Notable Vulnerabilities in July 2024 Third-Party Patches

Vulnerability severities vary from low to critical. The vulnerabilities with a critical severity rating include Docker Desktop (CVE-2024-41110 with a CVSS score of 9.09) and VMware Workstation Pro 17 (CVE-2024-22268 and CVE-2024-22267, both with a CVSS score of 9.03). Autodesk AutoCAD, with major versions 2022, 2023, and 2025, received patches for the highest number of vulnerabilities. Their extensive security update addressed 41 vulnerabilities. 

Detailed Analysis of Critical Vulnerabilities 

CVE-2024-41110, a security vulnerability, was discovered in certain versions of Docker Engine. This vulnerability could allow unauthorized access under specific conditions, although the likelihood is considered low. Even though this problem was solved in an update in January 2019, it wasn’t included in later major versions. You can read more about this on Docker’s website. Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine | Docker 

A critical heap buffer-overflow vulnerability, identified as CVE-2024-22268, has been reported in the Shader functionality of VMware Workstation and Fusion. This flaw could potentially allow a malicious entity with regular user privileges on a virtual machine with 3D graphics enabled to trigger a denial of service. Stakeholders are advised to consult Broadcom’s security advisory for detailed information and mitigation strategies. Support Content Notification – Support Portal – Broadcom support portal 

Second critical use-after-free vulnerability CVE-2024-22267 has been identified in VMware Workstation and Fusion’s vbluetooth device. This flaw could potentially allow a malicious entity with administrative access to a virtual machine to execute arbitrary code in the context of the host’s VMX process. Users are advised to review their systems and apply updates promptly to mitigate this security risk. Support Content Notification – Support Portal – Broadcom support portal 

Browser Security Updates in July 2024 

Chromium based browsers are known the be updated very frequently. Google Chrome released 6 updates during July. These updates included a remediation for 50 vulnerabilities. Microsoft Edge was updated three times during July and these updates remediated 35 vulnerabilities in total. Opera One was updated only once fixing 4 vulnerabilities. Mozilla Firefox and Mozilla Firefox ESR were updated once remediating 16 and 5 vulnerabilities. Brave Browser was updated twice patching total of 14 vulnerabilities.  

Microsoft Product Updates Included in July 2024 Third-Party Patches

In addition to Edge, Microsoft released updates for the following product families. 

• Microsoft .NET Runtime  
• Microsoft .NET SDK 
• Microsoft 365 Apps 
• Microsoft ASP.NET Core Runtime  
• Microsoft ASP.NET Core Runtime Hosting Bundle 
• Microsoft Azure CLI 
• Microsoft Azure Kubelogin 
• Microsoft Azure PowerShell 
• Microsoft OLE DB Driver for SQL Server 
• Microsoft SQL Server Management Studio 20 
• Microsoft Visual Studio 2022  
• Microsoft Visual Studio Team Explorer 2022 
• Microsoft Windows Desktop Runtime  

Key Third-Party Line-of-Business Application Patches 

Multiple versions of Java products are vulnerable, including but not limited to: Amazon Corretto JDK/JRE, Azul Zulu JDK/JRE, BellSoft Corporation Liberica JDK/JRE, Eclipse Temurin JDK/JRE, Oracle Java Runtime Environment Version 8, Oracle Java SE Development Kit, and Red Hat OpenJDK/JRE. See Oracle’s security advisory for more information. Oracle Critical Patch Update Advisory – July 2024  

AutoCAD products were heavily patched during July. Please see for more information in their advisories. adsk-sa-2024-0009 (autodesk.com) and adsk-sa-2024-0010 (autodesk.com) 

5 vulnerabilities was patched in the latest patch for Jetbrains Teamcity. See more information in. Fixed security issues (jetbrains.com) 

Calibre by Kovid Goyal remediated 4 vulnerabilities in their patch in July. See for more information in  Advisories | STAR Labs.  

Detailed List of July 2024 Third-Party Patches

For complete list of applications, versions and remediated vulnerabilities see the following list generated by using Setup Store data.  

Conclusion: July 2024 Third-Party Patches

Maintaining the security and performance of your IT environment hinges on timely third-party patching. The July 2024 updates addressed significant vulnerabilities across various applications, underscoring the importance of staying vigilant. By prioritizing these patches, you help safeguard your systems against potential exploits and ensure continued operational stability.

To deepen your understanding of third-party patching and its impact on your security posture, explore our eBook Reduce Your Attack Footprint. Additionally, don’t miss our analysis of the August 2024 Microsoft Patch Tuesday here.

The post July 2024 Third-Party Patches appeared first on Recast Software.

This month, Microsoft addressed 90 vulnerabilities across its ecosystem, including several critical and zero-day vulnerabilities. Staying on top of these updates is essential for maintaining the security and stability of your IT environment. 

Critical Vulnerability Patched: Windows TCP/IP (CVE-2024-38063) 

This month’s update addresses a critical issue within the Windows TCP/IP stack. Rated with a CVSS score of 9.8, this vulnerability is classified as remote code execution (RCE) and has been flagged as “Exploitation More Likely.” Attackers can potentially exploit this flaw by sending maliciously crafted IPv6 packets to a vulnerable system. For those unable to apply the patch immediately, Microsoft suggests disabling IPv6 as a temporary safeguard. 

