Monthly Archives: November 2015

AVG

AVG Managed Workplace wins CRN Tech Innovator Award

Since joining AVG Business, the team and I have been focused around the clock on the products, services, and sales & marketing strategies that will drive success for our partners in 2016. While we still have work to do as we head into next year, I’m taking a few minutes today to congratulate our team and partner community on a recent product award from CRN.

Just two months out in the market and AVG Managed Workplace 9.2, our remote monitoring and management (RMM) platform with premium remote control, is the winner of the CRN Tech Innovator Award for Managed Services.

The platform is our best remote monitoring and management (RMM) solution to date. With premium remote control integrated directly at no extra cost, we have made it easier than ever for our partners to provide remote IT management services to their business customers. Our development process, as always, was heavily influenced by the input of our partners from across the globe.

Winning product recognition like this is a true testament of our partners’ support and their feedback helps us keep innovating and responding to the market needs.

Don’t just take it from me. We have many partners that are already using AVG Managed Workplace 9.2 to protect, secure and manage their clients’ networks and systems, and have great things to say.

Here is a quick look at the feedback:

“The new remote control feature is fabulous and we use it continuously. Almost instantly at the time we get a help desk call, we are remoting back into that desktop. We have a 12 minute SLA for an initial communication. To be able to get back in and have the engineer fixing the problem that quickly is amazing. Exceptional, responsive customer service is a top priority for Mirazon. AVG Managed Workplace is the product that allows us to do that. It gives us the critical information and details we need to resolve problems quickly and keep our customers very happy.”
– Karen Albers, Partner, Mirazon

 

”Without a doubt, AVG Managed Workplace’s reporting features are what enable us to close more business deals with healthcare providers. The Inventory Control, Content Filtering, and Network Health reports in particular are invaluable and what our clients want to see day-in and day-out. Plus, the remote control features allow our Support Engineers to proactively work on machines in the background and fix issues while physicians are still treating patients.”
– Shawn Miller, President and CEO, ConXit Healthcare Technology Group Inc

 

“We recently previewed AVG Managed Workplace 9.2 and immediately noticed the advantages of the remote control features, the faster speed and the added tools. We are looking forward to making this available to our IT support teams as soon as possible to deliver excellent customer support.”
– Luis Flores, Help Desk Analyst, Tecnet Canada

 

“We’re very pleased with the new release of AVG Managed Workplace and specifically with the improvements with Patch Management and Maintenance releases. Now we’re able to automate more tasks, more easily and provide proactive services to end customers.”
— Elias Grim, Director of Support, Alura Business Solutions

 

As businesses continue to struggle with security and protection, we will continually strive to provide superior products and services that help our customers successfully and securely compete in today’s rapidly changing environment. This latest award from CRN is further recognition that our strategy is paying off. Thank you for your support!

Debian

DSA-3405 smokeping – security update

Tero Marttila discovered that the Debian packaging for smokeping
installed it in such a way that the CGI implementation of Apache httpd
(mod_cgi) passed additional arguments to the smokeping_cgi program,
potentially leading to arbitrary code execution in response to crafted
HTTP requests.

US-CERT

Dell Computers Contain CA Root Certificate Vulnerability

Original release date: November 24, 2015 | Last revised: November 25, 2015

Dell consumer personal computers using the preinstalled certificate authority (CA) root certificate (eDellRoot) contain a critical vulnerability. Exploitation of the vulnerability could allow a remote attacker to read all encrypted web browser traffic (HTTPS), successfully impersonate (spoof) any website, or perform other attacks on the affected system.

The eDellRoot certificate originated from an update to the Dell Foundation Services (DFS) application on August 18, 2015.  As of November 23, that update is no longer being provided. The certificate was also preinstalled on some systems between November 20-23, 2015. Dell is pushing a DFS software update to remove the vulnerable certificate from affected systems.

US-CERT encourages users and administrators to review Vulnerability Note VU#870761 and Dell’s blog post for more information and guidance on removing the certificate.

This product is provided subject to this Notification and this Privacy & Use policy.

NVD

CVE-2015-0856

daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.

NVD

CVE-2015-5053

The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict access to third-party device IO memory, which allows attackers to gain privileges, cause a denial of service (resource consumption), or possibly have unspecified other impact via unknown vectors related to the follow_pfn kernel-mode API call.

NVD

CVE-2015-5281

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu.

NVD

CVE-2015-7808

The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments.