📣 Our 2023 State of Sysadmin is here!
We surveyed over 1,000 IT pros to understand:
⭐Salary information across industry and tenure
⭐Popular applications for the many jobs to be done
⭐Which industries face the most cybersecurity threats
Check it out now: the state of sysadmin Opens a new window Opens a new window Opens a new window pdf
We'd love to hear your insights
https://www.pdq.com/blog/patch-tuesday-january-2023/ Opens a new window
Here are the highlights:
CVE-2023-21674 Opens a new window Opens a new window Opens a new window - It is not often that the highest-rated CVE for the month is also the one that is already exploited. This elevation of privilege vulnerability is for the Advanced Local Procedure Call (ALPC). An attacker that successfully exploits this will get system privileges. It requires no user interaction and low privileges to exploit. That is all bad. On the slightly more positive side, it only has a local attack vector Which limits how exploitable it is, which is why it comes in as an 8.8 CVE.
CVE-2023-21549 Opens a new window Opens a new window Opens a new window - This is another elevation of privilege exploit that has already been publicly disclosed, although not already exploited. This has a network attack vector and does not require any user interaction. It does require the attacker to have basic user privileges to exploit. An attacker that successfully uses this exploit would run a malicious script that would execute an RPC call that would allow him to run code as a privileged account.
CVE-2023-21732 Opens a new window Opens a new window Opens a new window - This Remote Code Execution Vulnerability uses the Open Database Connectivity (ODBC). It has a network attack vector and requires no privileges to execute. Luckily this does require a user to connect to a malicious SQL server. An attacker that gets a user to connect would be able to remotely execute code on the system. This exploit is also rated as an 8.8.
Nov 30, 2022 at 02:13 UTC
Sometimes in IT.... no news is good news ??
CVE-2022-41047 Opens a new window Opens a new window: This is the highest rated critical exploit. At 8.8, it’s a Remote Code Execution vulnerability impacting the ODBC driver. It has a network attack vector and does not require any privileges. It’s only at an 8.8 because it requires a user to click on a malicious link, which would allow the attacker to execute code remotely on the system.
CVE-2022-41128 Opens a new window Opens a new window: This is another 8.8 that has a lot of similar metrics as #1, only it uses Windows Scripting Language and requires the user to connect to a corrupted server instead of clicking on a corrupted link. This one has the added benefit of being one of the exploits that is publicly known already.
CVE-2022-41091 Opens a new window Opens a new window: This exploit is only rated as a 5.4 and impacts the Windows Mark of the Web Security feature. It requires the user to click on a malicious link to be effective, resulting in a limited loss of availability and integrity. Normally one rated this low would not earn any type of mention, but this one is both actively used in the wild and publicly known. It’s rare that a single exploit falls in both categories, so I figured I would toss in a mention.
It's that time of year! No, pumpkin spice season is over, and eggnog hasn't begun. It's time for the State of Sysadmin Survey brought to you by PDQ, @SmartDeploy, and SimpleMDM
Oct 25, 2022 at 18:59 UTC
I would have to retire
Fingers getting too much workout scrolling for this answer....
I have SW Cloud Inventory setup. I have PDQ Deploy and inventory setup and working. How the heck do I get them tied together so that I can deploy items using the SW Agent? I do see where the settings are configured, but all the references I am finding only refer to On-Prem. Any ideas?
- View 2 other comments
Sep 7, 2022 at 09:12 UTCNot sure what you mean. I wasn't among those voting down your post. I did not speculate why you did not succeed to find the information mentioned. I'm astonished when looking at (poor) searching strategies of some people around me. And sometimes, I also need some help for good searching strategy for subject domains I'm less familiar. And at least I've better and worse days. So I guess the same for you. I did not claim that you would have the same challenges every time you're searching an answer. So don't interpret too much in some nuances and don't take it too personal.I was not even aware that documentation for the Spiceworks Collection Agent was going to the level of PDQ Deploy. I would have expected that the documentation stopped a step before. Only when supplying what I remembered, I saw that it was going even into this detail.
(I don't have nor use PDQ Deploy although I've read good reviews about it.)In principle, you may do the same for the Spiceworks Scanning Agent too. This part of documentation does not go into such detail. But you don't want the Scanning Agent on as many devices as the Collection Agent. 1-2 Scanning Agents per network should be sufficient. If you use scanning of Scanning Agent per network in certain setups, you avoid certain symptoms. E.g. I don't yet need nor use an AD setup. In the design of the agents makes that the use of AD is also a means of preventing some symptoms. But in a workgroup setup like mine, I see these symptoms when using the Scanning Agent to scan across network boundaries. It works, but with symptoms and encountering other limitations of Spiceworks Inventory Online. Manual editing of the result set helps in coping with such limitations and symptoms, before various feature requests get implemented.
- So was this documentation helpful or is your need something different, encountering some difficulty not yet disclosed?
Sep 7, 2022 at 12:16 UTC
Wow - Interesting tone. Certainly changed since I first started on here...
I, too, have been in the business a long time. What I was asking for was some advice on making the 2 pieces of software work together correctly instead of a dissertation. I will circle back and look at the agent deployment again, however all the links you so helpfully provided, tell me things I already know - all about how to deploy agents. This is not what I need and was searching for help on. I was looking for help with the settings within PDQ Deploy to interface with Spiceworks Cloud Inventory so that I can utilize the PDQ Software for deployments via the agent.
Hope that clears it up for those that may not have a grasp on reading what I am asking for assistance regarding.....
This week, Jordan and Lex will show you how you can monitor and track the state of your environment over time with PDQ Inventory + PowerShell Tomorrow (7/29) at 10am MT / 12p ET.
I have been running PDQ Inventory Enterprise for a few years, now latest patch installed.
But I have many PCs that the last scan date is not updated (for months and years) while the users can be sitting a few feet from me....so I know they are here. Weird part is that PDQ Inventory does see them online. I even perform manual scans...Edited Apr 21, 2021 at 08:40 UTC
PDQ Link automates the installation and configuration of two Microsoft server roles NPS (network policy server) and RAS (remote access server). Link then creates a client-side installer that builds the connection back to the configured server, then keeps that connection alive. This connection can then be used for anything, its like the client computer was still in the office
Sign up and download here: https://landing.pdq.com/pdq-link Opens a new window
Aug 18, 2020 at 20:08 UTC
Check out the blog Jordan wrote as well. https://www.pdq.com/blog/introducing-pdq-link/ Opens a new window
Aug 18, 2020 at 22:15 UTC
Not exactly what I was hoping for, but this solution will help a number of companies out there!
I believe they are doing a live webinar on this topic at https:/ Opens a new windowEdited Aug 19, 2020 at 02:17 UTC
/ live.pdq.com Opens a new window on Thursday 8/20 @ 10:30 or 11am I think.
Customize Header Background
Customize Page CSS
This is the CSS that will be included for all tabs for this vendor page.