KACE SDA October 2023 Critical Security Update Available (4373736)

Multiple security issues are being addressed with this hotfix update.

• Exim released several vulnerability reports at the end of September 2023 and provided a fixed version shortly thereafter.
• Quest has also discovered an undisclosed security vulnerability which could potentially allow privilege escalation in the SDA products, under certain conditions.

Affected versions: All SDA versions.

A hotfix has been tested and released to address the Exim vulnerabilities (K2-7843) and undisclosed privilege escalation vulnerability (K2-7836). We recommend that all customers apply this hotfix to all KACE SDA instances that their organization may have. These vulnerabilities have not yet been exploited to our knowledge, and they are completely resolved with the application of this hotfix.

The vulnerabilities affect all SDA appliance versions, and it is our recommendation that all customers apply the hotfix immediately. Customers still running SDA version 8.2 or earlier are required to upgrade to 9.0 or later before applying the hotfix.

Hotfix will be applicable to the following versions:
9.0.146
9.1.178
9.2.106

Incremented versions will appear on the Appliance after successful application of this hotfix. 

How to get hotfix applied:

Option 1: Advertised Updates under Settings | Appliance Updates

Under Server Actions click on "Update Now" for latest advertised appliance update (9.0.147, 9.1.179. 9.2.107). This is not a full upgrade and typically takes a few minutes to apply, no reboot will take place.

Option 2: Manual update by downloading hotfix from the support portal.
9.0 Downloads (Required if not currently running 9.0.147)
9.1 Downloads (Required if not currently running 9.1.179)
9.2 Downloads (Required if not currently running 9.2.107)

Note: Applying the hotfix manually will not require a reboot, but the red banner may remain after applying the hotfix if the critical security update was already advertised to the appliance.