Impact: If successfully exploited, this vulnerability could enable attackers to run arbitrary code, giving them complete control over the compromised system. This could result in significant data breaches, unauthorized access, and further attacks within the network. 

Zero-Day Vulnerabilities 

Several zero-day vulnerabilities were addressed in this update, with exploitation detected in the wild, highlighting the urgency of applying these patches: 

• Windows Kernel (CVE-2024-38106): This elevation of privilege (EoP) vulnerability with a CVSS score of 7.0 has been exploited in the wild, making it a priority for patching. 

• Windows Power Dependency Coordinator (CVE-2024-38107): Another EoP vulnerability with a CVSS score of 7.8, this has also been detected in the wild. 

• Windows Scripting (CVE-2024-38178): This memory corruption vulnerability in the Windows Scripting engine, with a CVSS score of 7.5, has seen exploitation. It requires an authenticated victim using Edge in Internet Explorer Mode to be exploited, making it a critical update for environments where IE Mode is enabled. 

Significant Vulnerabilities in Microsoft Office and Azure 

This month’s update also includes patches for several critical vulnerabilities across Microsoft Office and Azure services: 

• Microsoft Office Project (CVE-2024-38189): A RCE vulnerability in Microsoft Project with a CVSS score of 8.8. Exploitation requires user interaction, such as opening a crafted document, and can lead to arbitrary code execution. The vulnerability has been exploited in the wild, making it crucial to apply this patch. 

• Azure Health Bot (CVE-2024-38109): An EoP vulnerability in Azure Health Bot with a CVSS score of 9.1. This critical vulnerability stems from a server-side request forgery (SSRF) that could be abused to escalate privileges. 

Other Noteworthy Updates

• Windows Line Printer Daemon (LPD) Service (CVE-2024-38199): A critical RCE vulnerability with a CVSS score of 9.8, affecting the LPD Service. Although rated as “Exploitation Less Likely,” this vulnerability could allow remote attackers to execute code on the server. 

• Windows Mark of the Web (MOTW) (CVE-2024-38213): A security feature bypass vulnerability with a CVSS score of 6.5, exploited in the wild. It allows attackers to bypass Windows SmartScreen by convincing users to open a specially crafted file. 

Stay Updated and Secure 

With vulnerabilities affecting core components like Windows Kernel, TCP/IP, and Azure services, it is crucial to prioritize these updates. Neglecting to patch these vulnerabilities can expose your organization to significant risks, including data breaches and malware attacks. By staying up to date with the latest patches, you not only protect your network but also ensure the stability and security of your IT environment. 

To further streamline and secure your patch management process, learn about Application Manager here. 

For a comprehensive overview of August’s Patch Tuesday updates, visit Microsoft’s release notes here. 

Stay vigilant and keep your systems protected. 

The post Patch Tuesday August 2024: Critical Vulnerability Roundup  appeared first on Recast Software.

As devastating as the incident was, it clearly uncovered the need for a functioning Disaster Recovery plan. It was well documented how some businesses were back up and running quickly, while others took more than a week to get their operations back to “normal.” 

Smaller Organizations Need Disaster Recovery Plans Too 

For smaller organizations, disaster recovery can seem daunting, but having a solid plan is crucial to keeping your business running when the unexpected strikes. Here are key considerations when preparing or reviewing your disaster recovery plan. 

1. Risk Assessment 

Start by identifying the most vulnerable aspects of your organization. Whether it’s a data center precariously located near an active runway or a warehouse in a tornado-prone area, understanding your unique risks is the first step in disaster recovery planning.  

Don’t just focus on physical disasters. What will you do if every single computer including servers won’t boot? Is it more likely that you will face risk from bad actors trying to steal data from your network? These are the risks your disaster recovery plan must address. 

2. Business Impact Analysis and Inventory 

Identifying and prioritizing business-critical systems is essential to ensure your organization can recover swiftly from any disaster. Start by conducting a comprehensive inventory of these critical systems, considering all aspects, including software dependencies, database connections, mapped drives, and network configurations. 

This detailed inventory helps you understand the components that make up your most vital systems. For organizations using ConfigMgr, tools like Endpoint Insights from Recast Software can streamline this process by providing a complete view of your devices and their configurations. This enables you to restore systems to their previous state efficiently, ensuring continuity and minimizing downtime. 

Prioritizing your critical systems forms the backbone of your disaster recovery plan, guiding your efforts in preparing for potential disruptions. 

3. Continuity Plan 

With your risk assessment and business impact analysis completed, it’s time to define your continuity strategies. These strategies should ensure the uninterrupted operation of critical systems through various forms of contingency planning.  

• Alternative Processes – Consider alternative workflows that allow employees to remain productive even when primary systems fail. For example, when airline systems failed, staff issued handwritten boarding passes to keep flights on schedule. Do you have an alternative process if your devices are unavailable? 
• Resource Allocation – Assess if your current resource allocation supports quick recovery. Determine if your infrastructure team needs to be on-site or if remote coordination suffices. Efficient resource allocation can significantly speed up your recovery process.  
• Recovery Procedures – Develop clear, step-by-step recovery procedures tailored to different disaster scenarios. Having these procedures in place ensures you’re not scrambling to create a plan when disaster strikes.

