windows Kernel	Important	3.6	Security Feature Bypass	No	No
CVE-2023-36697	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Critical	6.8	Remote Code Execution	No	No
CVE-2023-36606	Microsoft Message Queuing Denial of Service Vulnerability	Windows Message Queuing	Important	7.5	Denial of Service	No	No
CVE-2023-36605	Windows Named Pipe Filesystem Elevation of Privilege Vulnerability	Windows Named Pipe File System	Important	7.4	Elevation of Privilege	No	No
CVE-2023-36603	Windows TCP/IP Denial of Service Vulnerability	Windows TCP/IP	Important	7.5	Denial of Service	No	No
CVE-2023-36602	Windows TCP/IP Denial of Service Vulnerability	Windows TCP/IP	Important	7.5	Denial of Service	No	No
CVE-2023-36598	Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability	SQL Server	Important	7.8	Remote Code Execution	No	No
CVE-2023-36596	Remote Procedure Call Information Disclosure Vulnerability	Windows Remote Procedure Call	Important	6.5	Information Disclosure	No	No
CVE-2023-36594	Windows Graphics Component Elevation of Privilege Vulnerability	Microsoft Graphics Component	Important	7.8	Elevation of Privilege	No	No
CVE-2023-36593	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Important	7.8	Remote Code Execution	No	No
CVE-2023-36592	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Important	7.3	Remote Code Execution	No	No
CVE-2023-36591	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Important	7.3	Remote Code Execution	No	No
CVE-2023-36590	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Important	7.3	Remote Code Execution	No	No
CVE-2023-36589	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Important	7.3	Remote Code Execution	No	No
CVE-2023-36585	Active Template Library Denial of Service Vulnerability	Windows Active Template Library	Important	7.5	Denial of Service	No	No
CVE-2023-36584	Windows Mark of the Web Security Feature Bypass Vulnerability	Windows Mark of the Web (MOTW)	Important	5.4	Security Feature Bypass	No	No
CVE-2023-36583	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Important	7.3	Remote Code Execution	No	No
CVE-2023-36582	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Important	7.3	Remote Code Execution	No	No
CVE-2023-36581	Microsoft Message Queuing Denial of Service Vulnerability	Windows Message Queuing	Important	7.5	Denial of Service	No	No
CVE-2023-36579	Microsoft Message Queuing Denial of Service Vulnerability	Windows Message Queuing	Important	7.5	Denial of Service	No	No
CVE-2023-36578	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Important	7.3	Remote Code Execution	No	No
CVE-2023-36577	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	Microsoft WDAC OLE DB provider for SQL	Important	8.8	Remote Code Execution	No	No
CVE-2023-36576	Windows Kernel Information Disclosure Vulnerability	Windows Kernel	Important	5.5	Information Disclosure	No	No
CVE-2023-36575	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Important	7.3	Remote Code Execution	No	No
CVE-2023-36574	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Important	7.3	Remote Code Execution	No	No
CVE-2023-36573	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Important	7.3	Remote Code Execution	No	No
CVE-2023-36572	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Important	7.3	Remote Code Execution	No	No
CVE-2023-36571	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Important	7.3	Remote Code Execution	No	No
CVE-2023-36570	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Important	7.3	Remote Code Execution	No	No
CVE-2023-36569	Microsoft Office Elevation of Privilege Vulnerability	Microsoft Office	Important	8.4	Elevation of Privilege	No	No
CVE-2023-36568	Microsoft Office Click-To-Run Elevation of Privilege Vulnerability	Microsoft Office	Important	7	Elevation of Privilege	No	No
CVE-2023-36567	Windows Deployment Services Information Disclosure Vulnerability	Windows Deployment Services	Important	7.5	Information Disclosure	No	No
CVE-2023-36564	Windows Search Security Feature Bypass Vulnerability	Microsoft Windows Search Component	Important	6.5	Security Feature Bypass	No	No
CVE-2023-36563	Microsoft WordPad Information Disclosure Vulnerability	Microsoft WordPad	Important	6.5	Information Disclosure	Yes	Yes
CVE-2023-36561	Azure DevOps Server Elevation of Privilege Vulnerability	Azure DevOps	Important	7.3	Elevation of Privilege	No	No
CVE-2023-36557	PrintHTML API Remote Code Execution Vulnerability	Windows HTML Platform	Important	7.8	Remote Code Execution	No	No
CVE-2023-36438	Windows TCP/IP Information Disclosure Vulnerability	Windows TCP/IP	Important	7.5	Information Disclosure	No	No
CVE-2023-36435	Microsoft QUIC Denial of Service Vulnerability	Microsoft QUIC	Important	7.5	Denial of Service	No	No
CVE-2023-36434	Windows IIS Server Elevation of Privilege Vulnerability	Windows IIS	Important	9.8	Elevation of Privilege	No	No
CVE-2023-36433	Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability	Microsoft Dynamics	Important	6.5	Information Disclosure	No	No
CVE-2023-36431	Microsoft Message Queuing Denial of Service Vulnerability	Windows Message Queuing	Important	7.5	Denial of Service	No	No
CVE-2023-36429	Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability	Microsoft Dynamics	Important	6.5	Information Disclosure	No	No
CVE-2023-36420	Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability	SQL Server	Important	7.3	Remote Code Execution	No	No
CVE-2023-36419	Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability	Azure	Important	8.8	Elevation of Privilege	No	No
CVE-2023-36417	Microsoft SQL ODBC Driver Remote Code Execution Vulnerability	SQL Server	Important	7.8	Remote Code Execution	No	No
CVE-2023-44487	MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack	HTTP/2	Important	N/A	Denial of Service	Yes	No
CVE-2023-29348	Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability	Windows RDP	Important	6.5	Information Disclosure	No	No
CVE-2023-38166	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	Windows Layer 2 Tunneling Protocol	Critical	8.1	Remote Code Execution	No	No
CVE-2023-38159	Windows Graphics Component Elevation of Privilege Vulnerability	Microsoft Graphics Component	Important	7	Elevation of Privilege	No	No
CVE-2023-36790	Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability	Windows RDP	Important	7.8	Elevation of Privilege	No	No
CVE-2023-36789	Skype for Business Remote Code Execution Vulnerability	Skype for Business	Important	7.2	Remote Code Execution	No	No
CVE-2023-36786	Skype for Business Remote Code Execution Vulnerability	Skype for Business	Important	7.2	Remote Code Execution	No	No
CVE-2023-36785	Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability	SQL Server	Important	7.8	Remote Code Execution	No	No
CVE-2023-36780	Skype for Business Remote Code Execution Vulnerability	Skype for Business	Important	7.2	Remote Code Execution	No	No
CVE-2023-36778	Microsoft Exchange Server Remote Code Execution Vulnerability	Microsoft Exchange Server	Important	8	Remote Code Execution	No	No
CVE-2023-36776	Win32k Elevation of Privilege Vulnerability	Windows Win32K	Important	7	Elevation of Privilege	No	No
CVE-2023-36743	Win32k Elevation of Privilege Vulnerability	Windows Win32K	Important	7.8	Elevation of Privilege	No	No
CVE-2023-36566	Microsoft Common Data Model SDK Denial of Service Vulnerability	Microsoft Common Data Model SDK	Important	6.5	Denial of Service	No	No
CVE-2023-36565	Microsoft Office Graphics Elevation of Privilege Vulnerability	Microsoft Office	Important	7	Elevation of Privilege	No	No
CVE-2023-36436	Windows MSHTML Platform Remote Code Execution Vulnerability	Windows HTML Platform	Important	7.8	Remote Code Execution	No	No
CVE-2023-36418	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Azure Real Time Operating System	Important	7.8	Remote Code Execution	No	No
CVE-2023-36416	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Microsoft Dynamics	Important	6.1	Spoofing	No	No
CVE-2023-36415	Azure Identity SDK Remote Code Execution Vulnerability	Azure SDK	Important	8.8	Remote Code Execution	No	No
CVE-2023-36414	Azure Identity SDK Remote Code Execution Vulnerability	Azure SDK	Important	8.8	Remote Code Execution	No	No

