Presentation is loading. Please wait.

Presentation is loading. Please wait.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Published byGilbert Strickland Modified over 8 years ago

Similar presentations

Presentation on theme: "To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in."— Presentation transcript:

1

2 To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in Information: - 1 (877) 593-2001 Pin: 3959

3 Review of November 2013 Bulletin Release Information - Eight New Security Bulletins - Three New Security Advisories - Two Updated Security Advisories - Microsoft Windows Malicious Software Removal Tool Changes to TechNet Security Resources Questions and Answers: Please Submit Now - Submit Questions via Twitter #MSFTSecWebcast

4 Severity & Exploitability Index Exploitability Index 1 RISK 2 3 DP11122233 Severity Critical IMPACT Important Moderate Low MS13-088MS13-089MS13- 090MS13-091MS13-092MS13-093MS13-094MS13-095 Internet Explorer ActiveX Kill Bits Windows GDI XML Digital Signatures Office Windows AFD Outlook Hyper-V

5 Bulletin Deployment Priority

6 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3912 CVE-2013-3914 CVE-2013-3915 CVE-2013-3916 Critical11Remote Code ExecutionCooperatively Disclosed CVE-2013-3917 Critical12Remote Code ExecutionCooperatively Disclosed CVE-2013-3871 CVE-2013-3910 CVE-2013-3911 CriticalNA1Remote Code ExecutionCooperatively Disclosed CVE-2013-3908 CVE-2013-3909 ImportantNA3Information DisclosureCooperatively Disclosed Affected Products IE6 – IE11 on all supported versions of Windows Client (except for IE11 on Windows 7) IE6 – IE10 on all supported versions of Windows Server IE11 on all supported versions of Windows Server (except Windows Server 2008 R2) Affected ComponentsInternet Explorer Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could use active scripting to initiate the print preview of a specially crafted webpage. (CVE-2013-3908) In a web-based attack scenario, an attacker could take advantage of compromised websites and websites that accept or host user-provided content or advertisements. (All CVEs) An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. (CVE-2013-3909, CVE-2013-3871, CVE-2013-3910, CVE-2013-3911, CVE-2013-3912, CVE-2013-3914, CVE-2013-3915, CVE-2013- 3916, CVE-2013-3917) MS13-088: Cumulative Security Update for Internet Explorer (2888505)

7 Impact of Attack An attacker could gather information from any page that the victim is viewing. (CVE-2013-3908) When a user views a webpage, an attacker could view content from another domain or Internet Explorer zone other than the domain or zone of the attacker's webpage. (CVE-2013-3909) An attacker could gain the same user rights as the current user. (CVE-2013-3871, CVE-2013-3910, CVE-2013-3911, CVE-2013-3912, CVE-2013-3914, CVE-2013-3915, CVE-2013-3916, CVE-2013- 3917) Mitigating Factors If active scripting is disabled in the victims browser, an attacker would have to convince the victim to manually initiate a print preview of a specially crafted webpage. (CVE-2013-3908) An attacker cannot force users to visit the attacker-controlled websites or view the attacker-controlled content. (All CVEs) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. (CVE-2013-3871, CVE-2013-3910, CVE- 2013-3911, CVE-2013-3912, CVE-2013-3914, CVE-2013-3915, CVE-2013-3916, CVE-2013-3917) By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. (CVE-2013-3871, CVE-2013-3910, CVE-2013-3911, CVE-2013- 3912, CVE-2013-3914, CVE-2013-3915, CVE-2013-3916, CVE-2013-3917) Additional Information Installations using Server Core are not affected. The 2888505 update is available for Internet Explorer 11 Preview for Windows 8.1 Preview and Windows RT 8.1 Preview. Customers with Internet Explorer 11 Preview are encouraged to apply the updates to their systems. The updates are available on Windows Update. In addition to the changes that are listed in the Vulnerability Information section of this bulletin, this update includes defense-in-depth updates to help improve security-related features in Internet Explorer. MS13-088: Cumulative Security Update for Internet Explorer (2888505) continued….