4. Identify Personnel Roles 

Clearly define the personnel responsible for recovery efforts, ensuring they are fully aware of their roles and responsibilities. Have a communication plan in place. If the primary team isn’t available, do you have secondary resources identified? Ensure everyone knows their tasks and how to communicate effectively. Also, have a backup team ready in case primary personnel are unavailable. 

5. Disaster Recovery Drills 

It’s great to have a plan, but what are your assurances that it will work? A disaster recovery plan is only as good as its execution. Regularly conduct drills to test your plan under real-world conditions. Ensure your failover systems, like secondary internet links or redundant servers, perform as expected. 

Planning is the first step in preparing for business continuity, but as the famous saying goes, ‘No plan survives first contact with the enemy.’ Running disaster recovery drills will reveal potential weaknesses in your plan, but the true test comes during an actual disaster. In a real disaster, stay adaptable and make informed decisions to keep your business operational. 

Revolutionize your reporting.

Access information not natively available in ConfigMgr and other ITSMs with Endpoint Insights.

Get Custom Pricing

Final Thoughts 

Disaster recovery planning is essential for safeguarding your business. By following these key strategies, you can better prepare for the unexpected and ensure your operations remain resilient in the face of adversity. 

The post 5 Key Strategies for Small Business Disaster Recovery appeared first on Recast Software.

The CrowdStrike Incident: A Wake-Up Call  

Years from now, system administrators and security teams alike will be talking about the day when CrowdStrike sent a bad update into the wild and 8.5 million computers refused to boot. This recent update issue caused widespread disruption. Despite the CEO’s attempts to downplay the incident as a non-cyber event, the reality is that any such failure can have far-reaching consequences. 

A significant part of CrowdStrike’s update failure was due to its channel updates, which are like virus definitions and cannot be controlled or disabled by users. These updates are pushed continuously by CrowdStrike, sometimes multiple times a day, without the ability to disable them. This scenario underscores the need for robust expectations from security vendors regarding QA testing and phased deployments, as well as the importance of internal QA and testing processes.

Phased Deployments: Putting Automated Third-Party Patching Controls in Your Hands 

As much as we’d like to, we can’t control how a company like CrowdStrike tests and releases their product updates. However, we can apply our own controls and testing during our patching process to make sure that the impact of any problems doesn’t affect our whole organization. Phased deployments are a great example and a best practice that can mitigate the risk of a bad update. By starting with a small group of test users and gradually expanding the deployment to larger groups of users, and eventually the rest of the organization, IT teams can identify and address issues before they affect everyone.  

Application Manager by Recast Software supports phased deployments, enabling IT administrators to implement updates in a controlled and systematic manner. This approach minimizes the disruptions we can control and ensures that any issues are quickly identified and addressed. 

Don’t Ignore Patching: Learn the Right Lessons from the CrowdStrike Incident 

Despite the recent situation where an update patch caused problems, we cannot overlook the importance of updating third-party software. Unpatched software poses a significant risk to organizational security. In 2021, software vulnerabilities surpassed phishing as the leading cause of costly breaches, highlighting the need for prompt and effective patch management. Organizations often manage dozens to hundreds of software titles, each requiring multiple updates annually. Manual patch management can be daunting, often leading to delays and human errors. 

Recast Software’s Application Manager offers a robust solution to these challenges. Within Application Manager, you can completely automate the patch management process, while still delivering updates in a safe, controlled way. Application Manager ensures that third-party applications are updated promptly, reducing the risk of vulnerabilities being exploited. This automation not only improves security, but also frees up IT resources to focus on more strategic tasks.  

Patch your apps on the go.

Select and manage applications from a web-based portal with Application Manager.

Get Custom Pricing

The Best of Both Worlds for Automated Third-Party Patching Controls 

Recast Software’s Application Manager is designed for efficiency and control, allowing you to schedule and test updates before releasing them to your entire environment. Start with a small group, expand after successful testing, and continue until the update reaches all users. Every one of the 2500+ applications will adhere to your set policies and deploy according to your release schedule, ensuring quick and safe third-party software updates automatically. 

The CrowdStrike incident serves as a critical lesson in the importance of rigorous controls during the patching process. Leveraging tools like Application Manager allows organizations to enhance their security posture, reduce IT vulnerabilities, and ensure stability through tested patch releases. As the cybersecurity landscape evolves, effective patch management will be essential for mitigating risks and maintaining robust security. 

Ready to take control of your patch management process? Contact us today to learn how Application Manager can help you implement automated third-party patching controls in your organization.

The post Automated Third-Party Patching Controls: Lessons from the CrowdStrike Incident appeared first on Recast Software.

Summary of June 2024 Third-Party Software Patches

According to Liquit Setup Store data, June 2024 brought 95 updates for vulnerable applications, addressing 101 vulnerabilities across 62 different applications. Timely application of these patches is vital for mitigating potential security risks.

Browser Security Updates

The majority of updates this month targeted popular open-source Chromium-based browsers, emphasizing their critical role in everyday operations.

