Information About Microsoft Out-of-Band Security Bulletins.

Slides:

Advertisements

Similar presentations

Patch Management Patch Management in a Windows based environment

Advertisements

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Dial In Number Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

Getting Ahead: Integrating Development and Response for Improved Security Steven B. Lipner Director of Security Engineering Strategy Security Business.

Information for Developers Windows XP Service Pack 2 Information for Developers.

Monthly Security Bulletin Briefing

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Internet Explorer 7 Security Features Steve Lamb Technical Security Microsoft Ltd

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Dial In Number Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.

IT:Network:Microsoft Applications

Dial In Number Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.

Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Microsoft ® Official Course Module 9 Configuring Applications.

Information About Microsoft Project and Project Server Cumulative December Update Adrian Jenkins Support Escalation Engineer Microsoft Corporation 1 Brian.

九月份資訊安全公告 Sep 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師台灣微軟技術支援處.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Dial In Number Pin: 3959 Information About Microsoft December 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Information for Developers Windows XP Service Pack 2 Information for Developers Tony Goodhew Product manager Developer Division Microsoft Corp

2 New Security Bulletins and AdvisoriesNew Security Bulletins and Advisories –1 New Security Advisory –1 New Critical Bulletin –1 New Moderate Bulletin.

Dial In Number Pin: 3959 Information About Microsoft August 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Dial In Number Pin: 3959 Information About Microsoft’s January 2013 Out-of-Band Security Bulletin Jonathan Ness Security Development Manager.

Dial In Number Pin: 5639 Information About Microsoft January 2012 Security Bulletins Dustin Childs Sr. Security Program Manager, MSRC Microsoft.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Dial In Number Pin: 3959 Information About Microsoft November 2012 Security Bulletins Jeremy Tinder Security Program Manager Microsoft Corporation.

Dial In Number Pin: 5453 Information About Microsoft June 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft Corporation.

Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.

®® Microsoft Windows 7 Windows Tutorial 5 Protecting Your Computer.

1 © 2004, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Using Internet Explorer 7.0 to Access Cisco Unity 5.0(1) Web Interfaces Unity 5.0(1)

Dial In Number Pin: 3959 Information About Microsoft January 2013 Security Bulletins Andrew Gross Senior Security Program Manager Microsoft.

1 © 2004, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Support for Vista Unity 5.0(1)

二月份資訊安全公告 Feb 16, 2007 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師台灣微軟技術支援處.

Dial In Number Pin: 0336 Information About Microsoft February 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

WEBCAST SCHEDULE Today’s event will run one-hour long. Here are the expected times for each segment of the Webcast:  :00 – :05: Moderator introduces the.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Windows XP Service Pack 2 Customer Awareness Workshop XP SP2 Technical Drilldown – Part 1 Craig Schofield Microsoft Ltd. UK September.

FIREWALL. The member in group 1. Bhummikorn M.2/5 No.5 2.Borwornrat Khrongsiriwat M.2/5 No.6 3. Panaphon sangobsakun M.2/5 No.20 4.Kalint Muangsornkeaw.

十二月份資訊安全公告 Dec 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師台灣微軟技術支援處.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師台灣微軟技術支援處五月份資訊安全公告 May 10, 2007.

一月份資訊安全公告 Jan 15, 2007 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師台灣微軟技術支援處.

Writing Security Alerts tbird Last modified 2/25/2016 8:55 PM.

Internet Explorer 7 Updated Advice for the NHS 04 February 2008 Version 1.3.

Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Customizing the Browser Deploying IE10 Browser Management App Compat.

Windows Vista Configuration MCTS : Internet Explorer 7.0.

Information About Microsoft’s August 2004 Security Bulletins August 13, 2004 Feliciano Intini, CISSP, MCSE Security Advisor Premier Security Center Microsoft.

十月份資訊安全公告 Oct 12, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師台灣微軟技術支援處.

WannaCrypt Ransomeware Customer Guidance

WannaCry/WannaCrypt Ransomware

WannaCry/WannaCrypt Ransomware

Severity and Exploitability Index

5/12/2019 2:57 PM © Microsoft Corporation. All rights reserved.