8 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3940Critical1 1Remote Code ExecutionCooperatively Disclosed Affected ProductsAll supported versions of Windows Client and Windows Server Affected ComponentsWindows Graphics Device Interface (GDI) Deployment Priority1 Main TargetWorkstations and terminal servers Possible Attack Vectors In a web-based attack scenario, an attacker could host a website that contains a specially crafted Windows Write file that is used to attempt to exploit this vulnerability. The attacker could take advantage of compromised websites and websites that accept or host user- provided content. Impact of AttackAn attacker could gain the same user rights as the current user. Mitigating Factors The vulnerability cannot be exploited automatically through email. For an attack to be successful a user must open an attachment that is sent in an email message. An attacker would have no way to force users to view attacker-controlled content and open a specially crafted file. Additional Information Installations using Server Core are affected. The 2876331 update is available for Windows 8.1 Preview, Windows RT 8.1 Preview, and Windows Server 2012 R2 Preview. Customers running these operating systems are encouraged to apply the update to their systems. The update is available on Windows Update. MS13-089: Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)

9 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3918Critical11Remote Code ExecutionCooperatively Disclosed Affected ProductsAll supported versions of Windows ClientAll supported versions of Windows Server Affected ComponentsActiveX Kill Bits Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. An attacker could take advantage of compromised websites and websites that accept or host user- provided content or advertisements. Impact of AttackAn attacker could gain the same user rights as the current user. Mitigating Factors An attacker would have no way to force users to view attacker-controlled content. By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Additional Information Installations using Server Core are not affected. Microsoft is aware of limited, targeted attacks that attempt to exploit this vulnerability. The 2900986 update is available for Windows 8.1 Preview and Windows RT 8.1 Preview. Customers running these operating systems are encouraged to apply the updates to their systems. The updates are available on Windows Update. MS13-090: Cumulative Security Update of ActiveX Kill Bits (2900986)

10 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-0082ImportantNA3Remote Code ExecutionCooperatively Disclosed CVE-2013-1324Important11Remote Code ExecutionCooperatively Disclosed CVE-2013-1325ImportantNA1Remote Code ExecutionCooperatively Disclosed Affected ProductsAll supported versions of Microsoft Office Affected ComponentsMicrosoft Office Deployment Priority2 Main TargetWorkstations Possible Attack Vectors Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. (All CVEs) In an email attack scenario, an attacker could send a specially crafted file to the user and convince the user to open the file in an affected version of Microsoft Office software. (All CVEs) In a web-based attack scenario, an attacker could host a website that contains a specially crafted WordPerfect document file that is used to attempt to exploit this vulnerability. (All CVEs) An attacker could take advantage of compromised websites and websites that accept or host user-provided content that contain specially crafted content. (All CVEs) Impact of AttackAn attacker could run arbitrary code in the context of the current user. (All CVEs) Mitigating Factors The vulnerability cannot be exploited automatically through email. For an attack to be successful a user must open an attachment that is sent in an email message. (All CVEs) An attacker would have no way to force users to view attacker-controlled content and open a specially crafted file. (All CVEs) Additional Information Although updates are available for Microsoft Office 2010 Service Pack 2, the software is not affected by the vulnerabilities described in this bulletin. Users who choose not to apply the updates for Microsoft Office 2010 Service Pack 2 will not increase the security risk of their system. However, Microsoft recommends that users install all updates offered to their systems. This helps to maintain consistency for shared files across Office products. MS13-091: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)

