Presentation is loading. Please wait.

Presentation is loading. Please wait.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Published byAntony Peters Modified over 8 years ago

Similar presentations

Presentation on theme: "To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in."— Presentation transcript:

1

2 To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in Information: - 1 (877) 593-2001 Pin: 3959

3 Review of July 2013 Bulletin Release Information - Seven New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software Removal Tool Resources Questions and Answers: Please Submit Now - Submit Questions via Twitter #MSFTSecWebcast

4 Severity & Exploitability Index Exploitability Index 1 RISK 2 3 DP2121223 Severity Critical IMPACT Important Moderate Low MS13-052MS13-053MS13-054MS13-055MS13-056MS13-057MS13-058.NET Framework/Silverlight GDI+ Kernel-Mode Drivers Internet Explorer Windows Defender Media Format Runtime DirectShow

5 Bulletin Deployment Priority

6 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3129Critical11Remote Code ExecutionCooperatively Disclosed CVE-2013-3131Critical22Remote Code ExecutionPublically Disclosed CVE-2013-3132Important33Elevation of PrivilegeCooperatively Disclosed CVE-2013-3133Important33Elevation of PrivilegeCooperatively Disclosed CVE-2013-3134Critical22Remote Code ExecutionPublically Disclosed CVE-2013-3171Important33Elevation of PrivilegeCooperatively Disclosed CVE-2013-3178Important11Remote Code ExecutionCooperatively Disclosed Affected Products Severity levels are aggregate, please see update document for specifics:.NET Framework 2.0, 3.0, 4, 3.5, 3.5.1, and 4.5 on all supported versions of Windows Client and Windows Server; All editions of Silverlight 5, to include when installed on Mac Severity levels are aggregate, please see update document for specifics:.NET Framework 1.0 and 1.1 on all supported versions of Windows Client and Windows Server Affected ComponentsInternet Explorer Deployment Priority2 Main TargetWorkstations MS13-052: Vulnerabilities in.NET Framework and Silverlight Could Allow Remote Code Execution (2861561)

7 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder Possible Attack Vectors Web-based: An attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. (CVE-2013-3129) File sharing: an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file (CVE-2013-3129) Local attack: an attacker could exploit this vulnerability by running a specially crafted application to take complete control over the affected system. However, the attacker must have valid logon credentials and be able to log on locally (CVE-2013-3129) Web-based: an attacker could host a website that contains a specially crafted Silverlight application designed to exploit this vulnerability and then convince a user to view the website (CVE-2013-3131, 3178).NET application: In a.NET application attack scenario, an attacker could modify the array data in a manner that would allow for remote code execution (CVE-2013-3131, 3134) Web-based: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that could exploit this vulnerability and then convince a user to view the website (CVE-2013- 3132, 3133, 3171) This vulnerability could also be used by Windows.NET Framework applications to bypass Code Access Security (CAS) restrictions (CVE-2013-3132, 3133, 3171) Impact of Attack An attacker could run arbitrary code in kernel mode (CVE-2013-3129) In a.NET application attack scenario, an attacker could obtain the same permissions as the currently logged-on user (CVE-2013-3131, 3133, 3134, 3171) In a web-browsing scenario, an attacker could execute arbitrary could on behalf of the targeted user (CVE-2013- 3131, 3133, 3171, 3178) An attacker could take complete control of the affected system (CVE-2013-3132) Mitigating Factors An attacker cannot force users to view the attacker-controlled content. (All CVEs) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. (All CVEs) Additional Information Installations using Server Core are affected..NET Framework 4 and.NET Framework 4 Client Profile affected MS13-052: Vulnerabilities in.NET Framework and Silverlight Could Allow Remote Code Execution (2861561)

8 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1300Important11Elevation of PrivilegeCooperatively Disclosed CVE-2013-1340Important31Elevation of PrivilegeCooperatively Disclosed CVE-2013-1345Important31Elevation of PrivilegeCooperatively Disclosed CVE-2013-3129Critical11Remote Code ExecutionCooperatively Disclosed CVE-2013-3167ImportantNA1Elevation of PrivilegeCooperatively Disclosed CVE-2013-3172ModerateDenial of ServicePublically Disclosed CVE-2013-3173Important11Elevation of PrivilegeCooperatively Disclosed CVE-2013-3660Critical33Remote Code ExecutionPublically Disclosed Affected ProductsAll supported versions of Windows Client and Windows Server Affected ComponentsKernel-Mode Drivers Deployment Priority1 Main TargetWorkstations Possible Attack Vectors Web-based attack: an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. (CVE-2013-3129, 3660) File sharing: an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. (CVE-2013-3129, 3660) Local attack: an attacker could also exploit this vulnerability by running a specially crafted application to take complete control over the affected system. The attacker must have valid logon credentials (CVE-2013-3129, 3660) An attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to increase privileges. (CVE-2013-1300, 1340, 1345, 3167, 3173) For an attacker to exploit this vulnerability, a user would have to execute a specially crafted application. (CVE-2013-3172) MS13-053: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)

