SQL Server 2019
Update SQL Server 2019 to version 15.0.4003.23

What patches are you missing?



CVE Vulnerabilities for SQL Server 2019

CVEPublishedSeverityDetailsExploitability Impact Vector
CVE‑2024‑00562024‑01‑09 18:15:47HIGH (9)Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability26NETWORK
CVE‑2023‑381692023‑08‑08 18:15:22HIGH (9)Microsoft SQL OLE DB Remote Code Execution Vulnerability36NETWORK
CVE‑2023‑367852023‑10‑10 18:15:18HIGH (8)Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability26LOCAL
CVE‑2023‑367302023‑10‑10 18:15:17HIGH (8)Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability26LOCAL
CVE‑2023‑367282023‑10‑10 18:15:17MEDIUM (6)Microsoft SQL Server Denial of Service Vulnerability24LOCAL
CVE‑2023‑364202023‑10‑10 18:15:12HIGH (8)Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability26LOCAL
CVE‑2023‑364172023‑10‑10 18:15:12HIGH (8)Microsoft SQL OLE DB Remote Code Execution Vulnerability26LOCAL
CVE‑2023‑320282023‑06‑16 01:15:28HIGH (8)Microsoft SQL OLE DB Remote Code Execution Vulnerability26LOCAL
CVE‑2023‑320272023‑06‑16 01:15:28HIGH (8)Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability26LOCAL
CVE‑2023‑320262023‑06‑16 01:15:28HIGH (8)Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability26LOCAL
CVE‑2023‑320252023‑06‑16 01:15:28HIGH (8)Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability26LOCAL
CVE‑2023‑293562023‑06‑16 01:15:28HIGH (8)Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability26LOCAL
CVE‑2023‑293492023‑06‑16 01:15:28HIGH (8)Microsoft ODBC and OLE DB Remote Code Execution Vulnerability26LOCAL
CVE‑2023‑233842023‑04‑11 21:15:18HIGH (7)Microsoft SQL Server Remote Code Execution Vulnerability43NETWORK
CVE‑2023‑217182023‑02‑14 20:15:15HIGH (8)Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability26LOCAL
CVE‑2023‑217132023‑02‑14 20:15:14HIGH (9)Microsoft SQL Server Remote Code Execution Vulnerability36NETWORK
CVE‑2023‑217052023‑02‑14 20:15:14HIGH (9)Microsoft SQL Server Remote Code Execution Vulnerability36NETWORK
CVE‑2023‑217042023‑02‑14 20:15:14HIGH (8)Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability26LOCAL
CVE‑2023‑215282023‑02‑14 20:15:12HIGH (8)Microsoft SQL Server Remote Code Execution Vulnerability26LOCAL
CVE‑2022‑291432022‑06‑15 22:15:13HIGH (8)Microsoft SQL Server Remote Code Execution Vulnerability26NETWORK
CVE‑2021‑16362021‑01‑12 20:15:30HIGH (9)Microsoft SQL Elevation of Privilege Vulnerability36NETWORK
CVE‑2020‑06182020‑02‑11 22:15:13HIGH (9)A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.36NETWORK
CVE‑2019‑10682019‑07‑15 19:15:17MEDIUM (7)A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.00NETWORK
CVE‑2019‑08192019‑05‑16 19:29:01MEDIUM (4)An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'.00NETWORK
CVE‑2018‑82732018‑08‑15 17:29:03CRITICAL (10)A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This affects Microsoft SQL Server.46NETWORK
CVE‑2017‑85162017‑08‑08 21:29:01HIGH (8)Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability".44NETWORK
CVE‑2016‑72542016‑11‑10 07:00:08MEDIUM (7)Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."00NETWORK
CVE‑2016‑72532016‑11‑10 07:00:07MEDIUM (7)The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability."00NETWORK
CVE‑2016‑72522016‑11‑10 07:00:06MEDIUM (4)Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure Vulnerability."00NETWORK
CVE‑2016‑72512016‑11‑10 07:00:05MEDIUM (4)Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."00NETWORK
CVE‑2016‑72502016‑11‑10 07:00:04MEDIUM (7)Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."00NETWORK
CVE‑2016‑72492016‑11‑10 07:00:03MEDIUM (7)Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."00NETWORK
CVE‑2015‑17632015‑07‑14 23:59:02HIGH (9)Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Execution Vulnerability."00NETWORK
CVE‑2015‑17622015‑07‑14 23:59:01HIGH (7)Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka "SQL Server Remote Code Execution Vulnerability."00NETWORK
CVE‑2015‑17612015‑07‑14 23:59:00MEDIUM (7)Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of Privilege Vulnerability."00NETWORK
CVE‑2014‑40612014‑08‑12 21:55:08MEDIUM (7)Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service (daemon hang) via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun Vulnerability."00NETWORK
CVE‑2014‑18202014‑08‑12 21:55:07MEDIUM (4)Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."00NETWORK
CVE‑2012‑25522012‑10‑09 21:55:03MEDIUM (4)Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."00NETWORK
CVE‑2012‑18562012‑08‑15 01:55:01HIGH (9)The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."36NETWORK
CVE‑2012‑01582012‑04‑10 21:55:02HIGH (9)The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."00NETWORK
CVE‑2011‑12802011‑06‑16 20:55:02MEDIUM (4)The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."00NETWORK
...
...
Lavawall Computer Listing
Lavawall patch grid
Lavawall MSP Overview Dashboard
Lavawall patch grid

