Microsoft is urging Windows users to install the latest security update for a serious vulnerability known as PrintNightmare. Please refer to this kb published on 1 July for details.
Hackers who exploit the vulnerability due to spooler service bug is able to create user accounts with full user privileges. That allows hackers to acquire all the control of hacked PC to create serious damage.
With Workspace ONE UEM and Intelligence, we can fully automate Windows 10 security patching when a vulnerability is identified.
In the following Intelligence console, you can see WSO Intelligence already have the vulnerability identified and there are 4 devices in risk. You can click on the CVE number and jump to Microsoft advisory page for more details of the CVE.
With WSO intelligence we can have an automation setup to remediate a vulnerability with only a few clicks.
The automation logic in case like this is straight forward. You simply provide the CVE number to Intelligence. Intelligence will then generate API call to WSO UEM to approve patches (KB) associated with the CVE to all the enrolled PC.
Managed PC gets the approved patches installed from the Microsoft update service on the cloud accordingly. There is no complicated SCCM operation and there is no need to get PC connected back to enterprise domain to have the patching done.
Many of IT were suffering from inefficient incident detection and remediation. Intelligence not only provides an effective way by automating the process but also provides a clear visibility to the incident such as related CVE and impacted devices in a single pane.
This also improves Digital Employee Experience. User impact is minimal as the whole process is automatic and remote.
Please see the following tutorial for full details on how to get an automation setup.
https://techzone.vmware.com/meeting-security-slas-through-intelligent-patch-automation-vmware-workspace-one-operational-tutorial#_1088827
Comments