9 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder Impact of Attack An attacker could run arbitrary code in kernel mode (CVE-2013-3129) An attacker could run processes in an elevated context (CVE-2013-1300, 1340, 1345, 3167, 3173) An attacker could cause the target system to stop responding (CVE-2013-3172) In most scenarios, an attacker could achieve elevation of privilege on the target system. It is also theoretically possible, but unlikely due to memory randomization, that an attacker could achieve remote code execution (CVE-2013-3660) Mitigating Factors An attacker must have valid logon credentials and be able to log on to exploit this vulnerability (CVE- 2013-1300, 1340, 1345, 3167, 3173) Microsoft has not identified any mitigating factors for this vulnerability (CVE-2013-3660) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone, which disables font download by default (CVE-2013-3129) An attacker would have no way to force a user to click on a malicious link or open a malicious file (CVE-2013-3129) Additional Information Installations using Server Core are affected Microsoft was aware of this vulnerability being used to achieve elevation of privilege in targeted attacks (CVE-2013-3660) Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers (CVE-2013-3129) MS13-053: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851) (Cont’d)

10 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3129Critical11Remote Code ExecutionCooperatively Disclosed Affected Products All supported versions of Windows and Windows Server except for Windows Server 2008 for Itanium; Lync 2010 32bit, x64 and Attendee; Lync 2013 Visual Studio.NET 2003 SP1; Office 2003, 2007, and all editions of 2010 Affected ComponentsGDI+, Journal, DirectWrite, Office, Visual Studio.NET 2003, Lync Deployment Priority2 Main TargetWorkstations Possible Attack Vectors Web based: an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. File Sharing: an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file Local attack: an attacker could also exploit this vulnerability by running a specially crafted application to take complete control over the affected system. However, the attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability in this scenario Impact of AttackAn attacker could run arbitrary code in kernel mode and take complete control of an affected system Mitigating Factors An attacker could not force a user to visit a malicious website or click on a malicious link By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone, which disables font download by default Additional Information For some versions of Windows Server, DirectWrite is not installed by default. Customers will only be offered the update on those systems if DirectWrite is installed MS13-054: Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)

11 MS13-055: Cumulative Security Update for Internet Explorer (2846071) CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3115 CVE-2013-3143 CVE-2013-3144 Critical11Remote Code ExecutionCooperatively Disclosed CVE-2013-3147 CVE-2013-3149 CVE-2013-3150 CVE-2013-3164 CVE-2013-3145 CriticalNA1Remote Code ExecutionCooperatively Disclosed CVE-2013-3148 CVE-2013-3161 CVE-2013-3162 CVE-2013-3153 Critical31Remote Code ExecutionCooperatively Disclosed CVE-2013-3151 CVE-2013-3163 Critical21Remote Code ExecutionCooperatively Disclosed CVE-2013-3146 CVE-2013-3152 Critical1NARemote Code ExecutionCooperatively Disclosed CVE-2013-3166Important33Information DisclosureCooperatively Disclosed Affected ProductsIE6 – IE10 on all supported versions of Windows ClientIE6 – IE10 on all supported versions of Windows Server Affected ComponentsInternet Explorer Deployment Priority1 Main TargetWorkstations

12 Possible Attack Vectors An attacker An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. (All CVEs) The attacker could take advantage of compromised websites and websites that accept or host user-provided content or advertisements. (All CVEs) Impact of Attack An attacker could gain the same user rights as the current user (All CVEs except CVE-2013-3166) An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone (CVE-2013-3166) Mitigating Factors An attacker cannot force users to view the attacker-controlled content. (All CVEs) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. (All CVEs) By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. (All CVEs) Additional Information Installations using Server Core not affected. (All CVEs) Updates for Windows RT are only available via Windows Update Microsoft is aware of targeted attacks attempting to exploit the vulnerability described in CVE-2013-3163. MS13-055: Cumulative Security Update for Internet Explorer (2846071) Continued

