Note: this article is about a current event which is still highly evolving. We encourage customers to revisit as we update the article as things continue to change. Recently, the world received notice of a far-reaching intrusion campaign, potentially affecting thousands of companies and organizations—some of which are government organizations. The malicious code, referred to as "SUNBURST", is aiming at heavily obfuscating its presence (Trojan Horse) to allow lateral movement further into the infrastructure and the gathering of data to be transferred to third-parties. Such a breach has far reaching consequences, requiring quick action and a sophisticated response to ensure that breached networks and systems become secure once again. More details will still reach the surface in the weeks and months ahead, but so far, we know that certain updates of the SolarWinds Orion Platform, which is the current base for many further products like the SolarWinds Network Performance Monitor, had been tainted to distribute a back door through a certain library. This library is usually an inconspicuous plugin used in the Orion Platform product, however, in this case it carried a malicious payload introduced through a so-called supply-chain attack. Various teams across different Flexera solutions, namely Data Platform (DP) and Software Vulnerability Management (SVM), have been working overtime to ensure that our customers get immediate visibility on the impact of this and other vulnerabilities.   Data Platform and/or Technopedia As of December 16, 2020, customers can expect to see: all impacted SolarWinds products and/or releases are captured in Technopedia any existing discovered data (a.k.a. evidence) that maps to the impacted products and/or release are recognized. Note that any new evidence that customers bring in their inventory may still need to go through the gap-fill process. if the entitlement to InfoSec Content Pack is active: impacted products will be identified any CPE’s associated with the impacted products and/or releases are linked up-to-date Secunia Advisory information linked to the available CPE’s is provided  In the future, customers can expect to see: CVE references associated with the vulnerabilities. The publication is dependent upon review/approval by the National Vulnerability Database (NVD). The CVE’s are currently in the ‘’reserved” status, Technopedia updates the CVE content on a daily basis. threat intelligence associated with the advisory (as provided by Flexera’s Secunia Research) The score associated with our security advisory today is lower than expected due to a missing CVE reference which we anticipate will be addressed shortly IT Visibility IT Visibility customers can expect to see any detected installations of impacted SolarWinds products and/or releases in their inventory, providing the evidence already exists in our recognition library. Any net new evidence may still need to go through the gap-fill process. The capability to show the vulnerability information, however, is not currently available in IT Visibility. This is something that we’re actively working on to make available in the first half of 2021.   FlexNet Manager Suite (FNMS) Similar to IT Visibility, FNMS customers can also expect to see SolarWinds applications which are potentially impacted by this attack. Given the fact that applications granularity in FNMS is captured only at the major.minor version, further investigation may be needed to identify the subset of installations in their inventory with the exact build and/or patch levels.   Software Vulnerability Management (SVM), including Software Vulnerability Research (SVR) As of December 16, 2020, SVR customers can expect to see: up-to-date Secunia Advisory which contains detail information on the vulnerabilities, including the solutions/patches and available CPEs highlight of the Secunia Advisory as part of the 0-day (Zero Day) module In the future, SVM customers can expect to see: impacted software products and/or versions being detected in their inventory. We are working to obtain the vulnerable products required to create file signatures. If you are aware of a customer that is impacted and is seeking detection, please have them submit a request through the normal software suggestion process which will help us to get the details necessary. CVE’s associated with the vulnerabilities as they are being published by a trusted source (for example, the vendor SolarWinds or MITRE) threat intelligence information associated with the vulnerabilities (as they are being released by our resources) The score associated with our Secunia Advisory today is lower than expected due to a missing CVE reference which we anticipate will be addressed shortly   Appendix List of impacted SolarWinds products and/or releases: SolarWinds Network Performance Monitor 2019.x SolarWinds Network Performance Monitor 2020.x SolarWinds Orion Platform 2019.x SolarWinds Orion Platform 2020.x   List of associated Secunia Advisories: SA99447: SolarWinds Orion Platform / Network Performance Monitor Multiple Vulnerabilities SA99535: SolarWinds N-Central / Multiple Vulnerabilities (not related to SUNBURST)   List of available, impacted CPEs: cpe:/a:solarwinds:orion_network_performance_monitor:2019.4:hotfix2 cpe:/a:solarwinds:orion_platform:2019.4:- cpe:/a:solarwinds:orion_platform:2020.2:- cpe:/a:solarwinds:orion_platform:2020.2.1:-   List of associated CVEs: (will be updated as soon as we received data from trusted resources. Please check back for any future updates.) ... View more

One can install AdminStudio in a local VM or in one hosed in the cloud, but it does not change the number of users permitted to access the licensed installation. AdminStudio can be installed on a workstation, physical or virtual, that’s in the licensee’s control That virtual machine can be running on a local workstation, on a server in a hosted data center, or in a private/public cloud The control requires that this virtual machine running in a cloud cannot be accessible by anyone other than the licensee’s users that are covered under the AdminStudio license In short, the same per user & machine license restrictions are help regardless of where AdminStudio is installed So yes, you can but you must keep in mind that just because others could access this virtual machine, only the users where licenses have been procured for them are legally entitled to use it. Example: customer buys 5 AdminStudio Enterprise licenses. This grants the installation of AdminStudio on up to 5 machines that up to 5 specific people can use (it’s not for sharing among a larger group). ... View more