• Microsoft Edge for Business: Released four security patches, addressing 46 vulnerabilities with a peak CVSS score of 8.8.
• Google Chrome for Business: Three updates resolving 26 vulnerabilities.
• Opera One: One update that remediated seven vulnerabilities.
• Mozilla Firefox and Firefox ESR: Updates addressing eight and 14 vulnerabilities respectively, both with a CVSS score of 8.8.
• Brave Browser: Four updates fixing a total of 26 vulnerabilities, maintaining parity with other Chromium-based browsers.

Notable CVEs

CVE-2024-4671: This zero-day vulnerability impacts Google Chrome, Microsoft Edge, and potentially other Chromium-based browsers. If exploited, it could enable a remote attacker to execute arbitrary code on the affected system. Given the prevalence of zero-day vulnerabilities in popular browsers, it’s crucial to stay updated with security notifications from browser vendors. Often, there are mitigations or workarounds available before a patch is released, underscoring the importance of prompt action to maintain security.

Microsoft Security Updates

Significant patches were also rolled out for Microsoft applications, enhancing security across various tools:

• Visual Studio (2017, 2019, 2022): A single update for all versions, addressing three security issues, with the most critical being CVE-2024-29187 (CVSS 7.3).
• Microsoft 365 Apps: Updates across Current, Monthly Enterprise, and Semi-Annual Enterprise channels, resolving four vulnerabilities including the high-risk CVE-2024-30103 (CVSS 8.8).
• Microsoft .NET SDK 8.0: Version 8.3.224.28002 addressed one security concern.

Third-Party Line-of-Business Application Patches

Several business-critical applications received important updates this month, including a notable vulnerability identified as CVE-2024-37051.

CVE-2024-37051: This vulnerability impacts the JetBrains GitHub plugin. Malicious content in a pull request to a GitHub project, handled by IntelliJ-based IDEs, could expose access tokens to a third-party host. While there is no confirmed evidence of active exploitation before its discovery and disclosure, it is crucial to follow JetBrains’ recommended actions to mitigate potential risks. For more details on recommended actions, please refer to JetBrains’ security update here.

• Autodesk AutoCAD 2024: An update addressing 14 high-severity vulnerabilities.
• OpenSSL and OpenSSL Light: Multiple updates across different versions (3.0 LTS, 3.1, 3.2, 3.3) addressing three vulnerabilities each.

Detailed Security Patch List

Here’s a detailed breakdown of updates for other significant software titles:

Conclusion: June 2024 Third-Party Patches

Staying up to date with your third-party patches is essential for safeguarding your IT environment against threats. These updates address critical vulnerabilities across a wide range of applications, ensuring your systems remain both secure and stable. Prioritize applying these patches to maintain the integrity and security of your network.

Learn more about the importance of third-party patching by reading the eBook Reduce Your Attack Footprint. Also, check out our July 2024 Microsoft Patch Tuesday post here.

The post June 2024 Third-Party Patches appeared first on Recast Software.

Critical Vulnerability Patched: Windows Secure Boot (CVE-2024-28899)

A critical vulnerability in Windows Secure Boot, with a CVSS score of 8.8, allows for remote code execution. Exploitation requires an attacker to be in the same network segment as the target, making it crucial for environments with open or less secure networks to apply this patch immediately. 

Impact: Successful exploitation can compromise system integrity, allowing attackers to execute arbitrary code, modify system settings, and potentially cause system failures. 

Zero-Day Vulnerability: Windows CoreMessaging Remote Code Execution (CVE-2024-21417)

A zero-day vulnerability in the Windows CoreMessaging component has been patched. This vulnerability, actively exploited in the wild, allows for remote code execution, emphasizing the importance of prompt patching.

Impact: Attackers can execute arbitrary code with elevated privileges, leading to full system compromise, data exfiltration, and further network penetration.

Significant Vulnerabilities in SQL Server

Several critical remote code execution vulnerabilities in SQL Server have been addressed: 

• CVE-2024-20701 
• CVE-2024-21303 
• CVE-2024-21308 
• CVE-2024-21317 
• CVE-2024-21331 

These vulnerabilities require user interaction, such as executing a malicious query, but can lead to arbitrary code execution, potentially compromising the database and connected systems. 

Additional Critical Updates 

Browser Security: Zero-Days in Microsoft Edge 

Microsoft Edge has patched two zero-day vulnerabilities in the ChakraCore JavaScript engine: 

• CVE-2024-4947: Type confusion in ChakraCore leading to remote code execution. 
• CVE-2024-5274: Another type confusion in ChakraCore, also leading to remote code execution, patched in an emergency update. 

Concerning QNAP NAS Vulnerabilities 

Researchers have disclosed 15 vulnerabilities in QNAP NAS firmware, some allowing unauthenticated remote code execution. Find a detailed list of their impact and status here.

Recommendations 

1. Prioritize patching systems, especially those exposed to less secure networks. 
2. Pay special attention to SQL Server updates if your organization uses this database system. 
3. Ensure Microsoft Edge is updated to the latest version to address the zero-day vulnerabilities. 
4. If using QNAP NAS devices, monitor for updates and consider additional security measures. 