Get the IT stuff done that nobody wants to do.

Patch more applications, achieve compliance, and prevent problems while reducing stress with Lavawall®.

Security First

A security tool by security auditors. From Passkeys and Argon2i to source validation and MVSP principles, Lavawall® has you covered.

Constant Improvement

More features and more security added nearly every day.

More patchable programs added every week

While Ninite and other patching tools have had the same patch offerings for decades, we're monitoring stats to keep adding the most useful prorgams.

Details matter

From wrapping TLS communications in extra encryption and uninstalling remote support tools when they aren't used to detailed statistical analysis of system and network performance, Lavawall® goes in-depth.

Chromium extensions and Notification Validation

Lavawall®p; goes beyond patches and breach detection. We also monitor for risky Chromium extensions and allowed notifications that might be part of a phishing or ransomware attack.

Extended Cloud Security

Extend the security features of Cloudflare, Microsoft, Google, Sophos, and other cloud providers to create a Lavawall® of protection

Secure Remote Management

Even if you used breached remote management tools like ScreenConnect through Lavawall® when it was vulnerable, your computers stayed safe because we only install the agent when it needs to be used.

Integrations and automation

Easily deploy, monitor, and analyze security tools like Huntress, AutoElevate, and Sophos. Magically gain details from ZenDesk, ConnectWise, Datto, Panorama9, Microsoft, and Google.

Human and automated support

Get immediate fixes, user notifications, admin notifications -- and even security-certified human level 3 support when our advanced statistical analysis confirms a problem or anomaly.