Prioritize the right vulnerabilities and accelerate your time-to-remediation

Watch this 3-minute video to see what Frontline VM can do for you.

Watch now

9 Vulnerability Management Pitfalls to Avoid

Vulnerability management (VM) can seem unmanageable at times. But the key to successful VM is working smarter rather than harder. If you approach VM intelligently and prioritize appropriately, you can keep the number of resulting tasks from spiraling out of control.

As with any on-going security practice, there are countless ways you can botch VM. Often the devil is in the details as well as the larger processes. That’s why it’s a good practice to step back and evaluate your vulnerability management program from end to end.

Below we list a few common pitfalls organizations need to avoid when it comes to vulnerability management.

Limited Scanning

Are you limiting your scanning to server-only or external-only scans? If so, you are missing the big picture. External scans look for vulnerabilities in your firewalls which attackers could exploit to access your network. These can include weak security configurations or unpatched protection software. Internal scans look for weaknesses within your network, such as poor configurations or even malware that has been downloaded. Both internal and external assets are vital to examine. You cannot make sound remediation decisions based on incomplete information, so don’t limit your scans to one or the other.

Incomplete Scanning

Are you using an up-to-date Configuration Management Database (CMDB) to inform your scanning? If not, your scans could be inadvertently skipping vital assets. Be sure your CMDB is a complete and accurate representation of your assets and their interdependencies. This will help prevent the creation of scanning blind spots.

Wasted Scanning

Are you running scans and ignoring the results? If so, you are wasting time and resources, not to mention squandering an opportunity. We all know it can be tempting to just run required scans to “check a box”. However, if you do not have a plan for reviewing results and developing remediation actions, you are missing a chance to make your systems more secure. That’s not a sound business practice.

Perhaps you are hesitant to address scan results because your team is small with limited bandwidth. In these instances you must heavily prioritize your scan results. You can make a long list more manageable with several layers of prioritization, including the use of vital risk context and threat intelligence. These can help you highlight just what vulnerabilities are the most critical to your organization and what actions are absolutely necessary. By addressing the right critical vulnerabilities immediately, you can avoid wasting resources on tasks that don’t move the needle and avoid the damage caused by an exploited vulnerability.

Improper Scanning Cadence

Are you running scans too infrequently? Or are you running them so often that they are more of a monitoring tool? If you are doing either, you are undermining your own VM efforts. It’s crucial to identify the scanning frequency that works for your organization. If you misuse scanning, you could potentially be placing unnecessary strain on bandwidth and target assets. If you run scans too infrequently, you could miss vulnerabilities and increase the likelihood that a flaw will be exploited against your system. The longer a flaw exists undiscovered, the more exposed to a breach your network becomes. To ensure you keep VM effective and manageable, assess your team’s capabilities and strike the right balance with your scanning cadence.

Restricted Scanning Results

Are you refusing to whitelist your vulnerability scanner? If so, you are not getting an accurate read on the potential vulnerabilities that exist behind your firewall. Firewall security is set up to deny malicious traffic. However, scanning results can come across as malicious because of their subject matter. Therefore, if you don’t whitelist your scanner, your firewall will deny the scanner traffic. This will result in artificially positive scanning results which can lead to a false sense of security.

Mismanaged Scanning Results

Have you been tossing giant lists of unprioritized, unvetted vulnerabilities to your team? If so, you are most likely “helping” them become less effective and less efficient. Don’t overwhelm your team with a horde of vulnerabilities that haven’t been ranked and then ask them to create order out of chaos. Use agreed upon criteria in conjunction with risk-based vulnerability management tools to sort, filter, and prioritize lists before they are handed over. The right vulnerability management solution will offer features that enable effective ranking, as well as the ability to monitor progress.

Mitigation without Remediation

When you address vulnerabilities, are you just performing fixes or stop-gap measures without any cause analysis? If so, your team will likely run up against similar issues again and again. You must identify how vulnerabilities occur or you won’t be able to avoid recurrence in the future. Fixes alone address the “symptoms”, but not the “disease” that is causing them. Be sure your team is prepared to uncover and address the root of vulnerabilities as well as provide a remedy.

Endless Exceptions

Do you have a list of exceptions that don’t have an expiration date? If so, you could be permanently ignoring some vulnerabilities that still require remediation. In VM, exceptions are made for a variety of reasons. Some are false positives that represent vulnerabilities that have already been addressed, but that some automated scans cannot distinguish as patched. Others are delayed actions, which are usually vulnerabilities that cannot be addressed within the Service Level Agreement’s (SLA’s) specified time period. This type of exception must be given an expiration date to ensure it gets addressed in the future. If you do not assign expiration dates, you run the risk of creating an ever-growing list of vulnerability exceptions with endless shelf lives. And the longer they persist, the more vulnerable your organization becomes.

Needless VM Complications

Are you using a complex vulnerability management (VM) solution because you think complexity = effectiveness? If so, you are not operating as efficiently and as effectively as you could be. Once upon a time, complicated vulnerability management was the only way to go. Large, unreadable, unactionable lists of vulnerabilities were just an accepted part of IT. But no more. There are much better options available today.

You need a VM solution designed to empower IT teams with powerful technology that is easy to use. Additionally, you should look for a SaaS-based vulnerability management tool that provides an easily deployed, flexible solution that can grow and change with your business. The right VM solution will provide filtering, sorting, and ranking features that can prioritize your vulnerabilities and help you maximize your IT team’s productivity.

Life in IT is challenging enough without adding needless complexity. Your organization will need easy-to-use, powerful technology with a user-friendly interface to simplify and streamline your VM efforts.