11 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3898ImportantNA1Elevation of PrivilegeCooperatively Disclosed Affected ProductsWindows 8 for 64-bit Systems and Windows Server 2012 Affected ComponentsHyper-V Deployment Priority2 Main TargetAny affected system running the affected versions of Hyper-V Possible Attack Vectors An authenticated attacker with administrator privileges on the source VM could exploit this vulnerability by passing a specially crafted function parameter in a hypercall to the host hypervisor. Impact of Attack An attacker could cause the Hyper-V host to crash, subsequently causing the guest VMs to crash as well. An attacker could also potentially execute code on another guest VM. For this to be possible, the target VM must be on the same host as the VM from which the attacker is operating. Mitigating FactorsMicrosoft has not identified any mitigating factors for this vulnerability. Additional InformationInstallations using Server Core are affected. MS13-092: Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)

12 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3887ImportantNA3Information DisclosureCooperatively Disclosed Affected Products All supported 64-bit editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 Affected ComponentsWindows Ancillary Function Driver (AFD) Deployment Priority2 Main TargetItanium- and x64-based workstations Possible Attack Vectors An attacker would have to log on to an affected system as a local user and run a specially crafted application that is designed to enable the attacker to obtain information from a higher- privileged account. Impact of Attack An attacker could disclose information from kernel memory on the local system. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. Mitigating Factors An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Additional Information Installations using Server Core are affected. Although the RTM editions of Windows 8.1 for 64-bit Systems and Windows Server 2012 R2 are not affected by the vulnerability addressed in this bulletin, the 64-bit Preview editions are affected. Therefore, customers running Windows 8.1 Preview for 64-bit Systems or Windows Server 2012 R2 Preview are encouraged to apply the 2875783 update to their systems. The update is available on Windows Update. MS13-093: Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)

13 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3905Important33Information DisclosurePublicly Disclosed Affected ProductsAll supported versions of Microsoft Outlook (except Microsoft Outlook 2003) Affected ComponentsMicrosoft Outlook Deployment Priority3 Main TargetWorkstations Possible Attack Vectors Exploitation of this vulnerability requires that a user open or preview a specially crafted email message with an affected version of Microsoft Outlook. In an email attack scenario, an attacker could send a specially crafted S/MIME certificate in an email message to the user, and then convince the user to preview or open the email. Impact of Attack An attacker could ascertain system information, such as the IP address and open TCP ports, from the target system and other systems that share the network with the target system. Mitigating FactorsMicrosoft has not identified any mitigating factors for this vulnerability. Additional Information In addition to the changes that are listed in the Vulnerability Information section of this bulletin, this update adds the functionality to specify, via a registry key setting, whether or not Microsoft Outlook will retrieve remote certificates referenced in an Authority Information Access (AIA) extension. For more information about this change, see Microsoft Knowledge Base Article 2894514. MS13-094: Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)

14 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3869Important33Denial of ServiceCooperatively Disclosed Affected ProductsAll supported versions of Windows Client and Windows Server Affected ComponentsXML Digital Signatures Deployment Priority3 Main TargetServers Possible Attack Vectors An attacker could send a specially crafted X.509 certificate to a web service that performs certificate validation. Impact of Attack An attacker could cause the web service performing certificate validation to become non- responsive. Mitigating FactorsMicrosoft has not identified any mitigating factors for this vulnerability. Additional InformationInstallations using Server Core are affected. MS13-095: Vulnerability in XML Digital Signatures Could Allow Denial of Service (2868626)

15 Microsoft Security Advisory (2862152): Vulnerability in DirectAccess Could Allow Security Feature Bypass - Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how DirectAccess authenticates DirectAccess server connections to DirectAccess clients. - An attacker who successfully exploited the vulnerability could use a specially crafted DirectAccess server to pose as a legitimate DirectAccess Server in order to establish connections with legitimate DirectAccess clients. The attacker-controlled system, appearing to be a legitimate server, could cause a client system to automatically authenticate and connect with the attacker-controlled system, allowing the attacker to intercept the target user's network traffic and potentially determine their encrypted domain credentials. Microsoft is not aware of any active attacks that are exploiting this vulnerability as of the release of this advisory. Recommendation: Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

16 New Microsoft Security Advisories Microsoft Security Advisory (2868725): Update for Disabling RC4 - Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012 and Windows RT to address known weaknesses in RC4. The update supports the removal of RC4 as an available cipher on affected systems through registry settings. It also allows developers to remove RC4 in individual applications through the use of the SCH_USE_STRONG_CRYPTO flag in the SCHANNEL_CRED structure. These options are not enabled by default. Recommendation: Microsoft recommends that customers download and install the update immediately and then test the new settings in their environments. Please see the Suggested Actions section of this advisory for more information.

