Sunday, May 21, 2017

HP Conexant Audio Driver Vulnerability

HP has released a new driver package update to fix the security vulnerability.  The debugging has been left on and is essentially logging every keystroke.

If the MicTray.log file exits in C:\Users\Public, it can potentially vulnerable.  It should be best to update it if you're unsure.  On most machines, I've see this file on, it was blank.

Here's the official link from HP that includes the driver packages to download if your systems is listed as the affected.

https://support.hp.com/in-en/document/c05519670

For G3 and newer generation models it seems this is applicable, haven't seen the other models or newer G4s in our environment to need this.

ftp://ftp.hp.com/pub/softpaq/sp80001-80500/sp80323.exe
Extract the files using 7zip or running the installer, using the command line "Setup.exe -S" to install silent will do it.  It doesn't reboot the system but will require a reboot.

You should script this to delete the MicTray.log during the driver update.

After updating, the driver details should be relatively recent.


Posted by at No comments:

Wednesday, May 17, 2017

SCCM - Intel AMT Vulnerability Report

Here's the Intel guide to mitigating this risk

Intel-SA-0075 Mitigation Guide

1. Unprovision Client - Using their tool Intel ACUConfig Download

ACUConfig.exe UnConfigure


2. Disable or Remove the Service (should also end the process in the script)
sc config LMS start=disabled
sc delete LMS

Here's a report to find the AMT version and Provisioning State

It doesn't include the syntax for the report generated at the bottom

https://communities.intel.com/docs/DOC-5763

Count of Versions

SELECT COUNT( v_GS_AMT_AGENT.AMT0) as "Count", v_GS_AMT_AGENT.AMT0 FROM v_GS_AMT_AGENT INNER JOIN v_R_System ON v_GS_AMT_AGENT.ResourceID = v_R_System.ResourceID Group by v_GS_AMT_AGENT.AMT0 order by v_GS_AMT_AGENT.AMT0 Report for AMT version and Provisioning State less than 3

 Includes model and processor to easier identify what files to download

SELECT v_R_System.Name0, v_GS_AMT_AGENT.AMT0, v_GS_AMT_AGENT.ProvisionState0, v_GS_COMPUTER_SYSTEM.Model0, v_GS_PROCESSOR.Name0 AS Expr1 FROM v_GS_AMT_AGENT INNER JOIN v_R_System ON v_GS_AMT_AGENT.ResourceID = v_R_System.ResourceID INNER JOIN v_GS_COMPUTER_SYSTEM ON v_R_System.ResourceID = v_GS_COMPUTER_SYSTEM.ResourceID INNER JOIN v_GS_PROCESSOR ON v_R_System.ResourceID = v_GS_PROCESSOR.ResourceID WHERE (v_GS_AMT_AGENT.ProvisionState0 < 3) ORDER BY v_GS_AMT_AGENT.ProvisionState0, Model0
Posted by at No comments:

Sunday, May 14, 2017

Windows Update for WannaCrypt Ransonware

The security monthly updates to use are below for the affect systems.

According to MS, Windows 10 is not targeted.

https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt

While this vulnerability is listed as MS17-010, the bulletin for this will fall under the bulletin for the security update.

MS17-008 is the bulletin for the Security Monthly Updates.

KB4012212 for Windows 7, 2008 R2
KB4012213 for Windows 8.1 and 2012 R2

Windows 2008 non-R2 is 4018466 released this month which supersedes MS17-010 (KB4012598) from March 2017.

Released are other updates for out of support OS in the screenshot below for XP, 2003, etc.




Posted by at No comments:

Monday, May 1, 2017

Query All Deployed Updates in SCCM

Here’s a query I created to create a report of all updates being deployed in Update Lists.

This will pull the Deployment Name, Article ID, Bulletin ID, Update Title, Collection Name, Date Created, IsDeployed, IsExpired, and IsSuperseded.

This will show expired and superseded, you can modify hide them.

This works on SCCM CB, probably not needed as much if you use ADR but can give you a report of what’s currently being deployed.

SELECT     v_CIAssignment.AssignmentID, v_CIAssignment.AssignmentName, v_UpdateInfo.ArticleID, v_UpdateInfo.BulletinID, v_UpdateInfo.Title, 
                      v_CIAssignment.CollectionName, v_CIAssignment.CollectionID, v_UpdateInfo.DateCreated, v_UpdateInfo.IsDeployed, v_UpdateInfo.IsExpired, 
                      v_UpdateInfo.IsSuperseded
FROM         v_UpdateInfo INNER JOIN
                      v_CIAssignmentToCI ON v_UpdateInfo.CI_ID = v_CIAssignmentToCI.CI_ID INNER JOIN
                      v_CIAssignment ON v_CIAssignmentToCI.AssignmentID = v_CIAssignment.AssignmentID
ORDER BY v_CIAssignment.AssignmentID, v_UpdateInfo.ArticleID
Posted by at No comments:
Subscribe to: Posts (Atom)