See How the Right Solution Makes Vulnerability Management More Effective

The Case for Risk-Based Vulnerability Management

Get the Guide

Patch Tuesday Update - July 2023

Today’s Microsoft Security Update addressed 130 vulnerabilities, including 9 that are rated as Critical. This is double the number fixed from last month, June 2023.

Microsoft included two security advisories this month, ADV230001 and ADV230002.
The ADV230001 security advisory addresses some drivers that were certified by the Microsoft’s Windows Hardware Developer Program (MWHDP) that have been used maliciously in post-exploitation activities. Microsoft has suspended the developer accounts related to the affected drivers, marked the drivers as untrusted and revoked the affected driver signing certificates.

Multiple vulnerabilities included in this month’s Patch Tuesday are currently being exploited in the wild including one which does not currently have a patch, CVE-2023-36884.

CVE-2023-32046 requires a specially crafted file to exploit this vulnerability and would grant the attacker the same privileges as the user that executed it.
CVE-2023-32049 could allow attackers to use this vulnerability to bypass the Open File – Security Warning prompt. User interaction is required for this attack as an attacker would be required to convince a user to click on a malicious URL.
CVE-2023-36874 is a vulnerability that can be leveraged by an attacker to escalate privileges to that of an administrator.
CVE-2023-36884 Microsoft is aware of targeted attacks attempting to exploit this vulnerability via a crafted Microsoft Office document to achieve remote code execution. However, for the attack to be successful the attacker would have to trick the victim into opening the malicious file. While this vulnerability does not currently have a patch, Microsoft has provided multiple mitigations until a patch is available. More information on the mitigations can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884.
CVE-2023-35311 is a vulnerability that would allow an attacker to bypass the Microsoft Outlook Security Notice prompt, but does require user interaction to be compromised by the attacker.