We are constantly improving the Lavawall® tools to add more value. Some of our most recent changes include:
2024‑10‑300.12.8.195Mac update refinements
2024‑10‑250.12.3.190
2024‑10‑210.12.0.187Macos implementaiton, linux and windows improvements
2024‑10‑160.11.128.186Linux stats and system information improvements, improvements for application shutdown
2024‑09‑120.11.113.171CPU Optimizations and Packages reliability improvements
2024‑09‑050.11.106.164Phased deployment enhancements
2024‑09‑040.11.103.161
2024‑09‑020.11.102.160CPU Optimizations and Packages reliability improvements
2024‑08‑300.11.99.157CPU Optimizations and Packages reliability improvements
2024‑08‑290.11.98.156CPU utilization and console event optimization
2024‑08‑280.11.97.155Reliability to detect unusual updates like redistributables.
2024‑08‑270.11.96.154
2024‑08‑260.11.95.153Faster response for reboot requests
2024‑08‑200.11.92.150Additional package upgrade pre-requisites
2024‑08‑150.11.89.147
2024‑08‑060.11.87.145
2024‑07‑260.11.83.141Add resiliency for MAC duplicates and uptime
2024‑07‑250.11.82.140Changes to facilitate cross-platform use. Bitlocker and Windows key refinements
2024‑07‑150.11.80.138Antivirus and temperature added to configuration checks
2024‑07‑150.11.79.137Add configuration checks for execution policy and secure boot
2024‑07‑110.11.77.135load balancing refinements
2024‑07‑100.11.76.134Add additional load balancing and data residency capabilities, add randomness to recurring task timings to decrease server load
2024‑07‑050.11.74.132changes to graph and residual work on user imporsonation
2024‑07‑040.11.73.131Add configuration checks for execution policy and secure boot.
2024‑07‑030.11.72.130Enhanced event log monitoring
2024‑07‑020.11.71.129Add details to Windows updates, enhanced risk metrics for application patches
2024‑06‑190.11.65.123Update resiliancy and garbage collection
2024‑06‑130.11.60.118Enhanced logging
2024‑06‑120.11.55.113Include the primary drive serial number; MAC addresses for built-in wireless, Bluetooth, and ethernet into the device hash to restore uninstalled and reinstalled devices in cases where the motherboard serial is not unique
2024‑06‑070.11.54.112Patch and package uninstall data addition
2024‑06‑050.11.47.105refine per-user registry application listing
2024‑06‑020.11.45.103uninstall and reinstall refinements, refine local logging, refine self-update and uninstall timing
2024‑05‑300.11.21.79various bug fixes and improvements
2024‑05‑280.11.16.74Error logging, registration, and uninstall improvements.
2024‑05‑240.11.14.72applied changes for devices and login commands, changes for registration as well
2024‑05‑220.11.13.71Add Windows computer model, improve Operating System parsing
2024‑05‑210.11.11.69Added additional states for Windows update, flexibility for non-standard program file configurations, support for network diagrams at the switch level, details for Windows editions
2024‑05‑210.11.10.68Add specific cases for Defender patterns and Composer versions.
2024‑05‑170.11.3.61Change Log storage location to c:\program files\Lavawall
2024‑05‑170.11.1.59self-update improvements.
2024‑05‑160.8.0.55 error log reporting and management.
2024‑05‑150.7.0.54Websocket resiliency improvements
2024‑05‑090.6.0.53 Error log reporting and management.
2024‑05‑010.5.44.52Even more improvements to scheduler
2024‑04‑240.5.41.49Install compatibility with Sandbox
2024‑04‑220.5.21.29Project property changes to enable automated compilation with new features.
2024‑04‑200.5.20.28Add motherboard serial number and company reassignment
2024‑04‑110.5.4.12Automate release notes as part of build process
2024‑04‑030.5.3.11Websocket and service enhancements
2024‑03‑210.5.2.10Enhance zip file validation

Although the Linux agent code base is mature, dating back to 2006, we're still constantly improving it to add value and compatibility for new distributions. Some of our most recent changes include:
2024‑05‑20253Added cleanup of old .json files during a re-install
2024‑05‑13252Added apt-get update to install
2024‑05‑06248Allow restart to use /var/run/reboot-required if needrestart is not installed
2024‑04‑22239Improve internal update and version tracking
2024‑04‑15235Add support for Yum packages
2024‑04‑08233Align patching with Windows patch reporting
2024‑04‑02228Add support for needrestart
2024‑03‑04224Schedule restarts
2024‑03‑25221Add support for apt packages
2024‑03‑18212Implement release management
2024‑03‑11202Add user login monitoring
2024‑03‑04189Enhance installation reliability
2024‑02‑26187Exapand triggers to identify if the instance needs to be restarted
2024‑02‑19146Improve compatibility for non-AWS instances
2024‑02‑14138Add self-uninstall capabilities
2024‑02‑12135Enhance scheduling flexibility
2024‑02‑07132Add kernel version tracking
2024‑02‑05124Add device hash to cryptographic self-update script validation
2024‑01‑29107Enhance encryption of patch data
2024‑01‑2298Improve how available storage is calculated
2024‑01‑1597Move initial tasks from installation file to sub scripts
2024‑05‑2191Improve multi-distribution compatibility
2024‑05‑2179Improve encryption reliability
2023‑12‑1168Enhance cryptographic validation of new scripts before updating
2023‑11‑2062Add inner layer of AES encryption in case TLS inspection doesn't allow for a secure connection
2023‑11‑2756Additional base cases for resiliancy
2023‑11‑2054Additional headers added to authentication process during installation.
2023‑11‑2053Enhanced key management
2023‑11‑1551Add insecure installation parameter to allow installation in environments with TLS inspection or other machine-in-the-middle situations.
2023‑11‑0642Enhance redundant encryption during installation.
2023‑10‑3033Improve install-over compatibility
2023‑10‑2318Add reboot configuration and scheduling
2023‑10‑2317Add self-updating functionality.
2023‑10‑1615Add Linux patching information for apt
2023‑10‑0914Collect system information
2023‑10‑0913Add Linux distribution information
2023‑09‑3012Add memory monitoring
2023‑09‑3010Add hardware information
2023‑09‑239Add AWS information
2023‑09‑238Add customized schedule capability for configuration updates
2023‑09‑237Add support for package monitoring using package and dpkg logs
2023‑09‑166Add storage data configuration gathering
2023‑09‑165Add CPU information