13 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3174Critical11Remote Code ExecutionCooperatively Disclosed Affected Products All supported versions Windows and Windows Server (except Windows Server 2008 for Itanium, Windows Server 2012, and Windows RT) Affected ComponentsDirectShow Deployment Priority2 Main TargetServers Possible Attack Vectors Web-based: an attacker would have to host a web site that contains specially crafted content (GIF file) that is used to attempt to exploit this vulnerability Email: an attacker could exploit the vulnerability by sending a specially crafted GIF file as a mail attachment and by convincing the user to open the file Impact of Attack If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. Mitigating Factors The vulnerability cannot be exploited automatically through e-mail. An attacker could not force a user to visit a malicious website or click on a malicious link Additional InformationInstallations using Server Core are not affected. MS13-056: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)

14 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3127Critical22Remote Code ExecutionCooperatively Disclosed Affected Products WMFR 9, 9.5, 11 and wmv9vcm.dll (codec) installed on Windows XP; WMFR 9.5 and wmv9vcm.dll (codec) installed on Windows Server 2003, WMFR 11 and wmv9vcm.dll (codec) installed on Windows Server 2008 (except Itanium); Windows Media Player 12 on Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT Affected ComponentsWindows Media Format Runtime (WMFR) Deployment Priority2 Main TargetWorkstations Possible Attack Vectors An attacker could exploit the vulnerability by hosting a specially crafted media file on a network location and convincing a user to open the file Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user Mitigating Factors The vulnerability cannot be exploited automatically through e-mail An attacker could not force a user to visit a malicious website or click on a malicious link Additional Information Windows Server 2008 installations using Server Core are not affected. This is not a supported or shipped product beyond Windows XP, the Vista/Windows Server 2008 parts of this update are to protect customers in an upgrade scenario only. MS13-057: Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)

15 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3154ImportantNA1Elevation of PrivilegeCooperatively Disclosed Affected Products Windows Defender for Windows 7 32bit and x64, Windows Defender when installed on Windows Server 2008 R2 x64 Affected ComponentsWindows Defender Deployment Priority3 Main TargetWindows 7 workstations Possible Attack Vectors To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then place a specially crafted application in a location that could be used to exploit the vulnerability Impact of Attack An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take complete control of the system Mitigating Factors An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users. In a Windows 7 default configuration, a user running as a standard user account does not have permissions to write files to the root directory on the system Additional InformationIf a customer is running Windows 7 but Windows Defender is disabled, this update is not required. MS13-058: Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)

16 Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer Added the 2857645 update to the Current Update section for all supported editions of Windows 8, Windows Server 2012, and Windows RT The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-17

17 Detection & Deployment 1.The MBSA does not support detection on Windows 8, Windows RT, and Windows Server 2012. 2.Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store. 3.Mac is not supported by our detection tools. 4.Microsoft Office, Visual Studio, and Lync are not serviced by Windows Update. 5.The update for Visual Studio is available thought the Download Center only.

18 Other Update Information

19 Microsoft will not add any new families to the MSRT during this release Version 5 of MSRT is now available on DLC and for Microsoft Update customers who manually check Available as a priority update through Windows Update or Microsoft Update Offered through WSUS 3.0 or as a download at: www.microsoft.com/malwareremove

20

21 Submit text questions using the “Ask” button. Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC blog. http://blogs.technet.com/msrc Register for next month’s webcast at: http://microsoft.com/technet/security/current.aspx

22

Download ppt "To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in."

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Web Hosting. The purpose of this Startup Guide is to familiarize you with Own Web Now's Web Hosting. Own Web Now offers two web hosting platforms, one.

Web Hosting. The purpose of this Startup Guide is to familiarize you with Own Web Now's Web Hosting. Own Web Now offers two web hosting platforms, one.
Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Dial In Number 1-800-227-8104 Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Changes in Windows XP Service Pack 2

Changes in Windows XP Service Pack 2
Browser and E-mail Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.

Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
Presented by Mina Haratiannezhadi 1.  publishing, editing and modifying content  maintenance  central interface  manage workflows 2.

Presented by Mina Haratiannezhadi 1.  publishing, editing and modifying content  maintenance  central interface  manage workflows 2.
Monthly Security Bulletin Briefing

Monthly Security Bulletin Briefing
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number 1-800-227-8104 Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.

Dial In Number Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.
Dial In Number 1-800-229-0449 Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.

Dial In Number Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.
Dial In Number 1-800-227-8104 PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Similar presentations

Ads by Google