Stay Updated and Secure 

It’s crucial to prioritize these updates to protect your systems against potential threats. Neglecting to patch these vulnerabilities can expose your organization to significant risks, including data breaches and malware attacks. By staying up to date with the latest patches, you not only protect your network but also ensure the stability and security of your IT environment. 

To further streamline and secure your patch management process, learn about Application Manager here. 

Stay vigilant and keep your systems protected. For a comprehensive overview of July’s Patch Tuesday updates, you can find Microsoft’s complete July release notes here. 

The post Patch Tuesday July 2024: Critical Vulnerability Roundup  appeared first on Recast Software.

Critical Vulnerability Patched: Microsoft Message Queuing (MSMQ) Remote Code Execution (CVE-2024-30080)

This critical vulnerability in the MSMQ service, with a CVSS score of 9.8, allows for remote code execution through a malicious MSMQ packet. It affects all Windows versions from Windows 2008 R2 and Windows 7 onwards. Exploitation requires the MSMQ service to be enabled and TCP port 1801 to be open. 

Impact: Successful exploitation can lead to full control over the affected system, allowing attackers to install programs, modify data, and create new accounts with full user rights. 

Zero-Day Vulnerability: NSEC3 Closest Encloser Proof can Exhaust CPU (CVE-2023-50868)

A zero-day vulnerability known to be exploited in the wild has been patched. This again highlights the importance of prompt patching to mitigate immediate threats.

Significant Vulnerabilities in Microsoft Office 

Several important remote code execution vulnerabilities in Microsoft Office have been addressed: 

• CVE-2024-30101 
• CVE-2024-30104 
• CVE-2024-30102 
• CVE-2024-30103 

These vulnerabilities require user interaction, such as opening a malicious document, but can lead to arbitrary code execution, potentially compromising the system. 

Additional Critical Updates 

Browser Security: Zero-Days in Google Chrome 

Google has patched two zero-day vulnerabilities in the V8 JavaScript engine, both of which were exploited in the wild: 

• CVE-2024-4947: Type confusion in V8 leading to RCE. 
• CVE-2024-5274: Another type confusion in V8, also leading to RCE, patched in an emergency update. 

Concerning QNAP NAS Vulnerabilities 

Researchers have disclosed 15 vulnerabilities in QNAP NAS firmware, some allowing unauthenticated remote code execution. The most critical, CVE-2024-27130, remains unpatched and poses a significant risk with a proof-of-concept released. 

Stay Updated and Secure 

It’s crucial to prioritize these updates to protect your systems against potential threats. Neglecting to patch these vulnerabilities can expose your organization to significant risks, including data breaches and malware attacks. By staying up to date with the latest patches, you not only protect your network but also ensure the stability and security of your IT environment. 

To further streamline and secure your patch management process, learn about Application Manager here. 

Stay vigilant and keep your systems protected. For a comprehensive overview of June’s Patch Tuesday updates, you can find Microsoft’s complete June release notes here. 

The post Patch Tuesday June 2024: Critical Vulnerability Roundup  appeared first on Recast Software.

Common Scenario in Packaging Applications

Ever found yourself in this all-too-familiar scenario? You’ve added your applications, including Win32 and MSIX apps, into Microsoft Intune with all the settings. Then your IT manager or Security Officer informs you that something needs to be updated for those apps immediately. Dang. Really? Now you must redo the entire package process.

Why Repackage Applications into .intunewin or MSIX Formats?

Why are we still repackaging into .intunewin or MSIX formats? Is it still necessary, or could the process be significantly simplified?

In this blog, I dive into a comparison of .intunewin format, MSIX, and Liquit. First, let’s briefly explain both formats. 

Understanding the .intunewin Format

The .intunewin format is utilized by Microsoft Intune to package classic Windows (Win32) applications for distribution. To upload a Win32 app to Microsoft Intune, it’s essential to prepare the app using the Microsoft Win32 Content Prep Tool. This tool processes classic Windows (Win32) apps and transforms the application installation files into the .intunewin format. It also identifies several attributes that Intune requires to determine the application’s installation status. Essentially, it’s a zip file containing installation files and any necessary subfolders. 

What is MSIX?

Introduced by Microsoft in 2018, MSIX is the newest packaging format for distributing Windows applications. It aims to modernize the packaging, deployment, and update processes of Windows software. An MSIX package is a container that houses all of an application’s components, including executable files, libraries, registry settings, and other dependencies. It’s a comprehensive solution designed to simplify application management.

The Cost of Packaging Applications

To shed some light on this, we’ve researched on Reddit and directly asked a few of our customers. The first step is categorizing an application into the right complexity level. Generally, there are three levels:

• Standard: Including installation and deployment testing, a standard app takes about 4 hours to package.
• Medium: A medium complexity app can take up to 8 hours.
• Complex: The most intricate applications can require 12 hours or more.         

Predicting whether an application will be standard, medium, or complex is a challenge. Sometimes, you don’t know until you’ve already spent hours troubleshooting one issue after another.

From our research, we’ve found that packaging a single application can take 4 hours or more, with the average cost around $250 per hour. Even for small organizations, 5-10 applications need repackaging each month due to updates. Notepad++, for example, releases a new version monthly. Google Chrome Enterprise and Adobe Reader DC release new versions every four weeks. So, repackaging 5-10 applications per month is a conservative estimate for small organizations. On the other end of the spectrum, we work with medium to large organizations who package 100-300+ applications per month.