Lavawall®'s data gathering approach started with Government and Fortune 50 information security audits. When our founder transitioned from audit and assurance work to a Managed IT Service Provider (MSP), he was shocked that basics like Multi-Factor Authentication were painful to implement in some RMMs like ConnectWise and it was impossible to turn off remote access services in others like Datto RMM and SuperOps.

Lavawall® was built from the ground up with these concerns and the Minimum Viable Secure Product requirements in mind.

Some of the controls we implemented include:
  • PassKeys as the preferred primary authentication at no additional cost
  • Single Sign-on using modern, maintained, and industry-standard protocols for all customers at no additional cost
  • Multi-Factor Authentication as a non-negotiable default
  • Encrypting communications the same way as TLS again within the TLS tunnel, so we can allow TLS inspection without breaking like Huntress or disclosing security vulnerabilities to eavesdroppers.
  • Encouraging external vulnerability reports and customer testing
  • Passwords checked against popular disclosed passwords, hashed before they leave your computer, and then stored using Argon2id
  • Not requiring the use of passwords at all. We consider them a temporary backup authentication in case you can't use passkeys or SSO.

Lavawall® scanning computers are on dedicated servers in Calgary, Alberta, Canada.
Lavawall® databases and front-end systems are hosted with AWS in Montréal, Québec, Canada.
We send emails through AWS in Ireland and dedicated servers in Calgary, Alberta, Canada.
We send text messages for additional identity verification through Twilio in the United States.
We store executables and pass requests through Cloudflare at your nearest edge location.
We use Cloudflare for risk management, turnstile, and web application firewall services.
We use LeadPages for landing pages.
We use Google and Facebook for analytics on our public-facing pages, but they do not have access to the console.
We integrate with third-party tools, such as Microsoft, Google, Huntress, Screen Connect, Axcient, and Datto in their respective locations. However, you must initiate these integrations through single sign-on or by enabling them in your Lavawall® console.

Active security by design

Lavawall® is under active development with the latest release on

5+

Interfaces

150+

Monitored Applications

7+

System Metrics

Actively manage your IT with Lavawall®

Patching

Updates Beyond Windows

Lavawall® prevents the 80% of breaches and failed audits due to missing patches and updates.
You can reduce application patching delays from 67 days to nearly immediate with the 150+ applications that Lavawall® monitors and patches.

Patch release monitoring
Monitor everything without having to select packages or “managed applications”
Patch impact classification
Standard and optional Windows patches
Lavawall patch grid
Application Patching

Some of the applications that Lavawall® monitors and audits include:

.NET updates
1Password
3CX Desktop App
3CXPhone for Windows
6.0 .NET Desktop Runtime
6.0 .NET Runtime
6.0 .NET SDK
6.0 ASP.NET Core Runtime
7-Zip
7.0 .NET Desktop Runtime
7.0 .NET Runtime
7.0 .NET SDK
7.0 ASP.NET Core Runtime
8.0 .NET Desktop Runtime
8.0 .NET Runtime
8.0 .NET SDK
8.0 ASP.NET Core Runtime
9.0 .NET Desktop Runtime
9.0 .NET Runtime
9.0 .NET SDK
9.0 ASP.NET Core Runtime
Acer Configuration Manager
Acer drivers and firmware
Acronis True Image
ActiveState Komodo Edit
Adblock Plus
Adobe Acrobat (64-bit)
Adobe Acrobat DC (64-bit)
Adobe Acrobat Pro
Adobe Acrobat Reader
Adobe Acrobat Reader DC
Adobe Creative Cloud
Adobe Creative Cloud
Adobe InDesign
Adobe Photoshop
Advanced IP Scanner
AIMP
Alienware Command Center Suite
Amazon Chime
Amazon Corretto 22
Amazon Games
Amazon Kindle
Amazon Music
Amazon Music
Anaconda3
AnyDesk Windows
Apache HTTP Server
Arduino USB Driver
ASUS drivers and firmware
Autodesk Advance Steel
Autodesk AutoCAD Architecture
Autodesk Revit
AutoElevate
Automatically Added Applications
Avaya Workplace
AWS Copilot CLI
AWS VPN Linux
AWS VPN MacOS
AWS VPN Windows
Axcient Backup Agent
Azure drivers and updates
Azure VPN Client
Bitdefender Endpoint
Bitwarden
Bitwarden Browser Extension
Bitwarden CLI
Bitwarden MacOS
Bitwarden Server
Bluebeam Revu
Brady Workstation
Brave Browser
Brother drivers and firmware
Burp Suite Beta
Burp Suite Enterprise Edition
Burp Suite Stable
Canon My Printer
Caseware Working Papers
CCleaner
Chocolatey
Chrome Remote Desktop
ChromeOS Platform
ChromeOS Stable
Citrix Workspace
Clean Your Device
Cloudflare WARP
Code::Blocks
Composer - PHP Dependency Manager
Conexant drivers and firmware
CrowdStrike Falcon
CrowdStrike Windows Sensor
CutePDF Writer
Datto Endpoint Backup
Datto RMM
Dell Command
Dell drivers and firmware
Dell iDRAC Service Module
Dell Optimizer
Dell Support Assist
DisplayLink Graphics Driver
Docker Desktop
docuPrinter Pro
DoxCycle
Dropbox
Dymo Connect
Dymo ID
Dymo Scale
Dynamo Core
Dynamo Revit
Elan drivers and firmware
Evernote
Evoluent drivers and firmware
ExpressConnect Drivers
FARO LS
FileZilla Client
FileZilla Server
Firefox
Foobar2000
Formit
FortiClient VPN
FreeCAD
Garmin drivers and firmware
GIMP
Git
GitHub Desktop
Glance Client
Glance Guest
GN Audio drivers and firmware
Go Language
Go Programming Language
Google Chrome
Google Drive
Google Earth
GoTo 4
GoTo Desktop App
GoTo Meeting Desktop App
GoTo Opener
GoTo Resolve Desktop Console
GoToAssist Expert
Grammarly MacOS
GrampsAIO64
Heidi Eraser
HeidiSQL
HP Click
HP drivers and firmware
HP I.R.I.S. OCR
HP OCR
HP Scan Basic Device Software
Huntress Agent
Huntress Rio
ICS
Inkscape
Intel drivers and firmware
IrfanView
IronPython
ITE Tech drivers and firmware
iTunes
Java 8
KeePass Password Safe 1
KeePass Password Safe 2
Krisp Ai Meeting Manager
LastPass Desktop (Installed)
LastPass Desktop (MS Store)
Lenovo Commercial Vantage
Lenovo drivers and firmware
Lenovo System Update
Lenovo Update Retriever
Lenovo Vantage
Lexmark drivers and firmware
Lexmark International Printer
LibreOffice
libusb-win32 drivers
Local Administrator Password Solution
Logi Bolt
Logitech drivers and firmware
Loom
Magic Control Technology drivers and firmware
ManageEngine ADSelfService
MAXtoA
Microsoft Defender
Microsoft Defender Engine
Microsoft Defender Engine Version
Microsoft Defender Platform
Microsoft Defender Platform Version
Microsoft Defender Version
Microsoft Dynamics Station 1
Microsoft Dynamics Station 2
Microsoft Dynamics Station 3
Microsoft Dynamics Station 4
Microsoft Dynamics Station 5
Microsoft Dynamics Station 6
Microsoft Edge
Microsoft Malicious Software Removal
Microsoft OneDrive
Microsoft PowerBI Desktop (x64)
Microsoft Teams
Microsoft Teams Classic
Microsoft Teams Free
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2013 Redistributable (x64)
Microsoft Visual C++ 2015-2019 Redistributable (x64)
Microsoft Visual C++ 2017 Redistributable (x86)
Microsoft Visual Studio Code
Microsoft.UI.Xaml.2.7
Microsoft.UI.Xaml.2.8
MozBackup
Mozilla Maintenance Service
MySQL Community Server
MySQL Workbench
Nmap
Node.js LTS
NordPass
NordVPN
Norton 360
Norton Secure VPN
Norton Security
Notepad++
Nox APP Player
NV Access
NVIDIA GeForce Experience
NVIDIA Graphics Driver
NVIDIA PhysX System Software
OBS Studio
Obsidian
OpenOffice
OpenShot Video Editor
OpenSSL
OpenVPN Connect v2
OpenVPN Connect v3
Palisade @RISK Platform
Panorama9
PDF Architect
PeaZip
Perimeter 81
Pidgin
Plex Media Server
PostgreSQL 12
PostgreSQL 13
PostgreSQL 14
PostgreSQL 15
PostgreSQL 16
Postman x86_64
PowerBI Desktop
ProFile
Pulse Secure
PuTTY
Python 3.11
Python 3.12
Python Launcher
Pythonnet
qBittorrent
QuickBooks Premier
Raspberry Pi Imager
Reaktek Audio Driver
Realtek drivers and firmware
RealVNC Server
RealVNC Viewer
reMarkable
Remote Access
RICOH drivers and firmware
RingCentral
Room Sketcher
SafeNet Authentication
Safenet drivers and firmware
Sage 50 Accounting
ScanSnap Home
ScanSnap Manager
ScreenConnect
ScreenConnect Client
ShowMyPC
SketchUp
Skype
Skype for Business
Slack
Sonos Controller
Sophos Endpoint Agent
SourceTree
SQL Server 2019
SQL Server 2022
SunplusIT drivers and firmware
superpowered.me
Symantec AgentInstall
Symantec WSS Agent
Synology Acvtive Backup for Business
Synology Assistant
TaxCycle
Teamviewer
Tenable Nessus
Tenorshare
Thunderbird
TightVNC
Titus Classification
TriGrid Windows Connector
Trillian
TrueCrypt
TruGrid Windows Connector
TunnelBear
U.S. Robotics Corporation Model 5637 Voice Driver
Umbrella Roaming Client
UXP WebView
VeraCrypt
Visual Studio 2013
Visual Studio 2015
Visual Studio 2017
Visual Studio 2019
Visual Studio 2022
VLC
VMware Player
VMware Tools
Webex Cisco Windows
Wildix Collaboration
Wildix Integration Service
Windows Defender updates
Windows PC Health Check
WinPcap
WinRAR
WireGuard
Wireshark
X Split Gamecaster
Xerox WorkCentre
XnResize
XnView Classic
XnView MP
Xprotect
Yarn
Yubikey Manager
Zebra Setup Utilities
Zebra Status Monitor
Zed Attack Proxy (ZAP)
Zoom
Zoom Workspace
Zwift
Logos, products, trade names, and company names are all the property of their respective trademark holders.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.

