Notification

Icon
Error

WhatsApp Mobile Zero-Day Vulnerability

Posted: Tuesday, May 14, 2019 10:04:46 AM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 1,676
1
Like
Facebook released a new version of the WhatsApp mobile application in order to fix CVE-2019-3568, a critical zero-day vulnerability which allows for spyware installation on mobile devices.

To find an detect Intune mobile devices that have an outdated WhatsApp version, you can run the report below. You can learn more about mobile device scanning through Intune here. Please note that you will need Lansweeper version 7.1 or higher to use Intune mobile device scanning. Instructions to run this report can be found here: https://www.lansweeper.c...How-to-run-a-report.aspx

This report checks whether your application's version is not on the latest one at the moment of publishing. If not, the device will show as vulnerable in red.

Code:
Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblADusers.Username,
  tsysAssetTypes.AssetTypename As AssetType,
  tblIntuneDevice.Manufacturer,
  tblIntuneDevice.Model,
  tblIntuneDevice.OperatingSystem As OS,
  tblIntuneDevice.OsVersion,
  tblIntuneApplication.DisplayName,
  tblIntuneApplication.Version,
  Case 
when tblIntuneDevice.OperatingSystem Like '%iOS%' AND tblIntuneApplication.DisplayName = 'Whatsapp' AND 
tblIntuneApplication.Version NOT LIKE '2.19.51%' then 'Vulnerable'
when tblIntuneDevice.OperatingSystem Like '%iOS%' AND tblIntuneApplication.DisplayName Like '%Whatsapp%Business%' AND 
tblIntuneApplication.Version NOT LIKE '2.19.51%' then 'Vulnerable'

when tblIntuneDevice.OperatingSystem Like '%Android%' AND tblIntuneApplication.DisplayName = 'Whatsapp' AND 
tblIntuneApplication.Version <> '2.19.134' then 'Vulnerable'
when tblIntuneDevice.OperatingSystem Like '%Android%' AND tblIntuneApplication.DisplayName Like '%Whatsapp%Business%' AND 
tblIntuneApplication.Version <> '2.19.44' then 'Vulnerable'

when tblIntuneDevice.OperatingSystem Like '%Windows%' AND tblIntuneApplication.DisplayName = '%Whatsapp%' AND 
tblIntuneApplication.Version <> '2.18.348' then 'Vulnerable'
when tblIntuneDevice.OperatingSystem Like '%Tizen%' AND tblIntuneApplication.DisplayName Like '%Whatsapp%' AND 
tblIntuneApplication.Version <> '2.18.15' then 'Vulnerable'
    Else 'Safe'
  End As [Vulnerable/Safe],
  tblIntuneDevice.SubscriberCarrier,
  tblIntuneDevice.Imei,
  tblIntuneDevice.SerialNumber,
  tblIntuneDevice.EnrolledDateTime,
  tblIntuneDevice.LastSyncDateTime,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
Case 
when tblIntuneDevice.OperatingSystem Like '%iOS%' AND tblIntuneApplication.DisplayName = 'Whatsapp' AND 
tblIntuneApplication.Version NOT LIKE '2.19.51%' then '#ffadad'
when tblIntuneDevice.OperatingSystem Like '%iOS%' AND tblIntuneApplication.DisplayName Like '%Whatsapp%Business%' AND 
tblIntuneApplication.Version NOT LIKE '2.19.51%' then '#ffadad'

when tblIntuneDevice.OperatingSystem Like '%Android%' AND tblIntuneApplication.DisplayName = 'Whatsapp' AND 
tblIntuneApplication.Version <> '2.19.134' then '#ffadad'
when tblIntuneDevice.OperatingSystem Like '%Android%' AND tblIntuneApplication.DisplayName Like '%Whatsapp%Business%' AND 
tblIntuneApplication.Version <> '2.19.44' then '#ffadad'

when tblIntuneDevice.OperatingSystem Like '%Windows%' AND tblIntuneApplication.DisplayName = '%Whatsapp%' AND 
tblIntuneApplication.Version <> '2.18.348' then '#ffadad'
when tblIntuneDevice.OperatingSystem Like '%Tizen%' AND tblIntuneApplication.DisplayName Like '%Whatsapp%' AND 
tblIntuneApplication.Version <> '2.18.15' then '#ffadad'
    Else '#d4f4be'
  End As backgroundcolor
From tblAssets
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tblAssetCustom On tblAssetCustom.AssetID = tblAssets.AssetID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblIntuneDevice On tblIntuneDevice.AssetId = tblAssets.AssetID
  Left Join tblADusers On Lower(tblIntuneDevice.EmailAddress) In
    (Lower(tblADusers.email), Lower(tblADusers.UPN))
  Inner Join tblIntuneDeviceApplication On tblIntuneDevice.Id =
    tblIntuneDeviceApplication.IntuneDeviceId
  Inner Join tblIntuneApplication On tblIntuneApplication.Id =
    tblIntuneDeviceApplication.IntuneApplicationId
Where tblIntuneApplication.DisplayName Like '%Whatsapp%' And
  tblState.Statename = 'Active'
Order By tblAssets.AssetName

Active Discussions

Lansweeper Firefox 67.0.3 zero-day vulnerability
by  B Claeys   Go to last post Go to first unread
Last post: Today at 3:13:30 PM(UTC)
Lansweeper BlueKeep Vulnerability
by  heybobby1  
Go to last post Go to first unread
Last post: Today at 3:02:34 PM(UTC)
Lansweeper VLC Player CVE-2019-5439
by  Esben.D   Go to last post Go to first unread
Last post: Yesterday at 9:19:29 AM(UTC)
Lansweeper Enabled/Disabled Local/AD Admin accounts
by  vqT4cDoP9iXyMZwoDUWU  
Go to last post Go to first unread
Last post: 6/17/2019 9:12:30 PM(UTC)
Lansweeper code in posts
by  AZHockeyNut   Go to last post Go to first unread
Last post: 6/14/2019 4:39:46 PM(UTC)
Lansweeper Adding more info to asset report
by  RC62N   Go to last post Go to first unread
Last post: 6/13/2019 9:46:31 PM(UTC)
Report Center Top 5 Average RAM Usage
by  Esben.D  
Go to last post Go to first unread
Last post: 6/13/2019 1:15:31 PM(UTC)