Rapid7-Managed Sysmon 14.16 Upgrade Progress
The Sysmon Installer component that is included with all InsightIDR and MDR-subscribed Insight Agents has been updated to deploy Sysmon version 14.16 to all desktop editions of Windows 8.1, 10, and 11. This milestone is part of a larger effort to upgrade all Rapid7-managed deployments of the Sysmon service to remediate CVE-2023-29343, a privilege elevation vulnerability affecting Sysmon version 14.13.
Due to an issue reported on Microsoft's Q&A forum indicating that Sysmon 14.16 could be causing system crashes on assets running Windows Server, we are pausing the 14.16 upgrade rollout for assets running Windows Server 2012, 2012 R2, 2016, 2019, and 2022 while we investigate. We plan to continue the 14.16 rollout in early July and will provide another release update here with the latest progress.
While the Sysmon Installer component is managed independently from the Insight Agent itself, its update behavior is still subject to the update settings you have configured in Agent Management. As long as Enable automatic updates and Keep me on the latest version are selected for your organization, your assets with installed Insight Agents will receive the Sysmon 14.16 upgrade automatically. If your organization does not currently have automatic updates enabled, or does but with a version lock applied, you will need to change your update settings as stated to receive the Sysmon 14.16 upgrade.