Learn More
Flexible Term; Flexible Service

Flexibility for your dynamic business

You need to get your arms around compliance and security and don't want to get locked into “high watermark” monthly invoices or multi-year contracts.

Pay-as-you-need monthly pricing

DIY, full management, and coaching options

CMMI, PCI, SOC2, Canadian Cybersecurity, Minimum Viable Secure Product, and other compliance support

Choose the plan that's right for you

Simple pricing. No hidden fees. Advanced features for you business.

Month
Annual

Get 2 months free with Annual!
DIY

Security-focused RMM

C$3.25 /computer/Month

C$32.50 /computer/Year

  • 1 computer
    or 1 of the following cloud integrations:
    AWS, Axcient, Connectwise, Datto, Google, Huntress, M365, Sophos Central integrations
    (each integration counts as 1 computer)
  • 150+ application patches
  • 30-day Logs
  • Security configuration monitoring
  • Anomaly detection
  • CMMI, MVSP, CyberCanda compliance
  • Lavawall® support
  • Sophos MDR: C$13.50/desktop
    Sophos MDR: C$162/desktop
  • Huntress: C$5.40/device
    Huntress: C$64.80/device
  • Available white-label support for end users
  • Level 3+ IT support for IT
  • Weekly IT coaching sessions
Popular
Managed Security & Support

Unlimited end-user support

C$160 /user/Month

C$1,600 /user/Year

  • 1 computer/user
    Additional devices charged at DIY prices
  • AWS, Axcient, Connectwise, Datto, Google, Huntress, M365, Sophos Central integrations
  • 150+ application patches
  • 90-day Logs
  • Security configuration monitoring
  • Anomaly detection
  • CMMI, MVSP, CyberCanda compliance
  • Lavawall® support
  • Sophos MDR Essentials
  • Huntress
  • White-label email and phone support for end users
  • Level 3+ IT support for IT
  • Weekly IT coaching sessions
  • Automatic discount and upgrade to Support & Coaching after 15 users
Support & Coaching

Improve your IT performance

$2,250 /Month

$22,500 /Year

  • 25 computers included
    Additional computers charged at DIY prices
  • AWS, Axcient, Connectwise, Datto, Google, Huntress, M365, Sophos Central integrations
  • 150+ application patches
  • 90-day Logs
  • Security configuration monitoring
  • Anomaly detection
  • CMMI, MVSP, CyberCanda compliance
  • Lavawall®-only support
  • Sophos MDR Essentials
  • Huntress
  • White-label email and phone support for 15 users included Additional: C$150/user Additional: C$1,500/user
  • L3 IT support for IT
  • Weekly IT coaching sessions

Frequently Asked Questions

If you can not find answer to your question in our FAQ, you can always contact us or email us. We will answer you shortly!

General Questions

The three big catalysts for Lavawall® were:
  1. Two years after a missing Plex Media Server led to the LastPass breach, the Remote Monitorign and Management (RMM) tools availabel for Manged IT Service Providers (MSPs) still didn't monitor for it.
    Going through industry-specific applications, we noticed many were missing from the big RMM and patching providers. MSPs, insurance providers, and organizations that put their cleints at risk need to know about these risks, which lead to the largest number of critical audit findings and breaches
  2. After 20 years of writing the same audit findings about system configurations, Payment Card Industry (PCI) compliance, and missing patches, our technical co-founder wanted to make it easier fo avoid these findings
  3. The existing risk visibility tools for insurance underwriters took a shallow look at Internet-facing risks. They -- along with all businesses -- need a deeper view of the threats that could actually lead to breaches.

Lavawall® breaks vulnerabilities into the following groups:
  • Domain risks
  • Operating System (OS) patches
  • Application patches
  • Network vulnerabilities
  • Cloud vulnerabilities
  • OS configurations

We are currently building more third-party interfaces. Current interfaces include:
  • Axcient*
  • Cloudflare
  • Connectwise Screen Connect
  • Datto RMM
  • FreshDesk*
  • Huntress
  • Microsoft 365
  • Panorama9
  • ZenDesk
*In limited release/development

Yes!
You can use your own logo for the console and notifications. You can also use a CNAME to automatically brand your console.
Note: you cannot currently re-proxy the CNAME to Lavawall® through Cloudflare.
Privacy & Security

We encourage primary authentication for Lavawall® through Passkeys or Single Sign On (SSO).
However, we do allow passwords and use passwords as part of the zero-knowledge encryption for your clients' sensitive data, such as Bitlocker keys and Personally-Identifiable Information (PII).
These passwords use Argon2id slow hashes with individual salts and peppers.

Yes! Lavawall communicates with its endpoints through TLS. However, given that many of our clients want to be as secure as possible and have TLS inspection enabled, we allow for "insecure" connections with invalid certificates, which result from such configurations.
We have added an additional secure tunnel that mimics the TLS process within the public TLS tunnel. This extra tunnel provides authentication and privacy for the workstations and the Lavawall® servers to prevent attacks such as the one that took down Solar Winds.

We do not enable remote access tools like ScreenConnect unless you authorize them and are logged in. Lavawall® was not vulnerable to the ScreenConnect vulnerability because we install and uninstall it right before it's used. In addition, we give the option of linking to Access.

Remote access is not enabled for read-only and audit situations.

Lavawall®'s designer holds a CISSP and CISA. In addition, we have external and internal security reviews.

Get In Touch

Have a quick question and don't want to talk? Send us a quick note with the form below and we'll reply within one business day.

NW Calgary:
(By Appointment Only)
ThreeShield Information Security Corporation
600 Crowfoot Crescent N.W., Suite 340
Calgary, Alberta
T3G 0B4
SE Calgary:
(By Appointment Only)
ThreeShield Information Security Corporation
105, 11500 - 29th St. SE
Calgary, Alberta
T2Z 3W9
Canada
Phone
+1-403-538-5053
Sales Hours:
9:00am to 5:00pm Mountain Time
Support Hours:
7:00am to 7:00pm Mountain Time
On-Call Support Hours:
24/7

Monitor the real security risks with Lavawall®