CVE/Advisory	Title	Tag	Microsoft Severity Rating	Base Score	Microsoft Impact	Exploited	Publicly Disclosed
CVE-2023-21756	Windows Win32k Elevation of Privilege Vulnerability	Microsoft Graphics Component	Important	7.8	Elevation of Privilege	No	No
CVE-2023-33148	Microsoft Office Elevation of Privilege Vulnerability	Microsoft Office	Important	7.8	Elevation of Privilege	No	No
CVE-2023-33149	Microsoft Office Graphics Remote Code Execution Vulnerability	Microsoft Graphics Component	Important	7.8	Remote Code Execution	No	No
CVE-2023-33150	Microsoft Office Security Feature Bypass Vulnerability	Microsoft Office	Important	9.6	Security Feature Bypass	No	No
CVE-2023-33151	Microsoft Outlook Spoofing Vulnerability	Microsoft Office Outlook	Important	6.5	Spoofing	No	No
CVE-2023-33152	Microsoft ActiveX Remote Code Execution Vulnerability	Microsoft Office Access	Important	7	Remote Code Execution	No	No
CVE-2023-33153	Microsoft Outlook Remote Code Execution Vulnerability	Microsoft Office Outlook	Important	6.8	Remote Code Execution	No	No
CVE-2023-33165	Microsoft SharePoint Server Security Feature Bypass Vulnerability	Microsoft Office SharePoint	Important	4.3	Security Feature Bypass	No	No
CVE-2023-33166	Remote Procedure Call Runtime Denial of Service Vulnerability	Windows Remote Procedure Call	Important	6.5	Denial of Service	No	No
CVE-2023-33167	Remote Procedure Call Runtime Denial of Service Vulnerability	Windows Remote Procedure Call	Important	6.5	Denial of Service	No	No
CVE-2023-33168	Remote Procedure Call Runtime Denial of Service Vulnerability	Windows Remote Procedure Call	Important	6.5	Denial of Service	No	No
CVE-2023-33169	Remote Procedure Call Runtime Denial of Service Vulnerability	Windows Remote Procedure Call	Important	6.5	Denial of Service	No	No
CVE-2023-33172	Remote Procedure Call Runtime Denial of Service Vulnerability	Windows Remote Procedure Call	Important	6.5	Denial of Service	No	No
CVE-2023-33173	Remote Procedure Call Runtime Denial of Service Vulnerability	Windows Remote Procedure Call	Important	6.5	Denial of Service	No	No
CVE-2023-33174	Windows Cryptographic Information Disclosure Vulnerability	Windows Cryptographic Services	Important	5.5	Information Disclosure	No	No
CVE-2023-32033	Microsoft Failover Cluster Remote Code Execution Vulnerability	Windows Cluster Server	Important	6.6	Remote Code Execution	No	No
CVE-2023-32034	Remote Procedure Call Runtime Denial of Service Vulnerability	Windows Remote Procedure Call	Important	6.5	Denial of Service	No	No
CVE-2023-32035	Remote Procedure Call Runtime Denial of Service Vulnerability	Windows Remote Procedure Call	Important	6.5	Denial of Service	No	No
CVE-2023-32037	Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability	Windows Layer 2 Tunneling Protocol	Important	6.5	Information Disclosure	No	No
CVE-2023-32038	Microsoft ODBC Driver Remote Code Execution Vulnerability	Windows ODBC Driver	Important	8.8	Remote Code Execution	No	No
CVE-2023-32039	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	Microsoft Printer Drivers	Important	5.5	Information Disclosure	No	No
CVE-2023-32040	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	Microsoft Printer Drivers	Important	5.5	Information Disclosure	No	No
CVE-2023-32041	Windows Update Orchestrator Service Information Disclosure Vulnerability	Windows Update Orchestrator Service	Important	5.5	Information Disclosure	No	No
CVE-2023-32042	OLE Automation Information Disclosure Vulnerability	Windows OLE	Important	6.5	Information Disclosure	No	No
CVE-2023-32043	Windows Remote Desktop Security Feature Bypass Vulnerability	Windows Remote Desktop	Important	6.8	Security Feature Bypass	No	No
CVE-2023-32044	Microsoft Message Queuing Denial of Service Vulnerability	Windows Message Queuing	Important	7.5	Denial of Service	No	No
CVE-2023-32045	Microsoft Message Queuing Denial of Service Vulnerability	Windows Message Queuing	Important	7.5	Denial of Service	No	No
CVE-2023-32046	Windows MSHTML Platform Elevation of Privilege Vulnerability	Windows MSHTML Platform	Important	7.8	Elevation of Privilege	Yes	No
CVE-2023-32047	Paint 3D Remote Code Execution Vulnerability	Paint 3D	Important	7.8	Remote Code Execution	No	No
ADV230002	Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI Modules	Windows EFI Partition	Important	N/A	Security Feature Bypass	No	No
CVE-2023-32049	Windows SmartScreen Security Feature Bypass Vulnerability	Windows SmartScreen	Important	8.8	Security Feature Bypass	Yes	No
CVE-2023-32050	Windows Installer Elevation of Privilege Vulnerability	Windows Installer	Important	7	Elevation of Privilege	No	No