Software Vulnerability Manager, in its next release scheduled for the week of December 14th, will introduce the ability to integrate with Microsoft Intune. This integration will enable you to publish both, Flexera Software Package System and Vendor Patch Module patches to Intune. All the update packages created in SVM (MSI and EXE) will first be wrapped into Intune’s native format, intunewin, and then published to Intune. Here is a sneak peak of how this much anticipated integration is shaping up for release planned before year’s end. Connection to Microsoft Intune One of tools in SVM Client toolkit is SVM Patch Configuration (aka Patch Daemon). The SVM Patch Configuration tool lets you setup connection between the SVM server and external deployment systems. The deployment system that is currently supported is Windows Server Update Services (WSUS) and it is being enhanced to support Microsoft Intune as well. The tool will provide various configuration settings to establish a connection between SVM and Intune. A prerequisite to setup this connection is to register SVM in Intune. During the registration process  configuration settings like Client Id and Client Secret can be obtained from Intune. You will be able to choose one of the following two ways to publish patches from SVM to Intune: Automated publishing and manual (individual) publishing of patches. Automatic publishing of patches to Microsoft Intune In SVM, you can subscribe your desired patches either in Flexera Software Package System (SPS) or Vendor Patch Module (VPM) for automatic publishing. The Patch Configuration tool monitors when a new version of the installer is available, based on your subscription. When configured, SVM will grab each new version and publish it to the connected deployment system automatically (considering optional filters if specified). There will be no change in the way you subscribe to the packages today. However, along with new connection settings for Intune, another new setting will be introduced in the Patch Configuration tool where you may specify your preferred deployment system. To leverage Intune for automated publishing of patches, you need only specify the configuration settings required for Intune connection and set Intune as your preferred deployment system. When a new version of the application is available, the Patch Configuration tool will publish it to Intune automatically. Manual publishing of packages to Microsoft Intune In the Create Update Package wizard, on Step 4, a new option will be introduced to publish the newly created package through this wizard, to Intune. There will be no change in the way you create a single update package today for publishing to WSUS. However, there will be a change in the way how this newly created update package will be published to Intune. Upon successfully completing the wizard to create an update package to publish to Intune, this new package will appear in the Subscription Status view under the Patching menu. The Patch Configuration tool during its next check-in time will pick this new package and publish it to Intune. Along with the automatic publishing of packages, the Patch Configuration tool will also take care of the manual publishing of the packages. This approach will take SVM an important step forward in efforts to eliminate the requirement of ActiveX and Internet Explorer as a dependency in the future. Support for Microsoft Intune in SVM has been a top requests from our customers. We would love to hear feedback. Please use the comment section below to share your thoughts or a private message to request a one on one session where we can engage in a discussion. Important Note: This functionality is still under implementation. While there is possibility that some of the options/settings could be named differently or placed differently in the final product, the functionality will remain unchanged. ... View more

We have a couple of new enhancements being rolled out over the next week to call to your attention, including: Hardware Normalization Improvements Inclusion of FNMS Organization Data New Discovery Sources Hardware Normalization Improvements With this update, we will normalize more hardware (most notably virtual machines) by matching to manufacturer level if neither model nor product is available. With this known issue now addressed, you can expect to see a significant increase in reported hardware. IT Visibility was matching hardware only if the most granular level of either model or product were available, which omitted many items. Most significantly, virtual machines only provide enough data to be normalized for manufacturer, not for model or product, which meant we were not showing them in IT Visibility at all. Note that while a significant improvement, we still have more plans for support of virtual machines. In the future, we intend to clearly identify systems as virtual along with relationships to their hosts.    Inclusion of FNMS Organization Data For customers that have such details populated in FNMS Cloud, we will now show location, business unit, and cost center details for hardware in IT Visibility.  If you have FNMS Cloud, these three fields are available via “view details” and as part of the CSV export. We realize that it would be preferable to include these details as hierarchal data, exposed directly in the primary view of the interface and we are headed in that direction. As you have likely heard, we are in the progress of implementing an improved user experience for exploring inventory items and creating ad-hoc reports. If you have not seen this, please contact your Flexera representative for a demonstration. In the meantime, if you are leveraging IT Visibility data in external BI or reporting systems, you will be happy to see these new attributes are also included in as part of the IT Visibility Export capability.   New Discovery Sources We are happy to announce support for SolarWinds and JAMF Pro as new IT Visibility discovery sources. You may now connect to these systems to leverage your investments in these on top of our existing discovery sources. ... View more