Real-World Example: Packaging Notepad++

Let’s use Notepad++ as our case study. Our aim is to carry out a custom installation of this application in .intunewin format, MSIX, and within Liquit to understand the major differences and how much time it takes to package using each method. We’ll implement the following settings:

1. Disable Auto Update
2. Make the Dutch language available
3. Set the Dutch language as default
4. Turn on Dark Mode with Green Tones
5. Set Large Icons
6. Install the plugin ComparePlus

Let’s get started!

Creating a Win32 App in Microsoft Intune

Adding 1 minute for creating Batch Script which is used and shown in the video. Creating the Batch script is an integral part of the process. However, these steps won’t be visible in the video. From my perspective, the time estimates are conservative.

Challenges within Intune

To get a Win32 app up and running within Intune, complete with all custom settings, scripting within the .intunewin file is essential. If a new version of Notepad++ becomes available next month, we’ll need to create a fresh .intunewin package with the updated version and tweak the script as necessary. Finally, there’s the deployment phase, which can span anywhere from 2 to 4 hours.

Creating an MSIX Package

Adding 1:30 minute for creating PowerShell Script and JSON file which are being used and shown in the video. Creating the JSON file and the PowerShell script is an integral part of the process. However, these steps won’t be visible in the video. From my perspective, the time estimates are conservative.

Overcoming MSIX Limitations

MSIX does not offer a solution out of the box for custom actions. We need this to copy nativeLang.xml to %localappdata%PackagesNotepadplusplus_5akpkjxvda7ryLocalCacheRoamingNotepad++. This will set the default language to Dutch. 

To make this available, you can trigger a PowerShell Script during the launch of the application with Package Support Framework (PSF).

I won’t delve deeply into the specifics of PSF, but in essence, it’s an open-source initiative facilitating the creation of straightforward remedies for applications lacking accessible source code.

The standard fixes include:

• Redirection of files (useful when the application needs to write in an inaccessible location).
• Adding arguments to applications (previously known as shortcuts).
• Executing PowerShell scripts upon launching or closing applications.

Steps to take:

Now that we’ve got our MSIX package, we still need to get this distributed onto the devices. Naturally, this is a time investment, and there are several ways we could do this, including the use of Microsoft Intune, Liquit, Group Policy Objects (GPOs) with PowerShell Scripts, or third-party Workspace Management software.

Creating a Notepad++ Package in Liquit

Imagine having to keep Notepad++ up to date each month. With Liquit, you only need to create the Notepad++ package once from the Liquit Setup Store with the custom settings. From then on, Notepad++ will be automatically updated, eliminating the need for repackaging.

That is right. No more repackaging.

Time Comparison for Packaging Applications

Wrap-Up: Simplifying Application Management with Liquit

In the world of increasingly complex applications, the time savings with Liquit become significant. As application complexity grows, Liquit steps up to the challenge, delivering greater efficiency and productivity. The more complex the application, the more time you save. It’s as simple as that. Whether you’re dealing with a standard app or a complex one, Liquit is your go-to solution for simplifying app management.

Conclusion

At Liquit, we believe our platform can make things much simpler and faster for IT teams. As previously discussed, .intunewin and MSIX have their challenges and may not be suitable for repackaging all types of applications.

Liquit can help you save money in several ways:

• No More Repackaging: No need to repackage into .intunewin or MSIX formats, saving you time, energy, and expertise.
• Deployment Time Reduction: Reduce application deployment time from 4 hours to just minutes. Liquit executes every deployment action instantly.
• Ongoing Savings: With each new software version release, you avoid the repackaging process, leading to continuous cost savings.
• Automatically the Latest: Automatically install or patch applications with the latest version using our Liquit Setup Store, reducing worries about vulnerabilities and enhancing software compliance.
• Innovative Configuration Process: Configuring settings (registry keys, drivers, etc.) can be challenging and time-consuming with .intunewin or MSIX formats. Liquit offers an innovative approach, configuring settings just-in-time. Various trigger moments can be set, such as during installation or when launching the application.

Liquit’s platform is designed to streamline application management, making it more efficient and cost-effective. Say goodbye to the repackaging process and hello to a smoother, faster software deployment experience.

Do you have questions we can assist with? Want to learn more by talking with our team? Feel free to reach out to us. We’re always ready to help!

The post The Struggle of Packaging Applications appeared first on Recast Software.

Here are the critical vulnerabilities of special note. 

Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051) 

This zero-day vulnerability affects the Windows Desktop Window Manager (DWM) Core Library. A heap-based buffer overflow allows local attackers to gain SYSTEM-level privileges. This vulnerability is rated high with a CVSS score of 7.8, impacting Windows 10 and above, including Windows Server 2016 and later. 

Impact: Exploitation can lead to SYSTEM-level access, enabling attackers to install software, alter data, and modify system settings. 

Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) 

This zero-day in the MSHTML platform (used in applications like Microsoft 365) allows attackers to bypass security features. Rated high with a CVSS score of 8.8, it targets Windows 10 and above. 

Impact: Successful exploitation can lead to arbitrary code execution, allowing attackers to compromise systems by getting users to interact with malicious documents. 