Using Software Restriction Policies

Chapter 9: Configuring Internet Explorer

Presentation transcript:

Information About Microsoft Out-of-Band Security Bulletins

What We Will Cover Review of Out-of-Band release:Review of Out-of-Band release: –New Security Bulletin –New Security Advisory ResourcesResources Questions and answersQuestions and answers

MS10-002: Cumulative Security Update for Internet Explorer (978207) CVESeverityExploitabilityCommentNote CVE Moderate1 Consistent exploit code likely. RCE Responsibly disclosed CVE Critical1 Consistent exploit code likely. RCE Responsibly disclosed CVE Critical1 Consistent exploit code likely. RCE Responsibly disclosed CVE Critical1 Consistent exploit code likely. RCE Responsibly disclosed CVE Critical1 Consistent exploit code likely. RCE Responsibly disclosed CVE Critical1 Consistent exploit code likely. RCE Responsibly disclosed CVE Critical1 Consistent exploit code likely. RCE Responsibly disclosed CVE Critical1 Consistent exploit code likely. RCE Publicly disclosed Affected Products All currently supported versions of Windows and Internet Explorer Deployment Priority 1 Main Target Workstations and Terminal Servers Possible Attack Vectors An attacker could host a specially crafted website designed to exploit these vulnerabilities through Internet Explorer.An attacker could host a specially crafted website designed to exploit these vulnerabilities through Internet Explorer. This constitutes a browse and own scenario.This constitutes a browse and own scenario. Impact of Attack An attacker who successfully exploited this vulnerability would gain the same rights as the logged on user.An attacker who successfully exploited this vulnerability would gain the same rights as the logged on user. Mitigating Factors An attacker would have no way to force a user to visit their malicious website.An attacker would have no way to force a user to visit their malicious website. By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration.By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e- mail messages in the Restricted sites zone.By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e- mail messages in the Restricted sites zone. Additional Information We are aware of targeted attacks against IE 6.We are aware of targeted attacks against IE 6. Windows Server when installed using server core is not affected.Windows Server when installed using server core is not affected.

Security Advisory : Vulnerability in Windows Could Allow an Elevation in Privilege Microsoft is investigating new public reports of a vulnerability in the Windows kernel. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.Microsoft is investigating new public reports of a vulnerability in the Windows kernel. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. Microsoft released Security Advisory to provide mitigations and workarounds for this vulnerability.Microsoft released Security Advisory to provide mitigations and workarounds for this vulnerability. Microsoft is currently working towards an update to address this vulnerability.Microsoft is currently working towards an update to address this vulnerability. Mitigating Factors:Mitigating Factors: –An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. –Windows operating systems for x64-based and Itanium-based computers are not affected. Workaround: Disable the NTVDM subsystem (users will not be able to run 16-bit applications)Workaround: Disable the NTVDM subsystem (users will not be able to run 16-bit applications)

Bulletin Windows Update Microsoft Update MBSA WSUS 3.0 SMS 2003 with SUIT SMS 2003 with ITMU SCCM 2007 MS YesYesYesYes No 1 YesYes 1.Yes for Internet Explorer 6.0 only in Windows XP SP2, Windows XP SP3 and Windows Server 2003 SP2 Detection & Deployment

Other Update Information BulletinRestartUninstallReplaces MS YesYesMS09-072

Resources Blogs Microsoft Security Response Center (MSRC) blog: Security Response Center (MSRC) blog: Security Research & Defense blog: Research & Defense blog: Microsoft Malware Protection Center Blog: Malware Protection Center Blog: Bulletins, Advisories, Notifications & Newsletters Security Bulletins Summary: mspxSecurity Bulletins Summary: mspx mspx mspx Security Bulletins Search: Bulletins Search: Security Advisories: Advisories: Microsoft Technical Security Notifications: Technical Security Notifications: Microsoft Security Newsletter: Security Newsletter: Security Centers Microsoft Security Home Page: Security Home Page: TechNet Security Center: Security Center: MSDN Security Developer Center: Security Developer Center: Other Resources OOB Update Resources:OOB Update Resources: –IT Pro/Enterprise Guidance: –Consumer Guidance: Update Management Process chmanagement/secmod193.mspxUpdate Management Process chmanagement/secmod193.mspx chmanagement/secmod193.mspx chmanagement/secmod193.mspx Microsoft Active Protection Program Partners: mspxMicrosoft Active Protection Program Partners: mspx mspx mspx

Questions and Answers Submit text questions using the “Ask” button.Submit text questions using the “Ask” button. Don’t forget to fill out the survey.Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC Blog: recording of this webcast will be available within 48 hours on the MSRC Blog: Register for next months webcast at: for next months webcast at: