SMB, Software Review and Windows

Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039)

Tenable

NOVEMBER 12, 2024

Important CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability CVE-2024-43451 is a NTLM hash spoofing vulnerability in Microsoft Windows. Important CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability CVE-2024-49039 is an EoP vulnerability in the Microsoft Windows Task Scheduler.

Windows

Windows Software Review Azure Systems Review

TechCrunch+ roundup: Optimizing acquisition, parental leave tips, riding the downturn express

TechCrunch

FEBRUARY 21, 2023

Use discount code TCPLUSROUNDUP to save 20% off a one- or two-year subscription. ” For example, Gartner found that 41% of SMB customers rely on customer ratings and reviews before making a purchase. .” Which begs the question: When was the last time you checked your reviews on Capterra or GetApp?

Technical Review

Technical Review Software Review Weak Development Team Windows

CVE-2020-0796: "Wormable" Remote Code Execution Vulnerability in Microsoft Server Message Block SMBv3 (ADV200005)

Tenable

MARCH 10, 2020

Critical unpatched “wormable” remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 Successful exploitation of the vulnerability would grant the attacker arbitrary code execution in both SMB Server and SMB Client. The following versions of Microsoft Windows and Windows Server are affected.

Software Review

Software Review SMB Windows LAN

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25

Tenable

OCTOBER 22, 2024

CVE-2010-2568: Windows Shell Remote Code Execution Vulnerability Remote Code Execution Exploited Zero-Day Local Stuxnet High 2010 Why it’s significant: Regarded as one of the most sophisticated cyberespionage tools ever created, Stuxnet was designed to target SCADA systems in industrial environments to reportedly sabotage Iran's nuclear program.

Software Review

Software Review Windows Groups Network

SMBleed (CVE-2020-1206) and SMBLost (CVE-2020-1301) Vulnerabilities Affect Microsoft SMBv3 and SMBv1

Tenable

JUNE 10, 2020

Three months after an out-of-band patch was released for SMBGhost, aka EternalDarkness (CVE-2020-0796), researchers disclosed two new flaws affecting Microsoft’s Server Message Block (SMB) protocol, including working proof-of-concepts. As a result, Microsoft announced in April 2012 that SMB version 2.2 SMB version 3.1.1

Systems Review

Systems Review SMB Software Review Development Team Review

Microsoft’s June 2020 Patch Tuesday Addresses 129 CVEs Including Newly Disclosed SMBv3 Vulnerability (CVE-2020-1206)

Tenable

JUNE 9, 2020

The updates this month include patches for Microsoft Windows, Microsoft Edge, ChakraCore, Internet Explorer, Microsoft Office, Microsoft Office Services and Web Apps, Windows Defender, Microsoft Dynamics, Visual Studio, Azure DevOps and Adobe Flash Player. CVE-2020-1194 | Windows Registry Denial of Service Vulnerability.

SMB

SMB Software Review Systems Review Windows

WannaCry Ransomware Review and Global Impact.

ProtectWise

MAY 15, 2017

WannaCry's primary infection vector is through publicly accessible hosts running an unpatched version of Windows via the SMB protocol. WannaCry spreads primarily over SMB, but it can also use RDP. SMB, in particular, will then be used to send an exploit for the MS17-010 vulnerability. How Does WannaCry Infect a Host?

Systems Review

Systems Review Software Review SMB Malware

Managing Windows 10 Updates and Patches

Kaseya

MAY 4, 2020

It refers to that one day every month when Microsoft provides software updates for its Windows OS, browsers and business applications. These updates fix either security vulnerabilities or bugs in the software. In this blog, we’re going to focus on how to better manage updates for Microsoft Windows 10.

Windows

Windows SMB Software Review Policies

Deploy DeepSeek-R1 Distilled Llama models in Amazon Bedrock

AWS Machine Learning - AI

JANUARY 29, 2025

Their DeepSeek-R1 models represent a family of large language models (LLMs) designed to handle a wide range of tasks, from code generation to general reasoning, while maintaining competitive performance and efficiency. Review the model response and metrics provided.

Generative AI

Generative AI Artificial Inteligence AWS Technical Review

Survey Results Highlight 3 Growth Areas for MSPs: Cybersecurity, Cloud and Automation

Kaseya

AUGUST 2, 2022

For many SMBs, it does not make financial sense to hire a full-fledged IT team and invest in cost-intensive hardware and software. By identifying the needs of SMBs and providing them with the right IT services, MSPs can help them while also unlocking growth opportunities for themselves. Why an SMB needs an MSP.

Survey

Survey SMB Cloud Technical Review

Microsoft’s May 2023 Patch Tuesday Addresses 38 CVEs (CVE-2023-29336)

Tenable

MAY 9, 2023

Important CVE-2023-29336 | Win32k Elevation of Privilege Vulnerability CVE-2023-29336 is an EoP vulnerability in Microsoft’s Win32k, a core kernel-side driver used in Windows. These steps are outlined in KB5025885 which specifies that the May 9, 2023 Windows security updates must be installed first.

Windows

Windows Software Review Systems Review SMB

Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs (CVE-2022-24521)

Tenable

APRIL 12, 2022

Microsoft Windows ALPC. Microsoft Windows Codecs Library. Microsoft Windows Media Foundation. Role: Windows Hyper-V. Visual Studio Code. Windows Ancillary Function Driver for WinSock. Windows App Store. Windows AppX Package Manager. Windows Cluster Client Failover. Windows Defender.