17 New Microsoft Security Advisories Microsoft Security Advisory (2880823): Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA- 1 hashing algorithm for the purposes of SSL and code signing after January 1, 2016. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. Recommendation: Microsoft recommends that certificate authorities no longer sign newly generated certificates using the SHA-1 hashing algorithm and begin migrating to SHA-2. Microsoft also recommends that customers replace their SHA-1 certificates with SHA-2 certificates at the earliest opportunity. Please see the Suggested Actions section of this advisory for more information.

18 Updated Microsoft Security Advisories Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - On November 12, 2013, Microsoft released an update (2898108) for Internet Explorer 10 on all supported editions of Windows 8, Windows Server 2012 and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-26. For more information about this update, including download links, see Microsoft Knowledge Base Article 2898108.APSB13-26 Notes: The update for Windows RT is available via Windows Update only. The update is also available for Internet Explorer 11 Preview in Windows 8.1 Preview and Windows RT 8.1 Preview releases. The update is available via Windows Update.

19 Updated Microsoft Security Advisories Microsoft Security Advisory (2854544): Updates to Improve Cryptography and Digital Certificate Handling in Windows - Microsoft released an update (2868725) for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT to address known weaknesses in RC4. The update supports the removal of RC4 as an available cipher on affected systems through registry settings. It also allows developers to remove RC4 in individual applications through the use of the SCH_USE_STRONG_CRYPTO flag in the SCHANNEL_CRED structure. These options are not enabled by default. After applying the update, Microsoft recommends that customers test any new settings for disabling RC4 prior to implementing them in their environments. For more information, see Microsoft Security Advisory 2868725. - Microsoft announced a policy change to the Microsoft Root Certificate Program for the deprecation of the SHA-1 hashing algorithm in X.509 digital certificates. For more information, see Microsoft Security Advisory 2854544. Microsoft Confidential – For Internal Use Only

20 Detection & Deployment 1.MBSA 2.2 does not support detection on Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012 and Windows Server 2012 R2. The MBSA 2.3 Customer Preview has concluded. The final release will add support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2.MBSA 2.3 Customer Preview 2.Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store.

21 Other Update Information

22 Windows Malicious Software Removal Tool (MSRT) During this release, Microsoft will add detection capability for the following families in the MSRT: - Win32/Deminnix - A family of trojans that perform bitcoin mining on an affected system and may modify the user’s browser settings.Win32/Deminnix - Win32/Napolar - A family of trojans that performs file download, DDoS attack, network traffic monitoring for FTP/POP3/Web credentials, and also deploys user-mode rootkit for hiding its presence.Win32/Napolar Available as a priority update through Windows Update or Microsoft Update Offered through WSUS 3.0 or as a download at: www.microsoft.com/malwareremove

23

24

25 Submit text questions using the “Ask” button. Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC blog. http://blogs.technet.com/msrc Register for next month’s webcast at: http://microsoft.com/technet/security/current.aspx

26

Download ppt "To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Installation & User Guide

Installation & User Guide
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
NETOP REMOTE CONTROL What’s new in version 9.5? DECEMBER 09 NETOP REMOTE CONTROL1.

NETOP REMOTE CONTROL What’s new in version 9.5? DECEMBER 09 NETOP REMOTE CONTROL1.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number 1-800-227-8104 Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.

Dial In Number Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.
Dial In Number 1-800-229-0449 Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.

Dial In Number Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.
Dial In Number 1-800-227-8104 PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Similar presentations

Ads by Google