Presentation is loading. Please wait.

Presentation is loading. Please wait.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

Published byClaire Stephens Modified over 8 years ago

Similar presentations

Presentation on theme: "Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software."— Presentation transcript:

1

2

3 Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software Removal Tool Resources Questions and Answers: Please Submit Now - Submit Questions via Twitter #MSFTSecWebcast

4 Severity & Exploitability Index Exploitability Index 1 RISK 2 3 DP112223222321 Severity Critical IMPACT Important Moderate Low MS13- 009 MS13- 010 MS13- 011 MS13- 012 MS13- 013 MS13- 014 MS13- 015 MS13- 016 MS13- 017 MS13- 018 MS13- 019 MS13- 020 Internet Explorer Vector Markup Language DirectShowExchange OLE AutomationNFS ServerSharePoint.NET Framework Kernel-Mode Drivers Kernel TCP/IPCSRSS

5 Bulletin Deployment Priority

6 CVESeverity Exploitability | Versions CommentNote LatestOlder CVE-2013-0015 ImportantNA3Information DisclosureCooperatively Disclosed CVE-2013-0018 CVE-2013-0022 CVE-2013-0028 CriticalNA2Remote Code ExecutionCooperatively Disclosed CVE-2013-0020 CVE-2013-0024 CVE-2013-0025 CVE-2013-0026 CVE-2013-0029 CriticalNA1Remote Code ExecutionCooperatively Disclosed CVE-2013-0019 CVE-2013-0021 CVE-2013-0023 CVE-2013-0027 Critical11Remote Code ExecutionCooperatively Disclosed Affected ProductsIE6 – IE10 on all supported versions of Windows ClientIE6 – IE10 on all supported versions of Windows Server Affected ComponentsInternet Explorer Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. (All CVEs) The attacker could take advantage of compromised websites and websites that accept or host user-provided content or advertisements. (All CVEs) Impact of Attack An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone. (CVE-2013-0015) An attacker could gain the same user rights as the current user. (All CVEs except for CVE-2013-0015) Mitigating Factors An attacker cannot force users to view the attacker-controlled content. (All CVEs) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. (All CVEs) By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. (All CVEs) Additional Information Installations using Server Core are not affected. Severity levels do not apply to IE10 for CVE-2013-0022, this fix is a defense-in-depth. This bulletin replaces the December IE Bulletin (MS12-077) and the January Out of Band Bulletin (MS13-008). MS13-009: Cumulative Security Update for Internet Explorer (2792100)

7 CVESeverity Exploitability | Versions CommentNote LatestOlder CVE-2013-0030Critical11Remote Code ExecutionCooperatively Disclosed Affected ProductsIE6 – IE10 on all supported versions of Windows Client and Windows Server Affected ComponentsVector Markup Language Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. An attacker could embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could take advantage of compromised websites and websites that accept or host user- provided content or advertisements. Impact of AttackAn attacker could gain the same user rights as the current user. Mitigating FactorsAn attacker cannot force users to view the attacker-controlled content. Additional InformationInstallations using Server Core are not affected. MS13-010: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052)

8 CVESeverity Exploitability | Versions CommentNote LatestOlder CVE-2013-0077CriticalNA1Remote Code ExecutionPublicly Disclosed Affected Products All supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 Affected ComponentsDirectShow Deployment Priority2 Main TargetWorkstations Possible Attack Vectors Email: an attacker could send a specially crafted media file (such as an.mpg file) to the user and then convince the user to open the file. Web-based: an attacker would have to host a website that contains specially crafted media content that could exploit this vulnerability. Impact of AttackAn attacker could run arbitrary code as the current user. Mitigating Factors The vulnerability cannot be exploited automatically through email. An attacker cannot force users to visit a specially crafted website. Additional Information Installations using Server Core are not affected. At the time of release there were no known attacks using this vulnerability. MS13-011: Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)

9 CVESeverity Exploitability | Versions CommentNote LatestOlder CVE-2013-0393Important33Denial of ServicePublicly Disclosed CVE-2013-0418Critical22Remote Code ExecutionPublicly Disclosed Affected ProductsAll supported editions of Microsoft Exchange Server 2007 and Microsoft Exchange Server 2010 Affected ComponentsOracle Outside in Libraries/WebReady Document Viewing Deployment Priority2 Main TargetExchange Server Systems Possible Attack Vectors An attacker could send an email message containing a specially crafted file to a user on an affected version of Exchange. Impact of Attack An attacker could run arbitrary code as LocalService on the affected Exchange server. (CVE-2013- 0418) An attacker could cause the affected Exchange Server to become unresponsive if a user views a specially crafted file through Outlook Web Access in a browser. (CVE-2013-0393) Mitigating Factors The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. (CVE-2013-0418) Additional Information CVE-2013-0393 and CVE-2013-0418 discussed in the Oracle Critical Patch Update Advisory - January 2013 affect Microsoft Exchange Server and are addressed by this update. At the time of release there were no known attacks using these vulnerabilities. MS13-012: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279)

