Blog

Why Moving Beyond CVSS Scores is a Business Imperative

Published 27 June 2022 3 min read

By Holly Hicks

Organizations today find themselves at a critical turning point in the evolution of their vulnerability management efforts. New vulnerabilities are being published more quickly than teams can credibly analyze and remediate them (currently greater than 75 per day), while at the same time a serious talent shortage has developed. According

Read More
DeepSurface 2.7

Published 15 December 2021 4 min read

By Ken Williams

DeepSurface Risk Analyzer Version 2.7 has new capabilities for dashboard customization, richer reporting and new flexibility in hostname tagging. We’ve also available in the Azure Marketplace as a BYOL solution!

Read More
A View of PrintNightmare Through the Lens of Prioritization

Published 29 November 2021 2 min read

By Ken Williams

Now that the dust has settled around CVE-2021-34527, also known as PrintNightmare, we thought we’d use it as an example of how DeepSurface can reprioritize even the highest priority vulnerabilities, saving you and your patch team hours of effort.

Read More
Announcing DeepSurface 2.6

Published 15 November 2021 2 min read

By Rhiannon Pacheco

DeepSurface Risk Analyzer Version 2.6 includes path summaries, third party integrations with Okta 2FA & SAML, MacOS agentless scanning support & Amazon Linux patch feeds

Read More
DeepSurface Security Advisory: LPE in Firefox on Windows

Published 28 September 2021 3 min read

By Robert Chen

Firefox is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. This would allow an attacker to perform a local privilege escalation attack against Firefox users using the same Windows system.

Read More
DeepSurface Security Advisory: LPE in Adobe Reader on Windows

Published 16 September 2021 3 min read

By Robert Chen

Adobe Reader is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. This would allow an attacker to perform a local privilege escalation attack against Adobe Reader users using the same Windows system.

Read More
DeepSurface 2.4

Published 13 August 2021 3 min read

By Timothy Morgan

DeepSurface 2.4 expands our reporting capabilities to enable exportable reports to XLSX and PDF, added support for Thycotic Secret Server PAM, easier setup/administration including emailing of generated reports, and enhancements of our windows agent.

Read More
DeepSurface now integrates with Microsoft Defender for Endpoint

Published 4 August 2021 2 min read

By James Dirksen

DeepSurface announces integration with Microsoft Defender for Endpoint - now imports vulnerability scanner data, missing patches and misconfigurations across Microsoft, Linux and Mac hosts.

Read More
DeepSurface Security Advisory: LPEs in Node.js on Windows (CVE-2021-22921)

Published 2 July 2021 3 min read

By Robert Chen

Node.js is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms.

Read More
DeepSurface Security Advisory: Local Privilege Escalation in RabbitMQ on Windows (CVE-2021-22117)

Published 9 June 2021 3 min read

By Robert Chen

OverviewRabbitMQ is a popular open source message broker, used worldwide by companies like T-Mobile and SolarWinds. Its flexibility and speed makes it easy to integrate with other applications, such as SolarWinds Orion Platform. Since we previously reported CVE-2021-29221 against the popular programming language Erlang, we suspected RabbitMQ would be vulnerable

Read More
DeepSurface Security Advisory: Local Privilege Escalation in Confluence on Windows

Published 2 June 2021 3 min read

By Robert Chen

OverviewAtlassian Confluence Server is a popular web-based corporate content management system, allowing remote teams to collaborate efficiently on projects. With over sixty thousand customers including Docker, Linkedin, and Twilio, vulnerabilities in Confluence could have a significant impact on a large user base. While performing detailed service permissions analysis using our

Read More
Announcing DeepSurface 2.2!

Published 1 June 2021 2 min read

By Dan Caccavano

Release 2.2 brings some exciting new features and changes in the form of tags and some UI/UX updates that make the product even easier to use.

Read More
Announcing DeepSurface 2.1!

Published 30 April 2021 2 min read

By Dan Caccavano

We’re thrilled to announce DeepSurface 2.1, an improvement on DeepSurface 2.0 that makes it even easier to use. We’ve reorganized some things, added different nomenclature for increased efficiencies allowing you discover and remediate risk even faster.

Read More
DeepSurface Security Advisory: Local Privilege Escalation in Octopus Deploy on Windows (CVE-2021-26556)

Published 13 April 2021 3 min read

By Robert Chen

OverviewOctopus Deploy is a popular DevOps automation platform that enables teams to more efficiently manage configuration, API keys, and permissions. Octopus Server allows users to self-host this platform, and is installed as a service on the host. This service runs as Local System and is a very impactful target for

Read More
DeepSurface Security Advisory: Local Privilege Escalation in Erlang on Windows (CVE-2021-29221)

Published 4 April 2021 5 min read

By Robert Chen

OverviewErlang is a popular general-purpose programming language and runtime environment, with support for concurrency commonly found on many distributed systems. When distributed on Windows machines, the Erlang emulator can also be run as a service with the erlsrv.exe command. This seems to be commonly used with popular software, such

Read More