Windows

Windows Systems Review Software Review SMB

Zoom Patches Multiple Flaws and Responds to Security and Privacy Concerns

Tenable

APRIL 3, 2020

Zoom-bombers are not just coming together to randomly invade meetings, but also offering it as a service for people to submit their business or educational meeting codes to intentionally disrupt meetings and online lectures. Zoom Windows client: UNC path injection. On April 1, Zoom announced a fix for a flaw in the Windows client.

Software Review

Software Review Windows Meeting .Net

Automated Patching: Spend Less Time Patching and More Time on the Beach

Kaseya

AUGUST 8, 2022

Due to all these factors, patching has become a perennial thorn in the side of IT professionals. A common way for cybercriminals to gain access to organizations is by exploiting software, web applications and OS vulnerabilities. Software updates often improve the function and capabilities of applications. More system uptime.

Software Review

Software Review Systems Review Compliance Insurance

Active Directory is Now in the Ransomware Crosshairs

Tenable

OCTOBER 28, 2021

The joint CISA, FBI and NSA alert described the following: “According to a recently leaked threat actor “playbook,” Conti actors also exploit vulnerabilities in unpatched assets, such as the following, to escalate privileges and move laterally across a victim’s network: 2017 Microsoft Windows Server Message Block 1.0 BlackMatter .

Software Review

Software Review Windows SMB Network

Microsoft’s July 2021 Patch Tuesday Includes 116 CVEs (CVE-2021-31979, CVE-2021-33771)

Tenable

JULY 13, 2021

Microsoft Windows Codecs Library. Microsoft Windows DNS. Microsoft Windows Media Foundation. Visual Studio Code. Visual Studio Code -.NET Visual Studio Code - Maven for Java Extension. Windows Active Directory. Windows Address Book. Windows AF_UNIX Socket Provider. Windows AppContainer.

Windows

Windows Software Review Malware SMB

Deploy DeepSeek-R1 distilled Llama models with Amazon Bedrock Custom Model Import

AWS Machine Learning - AI

JANUARY 29, 2025

Their DeepSeek-R1 models represent a family of large language models (LLMs) designed to handle a wide range of tasks, from code generation to general reasoning, while maintaining competitive performance and efficiency. Review the model response and metrics provided.

Generative AI

Generative AI Artificial Inteligence AWS Technical Review

Healthcare Security: Ransomware Plays a Prominent Role in COVID-19 Era Breaches

Tenable

MARCH 10, 2021

Healthcare software. Ryuk ransomware, the leading culprit for ransomware attacks against the healthcare industry, is known to favor a number of vulnerabilities, including those associated with Microsoft Server Message Block (SMB) as reported by Trend Micro. Mental health care / rehabilitation. Medical clinic. Government agency.

Healthcare

Healthcare Research Systems Review Analysis

50 Best HIPAA-Compliant Cloud Storage Solutions

Datica

SEPTEMBER 11, 2019

When selecting cloud storage solutions, be sure to do due diligence when researching and evaluating your options. There are no upfront software or hardware costs, minimum commitments, or additional fees. Amazon FSx for Windows File Server ( @awscloud ). Key Features: Native Windows compatibility. Cost: $0.14

Storage

Storage Cloud Backup Disaster Recovery

CISA Directive 22-01: How Tenable Can Help You Find and Fix Known Exploited Vulnerabilities

Tenable

NOVEMBER 10, 2021

The initial CISA catalog includes approximately 300 Common Vulnerabilities and Exposures (CVEs) across dozens of different vendors and software products, 115 of which are either past due or due for remediation by federal agencies on November 17, 2021. Detecting CISA's catalog of known exploited vulnerabilities. Use Tenable.ot

Systems Review

Systems Review Software Review Authentication Policies

CTO Universe

Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039)

TechCrunch+ roundup: Optimizing acquisition, parental leave tips, riding the downturn express

Webinars

Trending Sources

CVE-2020-0796: "Wormable" Remote Code Execution Vulnerability in Microsoft Server Message Block SMBv3 (ADV200005)

Webinars

From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25

SMBleed (CVE-2020-1206) and SMBLost (CVE-2020-1301) Vulnerabilities Affect Microsoft SMBv3 and SMBv1

Microsoft’s June 2020 Patch Tuesday Addresses 129 CVEs Including Newly Disclosed SMBv3 Vulnerability (CVE-2020-1206)

WannaCry Ransomware Review and Global Impact.

Managing Windows 10 Updates and Patches

Deploy DeepSeek-R1 Distilled Llama models in Amazon Bedrock

Survey Results Highlight 3 Growth Areas for MSPs: Cybersecurity, Cloud and Automation

Microsoft’s May 2023 Patch Tuesday Addresses 38 CVEs (CVE-2023-29336)

Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs (CVE-2022-24521)

Zoom Patches Multiple Flaws and Responds to Security and Privacy Concerns

Automated Patching: Spend Less Time Patching and More Time on the Beach

Active Directory is Now in the Ransomware Crosshairs

Top 10 Most Read IT Management Blogs of 2019

Microsoft’s July 2021 Patch Tuesday Includes 116 CVEs (CVE-2021-31979, CVE-2021-33771)

Deploy DeepSeek-R1 distilled Llama models with Amazon Bedrock Custom Model Import

Healthcare Security: Ransomware Plays a Prominent Role in COVID-19 Era Breaches

50 Best HIPAA-Compliant Cloud Storage Solutions

CISA Directive 22-01: How Tenable Can Help You Find and Fix Known Exploited Vulnerabilities

Stay Connected