CVE-2023-32051	Raw Image Extension Remote Code Execution Vulnerability	Microsoft Windows Codecs Library	Important	7.8	Remote Code Execution	No	No
CVE-2023-35313	Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability	Windows Online Certificate Status Protocol (OCSP) SnapIn	Important	7.8	Remote Code Execution	No	No
CVE-2023-35314	Remote Procedure Call Runtime Denial of Service Vulnerability	Windows Remote Procedure Call	Important	6.5	Denial of Service	No	No
CVE-2023-35315	Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability	Windows Layer-2 Bridge Network Driver	Critical	8.8	Remote Code Execution	No	No
CVE-2023-35316	Remote Procedure Call Runtime Information Disclosure Vulnerability	Windows Remote Procedure Call	Important	6.5	Information Disclosure	No	No
CVE-2023-35317	Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability	Windows Server Update Service	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35318	Remote Procedure Call Runtime Denial of Service Vulnerability	Windows Remote Procedure Call	Important	6.5	Denial of Service	No	No
CVE-2023-35319	Remote Procedure Call Runtime Denial of Service Vulnerability	Windows Remote Procedure Call	Important	6.5	Denial of Service	No	No
CVE-2023-35320	Connected User Experiences and Telemetry Elevation of Privilege Vulnerability	Windows Connected User Experiences and Telemetry	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35321	Windows Deployment Services Denial of Service Vulnerability	Windows Deployment Services	Important	6.5	Denial of Service	No	No
CVE-2023-35322	Windows Deployment Services Remote Code Execution Vulnerability	Windows Deployment Services	Important	8.8	Remote Code Execution	No	No
CVE-2023-35323	Windows OLE Remote Code Execution Vulnerability	Windows Online Certificate Status Protocol (OCSP) SnapIn	Important	7.8	Remote Code Execution	No	No
CVE-2023-35324	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	Microsoft Printer Drivers	Important	5.5	Information Disclosure	No	No
CVE-2023-35325	Windows Print Spooler Information Disclosure Vulnerability	Windows Print Spooler Components	Important	7.5	Information Disclosure	No	No
CVE-2023-35326	Windows CDP User Components Information Disclosure Vulnerability	Windows CDP User Components	Important	5.5	Information Disclosure	No	No
CVE-2023-35328	Windows Transaction Manager Elevation of Privilege Vulnerability	Windows Transaction Manager	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35329	Windows Authentication Denial of Service Vulnerability	Windows Authentication Methods	Important	6.5	Denial of Service	No	No
CVE-2023-35330	Windows Extended Negotiation Denial of Service Vulnerability	Windows SPNEGO Extended Negotiation	Important	7.5	Denial of Service	No	No
CVE-2023-35331	Windows Local Security Authority (LSA) Denial of Service Vulnerability	Windows Local Security Authority (LSA)	Important	6.5	Denial of Service	No	No
CVE-2023-35332	Windows Remote Desktop Protocol Security Feature Bypass	Windows Remote Desktop	Important	6.8	Security Feature Bypass	No	No
CVE-2023-35333	MediaWiki PandocUpload Extension Remote Code Execution Vulnerability	Microsoft Media-Wiki Extensions	Important	8.8	Remote Code Execution	No	No
CVE-2023-35336	Windows MSHTML Platform Security Feature Bypass Vulnerability	Windows MSHTML Platform	Important	6.5	Security Feature Bypass	No	No
CVE-2023-35337	Win32k Elevation of Privilege Vulnerability	Windows Win32K	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35338	Windows Peer Name Resolution Protocol Denial of Service Vulnerability	Windows Peer Name Resolution Protocol	Important	7.5	Denial of Service	No	No
CVE-2023-35339	Windows CryptoAPI Denial of Service Vulnerability	Windows CryptoAPI	Important	7.5	Denial of Service	No	No
CVE-2023-35340	Windows CNG Key Isolation Service Elevation of Privilege Vulnerability	Windows CNG Key Isolation Service	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35341	Microsoft DirectMusic Information Disclosure Vulnerability	Windows Media	Important	6.2	Information Disclosure	No	No
CVE-2023-35342	Windows Image Acquisition Elevation of Privilege Vulnerability	Windows Image Acquisition	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35343	Windows Geolocation Service Remote Code Execution Vulnerability	Windows Geolocation Service	Important	7.8	Remote Code Execution	No	No
CVE-2023-35344	Windows DNS Server Remote Code Execution Vulnerability	Role: DNS Server	Important	6.6	Remote Code Execution	No	No
