KACE SMA October 2023 Critical Security Update Available (4373086)

Multiple security and non-security issues are being addressed with this hotfix update.

• Exim released several vulnerability reports at the end of September 2023 and provided a fixed version shortly thereafter.
• Quest has also discovered an undisclosed security vulnerability which could potentially allow privilege escalation in the SMA family of products, under certain conditions.
• A non-security related fix for defect K1-34635 is included to resolve a potential performance issue for SMA version 13.1.

Affected versions: All SMA family products and versions.

A hotfix has been tested and released to address the Exim vulnerabilities (K1-34657), undisclosed privilege escalation vulnerability (K1-34610), and the non-security performance fix (K1-34635). We recommend that all customers apply this hotfix to all KACE SMA instances that their organization may have. These vulnerabilities have not yet been exploited to our knowledge, and they are completely resolved with the application of this hotfix.

The vulnerabilities affect all SMA family appliance versions, and it is our recommendation that all customers apply the hotfix immediately. Customers still running SMA version 12.1 or earlier are required to upgrade to 13.0 or later before applying the hotfix.

Hotfix will be applicable to the following versions:
13.0.383
13.1.79

Incremented versions will appear on the Appliance after successful application of this hotfix. 

How to get hotfix applied:

Option 1: Advertised Updates under Settings | Appliance Updates

Under Server Actions click on "Update Now" for latest advertised appliance update (13.0.384, 13.1.80). This is not a full upgrade and typically takes a few minutes to apply and reboot.

Option 2: Manual update by downloading hotfix from the support portal.
13.0 Downloads (Required if not currently running 13.0.383)
13.1 Downloads (Required if not currently running 13.1.79)

Note: Applying the hotfix manually will not require a reboot, but the red banner will remain after applying the hotfix if the critical security update was already advertised to the appliance.