Hello everyone! I am glad to greet you from the most sanctioned country in the world. Despite all the difficulties, we carry on. I even have some time to release new episodes. This time it will be about Microsoft Patch Tuesday for March 2022.
I do the analysis as usual with my open source tool Vulristics. You can still download it on github. I hope that github won’t block Russian repositories and accounts, but for now it looks possible. Most likely, I will just start hosting the sources of my projects on avleonov.com in this case. Or on another domain, if it gets even tougher. Stay tuned.
Hello everyone! This episode will be about Microsoft Patch Tuesday for February 2022. I release it pretty late, because of the my previous big episode about the blindspots in the Knowledge Bases of Vulnerability Scanners. Please take a look if you haven’t seen it. Well, if you are even slightly interested in the world news, you can imagine that the end of February 2022 in Eastern Europe is not the best time to create new content on Vulnerability Management. Let’s hope that peace and tranquility will be restored soon. And also that geopolitical confrontation between the largest nuclear powers will de-escalate somehow.
But let’s get back to information security. While working on Microsoft Patch Tuesday report for February 2022, I made a lot of improvements to my open source project for vulnerability prioritization Vulristics. I want to start with them.
Hello everyone! In this episode, I want to talk about vulnerabilities, news and hype. The easiest way to get timely information on the most important vulnerabilities is to just read the news regularly, right? Well, I will try to reflect on this using two examples from last week.
I have a security news telegram channel https://t.me/avleonovnews that is automatically updated by a script using many RSS feeds. And the script even highlights the news associated with vulnerabilities, exploits and attacks.
Hello everyone! On the one hand, because of the pandemic, we have become more distant from each other. We work mostly remotely from home. Traveling to a conference in another country has become much more difficult than it used to be. Now it is not only expensive. It has become much more difficult to obtain visas, there are restrictions related to vaccines, tests, quarantines, etc. And sometimes the borders are simply closed and it is impossible to get there.
On the other hand, we have become paradoxically closer to each other. Conferences have become much more online-oriented. And the main event of Qualys, QSC 21 Las Vegas, is now available to everyone with no delays or restrictions. This year, I not only watched the show, but also took VMDR training, passed the exam and received a certificate. I want to talk about this in this episode.
Conference
I will only state the main idea. Of course the way I understood it. Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA), btw not related to a security blogger Brian Krebs, started the conference by talking about attacks. There will only be more of them, and it will be more difficult to mitigate these attacks. Of course, if companies could be protected with prohibitive measures, that would be fine. But the problem is that in order for a company to be competitive, it must build the “permissive environment”. Especially in our COVID times.
Hello everyone! Last Week’s Security News, August 1 – August 8.
Black Hat Pwnie Awards
Last week was more quiet than normal with Black Hat USA and DEF CON security conferences. I would like to start with the Pwnie Awards, which are held annually at Black Hat. It’s like an Oscar or Tony in the information security world. Pwnie Awards recognizes both excellence and incompetence. And, in general, is a very respectable, adequate and fun event.
Firstly 2 nominations, which were received by the guys from Qualys. Best Privilege Escalation Bug: Baron Samedit, a 10-year-old exploit in sudo. Most Under-Hyped Research: 21Nails, 21 vulnerabilities in Exim, the Internet’s most popular mail server.
Best Server-Side Bug: Orange Tsai, for his Microsoft Exchange Server ProxyLogon attack surface discoveries.
Most Epic Fail: Microsoft, for their failure to fix PrintNightmare.
In this episode, I would like to share my thoughts about the new Vulnerability Management product by Positive Technologies – MaxPatrol VM. It was presented on November 16th, at the Standoff365 online conference (full video in Russian). The presentation and concept of the product were very good. I really liked them. However, as it always happens on vendor’s events, some critical topics were not covered. So I also want to highlight them. I will try to be as objective as possible. Although it is difficult for me, since I have worked in the company for 6 years, and many of my good friends work there.
Positive Technologies is best known in the Russian Vulnerability Management market. The volume of the Russian VM market in 2019 is $40-46 million. The volume of the world market, according to IDC, is $1.2 billion. So the Russian market is ~3% of the world market. And 78% of it is occupied by Positive Technologies products: Maxpatrol 8 and XSpider. Disclaimer: all numbers are from the Maxpatrol VM presentation and I haven’t done fact checking. But in this case, the numbers are not so important.
I would like to start this post by talking about Microsoft vulnerabilities, which recently turned out to be much more serious than it seemed at first glance.
Older Vulnerabilities with exploits
“Zerologon” Netlogon RCE (CVE-2020-1472)
One of them is, of course, the Netlogon vulnerability from the August 2020 Patch Tuesday. It’s called “Zerologon”. I would not say that Vulnerability Management vendors completely ignored it. But none of them (well, maybe only ZDI) emphasized in their reports that this vulnerability would be a real disaster.
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.