CVE-2023-35345	Windows DNS Server Remote Code Execution Vulnerability	Role: DNS Server	Important	6.6	Remote Code Execution	No	No
CVE-2023-35346	Windows DNS Server Remote Code Execution Vulnerability	Role: DNS Server	Important	6.6	Remote Code Execution	No	No
CVE-2023-35347	Microsoft Install Service Elevation of Privilege Vulnerability	Windows App Store	Important	7.1	Elevation of Privilege	No	No
CVE-2023-35348	Active Directory Federation Service Security Feature Bypass Vulnerability	Azure Active Directory	Important	7.5	Security Feature Bypass	No	No
CVE-2023-35350	Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability	Windows Active Directory Certificate Services	Important	7.2	Remote Code Execution	No	No
CVE-2023-35351	Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability	Windows Active Directory Certificate Services	Important	6.6	Remote Code Execution	No	No
CVE-2023-35352	Windows Remote Desktop Security Feature Bypass Vulnerability	Windows Remote Desktop	Critical	7.5	Security Feature Bypass	No	No
CVE-2023-35353	Connected User Experiences and Telemetry Elevation of Privilege Vulnerability	Windows Connected User Experiences and Telemetry	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35356	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35357	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35358	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35360	Windows Kernel Elevation of Privilege Vulnerability	Windows NT OS Kernel	Important	7	Elevation of Privilege	No	No
CVE-2023-35361	Windows Kernel Elevation of Privilege Vulnerability	Windows NT OS Kernel	Important	7	Elevation of Privilege	No	No
CVE-2023-35362	Windows Clip Service Elevation of Privilege Vulnerability	Windows Clip Service	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35363	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35364	Windows Kernel Elevation of Privilege Vulnerability	Windows NT OS Kernel	Important	8.8	Elevation of Privilege	No	No
CVE-2023-35365	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Critical	9.8	Remote Code Execution	No	No
CVE-2023-35366	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Critical	9.8	Remote Code Execution	No	No
CVE-2023-35367	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Critical	9.8	Remote Code Execution	No	No
CVE-2023-36872	VP9 Video Extensions Information Disclosure Vulnerability	Microsoft Windows Codecs Library	Important	5.5	Information Disclosure	No	No
CVE-2023-36874	Windows Error Reporting Service Elevation of Privilege Vulnerability	Windows Error Reporting	Important	7.8	Elevation of Privilege	Yes	No
CVE-2023-36884	Office and Windows HTML Remote Code Execution Vulnerability	Microsoft Office	Important	8.3	Remote Code Execution	Yes	Yes
CVE-2023-21526	Windows Netlogon Information Disclosure Vulnerability	Windows Netlogon	Important	7.4	Information Disclosure	No	No
ADV230001	Guidance on Microsoft Signed Drivers Being Used Maliciously	Windows Certificates	None	N/A	Defense in Depth	Yes	No
CVE-2023-29347	Windows Admin Center Spoofing Vulnerability	Windows Admin Center	Important	8.7	Spoofing	No	No
CVE-2023-33127	.NET and Visual Studio Elevation of Privilege Vulnerability	.NET and Visual Studio	Important	8.1	Elevation of Privilege	No	No
CVE-2023-33134	Microsoft SharePoint Server Remote Code Execution Vulnerability	Microsoft Office SharePoint	Important	8.8	Remote Code Execution	No	No
CVE-2023-33154	Windows Partition Management Driver Elevation of Privilege Vulnerability	Windows Partition Management Driver	Important	7.8	Elevation of Privilege	No	No
CVE-2023-33155	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Windows Cloud Files Mini Filter Driver	Important	7.8	Elevation of Privilege	No	No
CVE-2023-33156	Microsoft Defender Elevation of Privilege Vulnerability	Windows Defender	Important	6.3	Elevation of Privilege	No	No
CVE-2023-33157	Microsoft SharePoint Remote Code Execution Vulnerability	Microsoft Office SharePoint	Critical	8.8	Remote Code Execution	No	No
CVE-2023-33158	Microsoft Excel Remote Code Execution Vulnerability	Microsoft Office Excel	Important	7.8	Remote Code Execution	No	No
CVE-2023-33159	Microsoft SharePoint Server Spoofing Vulnerability	Microsoft Office SharePoint	Important	8.8	Spoofing	No	No
CVE-2023-33160	Microsoft SharePoint Server Remote Code Execution Vulnerability	Microsoft Office SharePoint	Critical	8.8	Remote Code Execution	No	No
CVE-2023-33161	Microsoft Excel Remote Code Execution Vulnerability	Microsoft Office Excel	Important	7.8	Remote Code Execution	No	No