Remote Code Execution in Microsoft SharePoint Server (CVE-2024-30044) 

A critical vulnerability in SharePoint Server due to untrusted data deserialization. This vulnerability has a CVSS score of 8.8 and affects SharePoint Server 2016 and 2019. 

Impact: Allows attackers with basic permissions to execute code remotely, potentially leading to malware deployment or data extraction. 

Remote Code Execution in Microsoft Excel (CVE-2024-30042) 

This vulnerability affects Microsoft Excel due to improper deserialization of untrusted data. It has a CVSS score of 7.8 and requires user interaction to exploit. 

Impact: Opening a malicious Excel file can lead to arbitrary code execution, potentially compromising the system. 

Find Microsoft’s complete May 2024 Patch Tuesday release notes here. 

Stay Updated and Secure 

It’s essential to prioritize these updates to safeguard your systems against potential threats. Neglecting to patch these vulnerabilities can leave your organization open to significant risks, including data breaches and malware attacks. By staying up to date with the latest patches, you not only protect your network but also ensure the stability and security of your IT environment. 

To further streamline and secure your patch management process, Application Manager offers a catalog of over 2,500 applications and advanced automation capabilities, while simplifying the complex task of keeping your 3^rd party applications secure and up to date. Learn more about Application Manager here.

The post Patch Tuesday May 2024: Critical Vulnerability Roundup  appeared first on Recast Software.

This post explores why Liquit Workspace is the best alternative to Ivanti Workspace Control and Ivanti Automation. Let’s dive in.

There are a few solutions on the market that could serve as potential alternatives to Ivanti Workspace Control. Most of these alternatives are User Environment Manager solutions, which is precisely where Liquit Workspace differentiates itself. We’re not your typical User Environment Manager solution. Instead, we offer a unique approach that sets us apart in the crowded field of digital workspace solutions. 

Liquit Workspace rethinks the way organizations manage and deliver digital workspaces to their users. Organizations can dynamically offer and manage applications to their users or devices, based on context if needed. We know that digital environments are a complex mix of different workspaces, SaaS, clouds, virtualization platforms (VDI / SBC), and operating systems. Liquit Workspace stands out as a comprehensive solution in managing diverse digital environments.

Redefining End-User Computing after Ivanti Workspace Control End of Life

Many organizations today are questioning the necessity of a traditional UEM solution. With a significant shift towards hybrid workplaces for many organizations, the reliance on laptops and portal-provided applications is increasing.

However, virtual environments like Citrix or VMware remain essential due to legacy applications that require specific infrastructure and are sensitive to latency. This justifies their continued use. End-user computing (EUC) has evolved beyond just virtual desktops; now, managing apps and endpoints is increasingly important. Liquit Workspace is perfectly suited for the hybrid workplace for several reasons:

• Unified User Experience: Liquit Workspace ensures a consistent, customizable user experience across all devices. This is vital for hybrid work models where employees may use different devices in various locations.
• Efficient Application Management: Liquit Workspace guarantees that users automatically receive the latest version of the applications they need, delivered in the way they prefer. This is particularly useful in a hybrid work environment where employees may need different applications formats depending on their location.
• Self-Servicing: Liquit Workspace allows users to access what they need from an easily accessible catalog of applications and services. This is crucial for hybrid working, where IT support might not always be readily available.
• Offline Access: Liquit Workspace provides local access without an internet connection, which can be beneficial for remote workers who may not have a reliable internet connection.
• Just in Time Delivery: Liquit Workspace quickly delivers the right applications and settings to the right users or devices, no matter where they are.
• Safe & Compliant: Liquit Workspace ensures a secure and compliant environment for delivering applications and services while empowering end-users with maximum freedom within IT boundaries. Through customizable access controls and policy enforcement, Liquit Workspace enables IT administrators to maintain regulatory compliance while offering users the flexibility they need to be productive.

Utilizing Liquit Workspace allows teams to embrace seamless, efficient, and user-centric approaches to managing the hybrid workspace.

Addressing Challenges Following the End of Life of Ivanti Workspace Control

Let’s be honest, there are also some downsides. Just like the other alternatives, we face similar “challenges.” The first challenge is the inevitable migration. No matter which alternative is chosen, migration cannot be avoided. Therefore, it’s crucial to account for time, resources, knowledge, and expertise for both Ivanti Workspace Control and the newly selected alternative.

Secondly, no alternative on the market currently offers the complete functionality that Ivanti Workspace Control provides. This factor must be considered when making a choice and determining which functionality is most critical or important.

Reflecting on Ivanti Workspace Control’s Impact Before Its End of Life

Remember when RES Software was the go-to for IT pros? Those were the times when Ivanti Workspace Control and Ivanti Automation became our best friends, especially in Citrix virtual environments. They were the dynamic duo, always seen together, making our jobs easier. I personally worked a lot with both solutions, and I fell in love with it. And I know I wasn’t the only one; many of my IT peers felt the same way. The ease and convenience they brought to managing a Citrix environment were significant. We were able to create a lot of Golden Images with Ivanti Automation, all without breaking a sweat.