CVE-2023-33162	Microsoft Excel Information Disclosure Vulnerability	Microsoft Office Excel	Important	5.5	Information Disclosure	No	No
CVE-2023-33163	Windows Network Load Balancing Remote Code Execution Vulnerability	Windows Network Load Balancing	Important	7.5	Remote Code Execution	No	No
CVE-2023-33164	Remote Procedure Call Runtime Denial of Service Vulnerability	Windows Remote Procedure Call	Important	6.5	Denial of Service	No	No
CVE-2023-33170	ASP.NET and Visual Studio Security Feature Bypass Vulnerability	ASP.NET and Visual Studio	Important	8.1	Security Feature Bypass	No	No
CVE-2023-33171	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Microsoft Dynamics	Important	8.2	Spoofing	No	No
CVE-2023-32052	Microsoft Power Apps Spoofing Vulnerability	Microsoft Power Apps	Important	5.4	Spoofing	No	No
CVE-2023-32053	Windows Installer Elevation of Privilege Vulnerability	Windows Installer	Important	7.8	Elevation of Privilege	No	No
CVE-2023-32054	Volume Shadow Copy Elevation of Privilege Vulnerability	Windows Volume Shadow Copy	Important	7.3	Elevation of Privilege	No	No
CVE-2023-32055	Active Template Library Elevation of Privilege Vulnerability	Windows Active Template Library	Important	6.7	Elevation of Privilege	No	No
CVE-2023-32056	Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability	Windows Server Update Service	Important	7.8	Elevation of Privilege	No	No
CVE-2023-32057	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Critical	9.8	Remote Code Execution	No	No
CVE-2023-32083	Microsoft Failover Cluster Information Disclosure Vulnerability	Windows Failover Cluster	Important	6.5	Information Disclosure	No	No
CVE-2023-32084	HTTP.sys Denial of Service Vulnerability	Windows HTTP.sys	Important	7.5	Denial of Service	No	No
CVE-2023-32085	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	Microsoft Printer Drivers	Important	5.5	Information Disclosure	No	No
CVE-2023-35296	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	Microsoft Printer Drivers	Important	6.5	Information Disclosure	No	No
CVE-2023-35297	Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability	Windows PGM	Critical	7.5	Remote Code Execution	No	No
CVE-2023-35298	HTTP.sys Denial of Service Vulnerability	Windows HTTP.sys	Important	7.5	Denial of Service	No	No
CVE-2023-35299	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Windows Common Log File System Driver	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35300	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Windows Remote Procedure Call	Important	8.8	Remote Code Execution	No	No
CVE-2023-35302	Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability	Microsoft Printer Drivers	Important	8.8	Remote Code Execution	No	No
CVE-2023-35303	USB Audio Class System Driver Remote Code Execution Vulnerability	Microsoft Windows Codecs Library	Important	8.8	Remote Code Execution	No	No
CVE-2023-35304	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35305	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35306	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	Microsoft Printer Drivers	Important	5.5	Information Disclosure	No	No
CVE-2023-35308	Windows MSHTML Platform Security Feature Bypass Vulnerability	Windows MSHTML Platform	Important	6.5	Security Feature Bypass	No	No
CVE-2023-35309	Microsoft Message Queuing Remote Code Execution Vulnerability	Windows Message Queuing	Important	7.5	Remote Code Execution	No	No
CVE-2023-35310	Windows DNS Server Remote Code Execution Vulnerability	Role: DNS Server	Important	6.6	Remote Code Execution	No	No
CVE-2023-35311	Microsoft Outlook Security Feature Bypass Vulnerability	Microsoft Office Outlook	Important	8.8	Security Feature Bypass	Yes	No
CVE-2023-35312	Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability	Windows VOLSNAP.SYS	Important	7.8	Elevation of Privilege	No	No
CVE-2023-35335	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Microsoft Dynamics	Important	8.2	Spoofing	No	No
CVE-2023-35373	Mono Authenticode Validation Spoofing Vulnerability	Mono Authenticode	Important	5.3	Spoofing	No	No
CVE-2023-35374	Paint 3D Remote Code Execution Vulnerability	Paint 3D	Important	7.8	Remote Code Execution	No	No
CVE-2023-36867	Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability	Visual Studio Code	Important	7.8	Remote Code Execution	No	No
CVE-2023-36868	Azure Service Fabric on Windows Information Disclosure Vulnerability	Service Fabric	Important	6.5	Information Disclosure	No	No
CVE-2023-36871	Azure Active Directory Security Feature Bypass Vulnerability	Azure Active Directory	Important	6.5	Security Feature Bypass