The beauty of Ivanti Workspace Control is its simplicity and the ability to manage everything from a single console, the flexibility it offers, and the ability to set just-in-time user settings—a dream come true for any IT admin. And now, Liquit is stepping up, offering that same simplicity and charm.

Liquit’s Advantages in the Post-Ivanti Workspace Control Era

Liquit can take care of a significant portion of the functionalities that Ivanti Workspace Control and Ivanti Automation have long provided. Liquit Workspace introduces new dimensions of control and automation that cater to the dynamic needs of today’s environments. Several new dimensions of control and automation that Liquit brings to the table include:

• Universal Agent: One agent to rule them all. The Liquit Universal Agent unifies Windows and macOS management. With the Universal Agent, the IT department can simultaneously oversee all macOS and Windows applications. Meanwhile, end-users experience smooth and uninterrupted access to their applications.
• Connectors: These connectors help manage applications across different platforms such as VMware Horizon, Citrix StoreFront, Microsoft Azure Virtual Desktop, Microsoft Store, and many more.
• Smart Icons: Liquit’s Smart Icon technology streamlines the deployment of applications across any device or location, elevating the user experience and boosting employee efficiency by automating essential functions and offering instant access based on context.

A few key Context (Workspace Containers) highlights:

• Condition sets (Zones)
• Register settings
• Set Desktop Wallpaper
• Filters and specific actions (context awareness)
• Printer mappings
• Drive Mappings
• Securing application access 
• Device deployments
• Application installations
• Set Environment Variables
• Use of scripting

Additional Benefits of Liquit

Here is a curated selection of additional benefits of working with Liquit:

• Liquit Workspace is designed to be more lightweight and can be deployed in various configurations, including on-premises or in your own cloud, without any additional costs.
• The platform can also be delivered as a SaaS solution. In that case, the need for an on-premises infrastructure is completely gone. You can get started right away and we’ll take care of any updates.
• It’s way faster compared to Ivanti Workspace control.
• Looking for ways to manage different customers at once? Look no further. Liquit Workspace supports multitenancy deployments. Particularly in terms of managing different zones (e.g. individual customers) at once and making applications available (and up to date) in an easy, highly automated and cost-effective way, Liquit Workspace is unparalleled.
• Easy support for remoting devices without the need for relay servers, just port 443. 
• Release & Patch Management with DTAP testing.
• Connection to the Microsoft Store. 
• Multi-platform, we support both Windows and macOS. 
• Launch various file formats (EXE, MSIX, MSIX, App-V etc.). In case of App-V you don’t need the App-V infrastructure anymore. Just load your App-V packages in Liquit and that’s all.
• No need for installation to use the Console (can be used via HTML5 or Liquit Launcher) 
• Later this year, MacOS applications will also be included in the Liquit Setup Store
• No need for another product for the Automation & Deployment part, like Ivanti Automation that has an integration with IWC. This is all available within Liquit from one console. 
• No bugfixes like Ivanti Workspace Control, but real new features with the latest technology.

Addressing the Challenges

While exploring alternatives to Ivanti Workspace Control, it’s essential to acknowledge that no solution can replicate its functionality entirely. However, Liquit Workspace covers many of Ivanti’s capabilities and offers additional benefits. Here are the main challenges and how Liquit addresses them:

• No Profile Management: This challenge can be resolved easily and cost-efficiently with Microsoft FSLogix Profile containers. These containers redirect the entire Windows user profile into a Virtual Hard Disk (VHD), ensuring a consistent user experience. Best of all, it’s often available at no extra cost, as it’s probably already included in your existing Microsoft licenses such as Remote Desktop Services (RDS) Client Access License (CAL), which are required to use Citrix Virtual App/Desktop environment.
• No Security Module (formerly known as RES AppGuard): This can be addressed using Windows AppLocker or Windows Defender Application Control (WDAC). AppLocker, available in Enterprise editions of Windows, lets you control which apps and files users can run. Windows Defender Application Control, introduced with Windows 10, offers advanced application control and code integrity policies to defend against various cyber threats, providing comprehensive security for Windows clients.

Remember: behind every challenge lies a potential improvement!

Seeing is Believing: A Glimpse into Liquit’s Workspace Management Capabilities

The video below provides a glimpse into what Liquit Workspace can do in this domain. This sneak peek reveals a key advantage of Liquit: a set of User settings that are executed during login, tailored for multi-platform compatibility through context.

Imagine you’re in the midst of a VDI transition, moving from Citrix to Microsoft AVD. Typically, this would mean juggling two platforms simultaneously. However, with Liquit Workspace, this process is simplified and expedited. Liquit Workspace’s intuitive design allows for a seamless transition, maintaining both platforms with great efficiency.

Preparing for a Future Beyond Ivanti Workspace Control’s End of Life

While the search for a one-size-fits-all solution continues, we remain optimistic. The synergy between different solutions brings us closer to achieving our goal. However, as we move forward and the workspace evolves, embracing Liquit Workspace signals a step towards modernizing workspaces. Embrace Liquit Workspace to future-proof your digital environment and stay ahead in the evolving IT landscape.

Ready to get started with your transition? Or do you have questions about how we can assist you? Send us an email at transition@recastsoftware.com.

The post Ivanti Workspace Control End of Life: Discover Your Next Steps with Liquit appeared first on Recast Software.