Contact Us

We can help with any cybersecurity questions.

Cybersecurity and the Law: Taking Proactive Steps Before Needing Legal Action

Victims Turn to the Legal System

Attackers Use Laws to their Own Advantage

Preventing Legal Woes with Proactive Measures

Vulnerability Management

Penetration Testing

Red Teaming

Lengthy Legal Actions vs. An Ounce of Offensive Security

Choose the Right VM Option For Your Organization

ENISA’s New Report Highlights Cyber Investments and Pushes Vulnerability Management

Vulnerability Management Timelines

The Top-Listed Threat: Software Supply Chain

Smart Cities as a Single Point of Failure

The Top-Listed Solution: Vulnerability Management

Future Proofing with VM

Taking a Proactive Approach with Fortra VM

Choose the Right VM Option For Your Organization

Patch Tuesday Update - December 2023

Quickly Find and Fix Your Most At-Risk Weaknesses

How to Recover After Failing a Cybersecurity Audit

Consequences of Failing a Cybersecurity Audit

The Culprits Behind Compliance Violations

Recovering from a Failure

Avoiding Failure with a Proactive Strategy

Learn more about proactive security strategies

Debunking Popular Myths About Vulnerability Management

The Most Common VM Myths

Myth #1: It Takes an Expert to Set Up a VM program

Myth #2: Vulnerability Assessments Produce a Laundry List of Results

Myth #3: Regular VM Will Disrupt Operations

Myth #4: If You Have Pen Testing, You Don’t Need VM

Don’t Believe Out-Dated Myths

Why You Should Want a Vulnerability Management Solution

Choose the Right VM Option For Your Organization

Frontline 6.5.7 Release

PCI Self Service Enhancements

General Enhancements

Contact Us

Best Security Practices for Digital Banking

Top Threats Facing Financial Institutions

Unique Challenges of Online-Only Banks

How Financial Institutions Can Protect Themselves

Follow Compliance Regulations

Implement Effective Offensive Security Strategies

Learn more about proactive security strategies

Patch Tuesday Update - October 2023

Prioritize the right vulnerabilities and accelerate your time-to-remediation

9 Vulnerability Management Pitfalls to Avoid

Limited Scanning

Incomplete Scanning

Wasted Scanning

Improper Scanning Cadence

Restricted Scanning Results

Mismanaged Scanning Results

Mitigation without Remediation

Endless Exceptions

Needless VM Complications

See How the Right Solution Makes Vulnerability Management More Effective

Patch Tuesday Update - July 2023

Contact Us

Contact Information

Privacy Policy

Cookie Policy

Impressum