10 CVESeverity Exploitability | Versions CommentNote LatestOlder CVE-2012-3214Important11Remote Code ExecutionPublicly Disclosed CVE-2012-3217Important11Remote Code ExecutionPublicly Disclosed Affected ProductsAll supported editions of FAST Search Server 2010 for SharePoint Affected ComponentsOracle Outside in Libraries/Advanced Filter Pack Deployment Priority2 Main TargetFAST Search 2010 for SharePoint servers with the Advanced Filter Pack installed Possible Attack Vectors An attacker would need access to a file location that FAST Search 2010 for SharePoint indexes, and have the ability to upload a specially crafted file to that location. Impact of AttackAn attacker could run arbitrary code in the context of a user account with a restricted token. Mitigating Factors FAST Search Server 2010 for SharePoint is only affected by the vulnerabilities if the Advanced Filter Pack feature is enabled. By default, the Advanced Filter Pack feature is disabled. Additional Information CVE-2012-3214 and CVE-2012-3217 discussed in the Oracle Critical Patch Update Advisory - October 2012 affect FAST Search Server 2010 for SharePoint and are addressed by this update. At the time of release there were no known attacks using these vulnerabilities. MS13-013: Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Code Execution (2784242)

11 CVESeverity Exploitability | Versions CommentNote LatestOlder CVE-2013-1281Important33Denial of ServiceCooperatively Disclosed Affected ProductsAll supported editions of Windows Server 2008 R2 and Windows Server 2012 Affected ComponentsNFS Server Deployment Priority3 Main TargetServers with the NFS Server role enabled Possible Attack VectorsAn attacker could attempt to rename a file or folder on a read-only share. Impact of AttackAn attacker could cause the affected system to stop responding and restart. Mitigating Factors An attacker must have access to the file share in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users. This vulnerability only affects Windows servers with the NFS role enabled. Additional InformationInstallations using Server Core are affected (except Windows Server 2008). MS13-014: Vulnerability in NFS Server Could Allow Denial of Service (2790978)

12 CVESeverity Exploitability | Versions CommentNote LatestOlder CVE-2013-0073Important11Elevation of PrivilegeCooperatively Disclosed Affected Products.NET Framework 2.0 SP2,.NET Framework 3.5,.NET Framework 3.5.1,.NET Framework 4, and.NET Framework 4.5 on all supported versions of Windows Client and Windows Server (except for.NET Framework 4.5 on Windows RT) Affected Components.NET Framework Deployment Priority2 Main TargetWorkstations Possible Attack Vectors Web-based: an attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that could exploit this vulnerability. The attacker could also take advantage of websites that accept or host user-provided content or advertisements..NET Application based: this vulnerability could also be used by Windows.NET Framework applications to bypass Code Access Security (CAS) restrictions. Impact of AttackAn attacker could take complete control of the affected system. Mitigating Factors By default, Internet Explorer 9 and Internet Explorer 10 prevent XAML, which is used by XBAPs, from running in the Internet Zone. By default, Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 are configured to prompt the user before running XAML, which is used by XBAPs in the Internet Zone. Additional Information Installations using Server Core are affected..NET Framework 4 and.NET Framework 4 Client Profile affected. MS13-015: Vulnerability in.NET Framework Could Allow Elevation of Privilege (2800277)

13 CVESeverity Exploitability | Versions CommentNote LatestOlder Multiple CVEsImportantNA2Elevation of PrivilegeCooperatively Disclosed Affected Products All supported versions of Windows Client and Windows Server (except for Windows 8, Windows RT and Windows Server 2012) Affected ComponentsKernel-Mode Drivers Deployment Priority2 Main TargetWorkstations Possible Attack VectorsAn attacker could run a specially crafted application designed to increase privileges. Impact of AttackAn attacker could gain increased privilege and read arbitrary amounts of kernel memory. Mitigating FactorsAn attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Additional Information Installations using Server Core are affected. Severity ratings do not apply for Windows 8, Windows RT and Windows Server 2012. However, as a defense-in-depth measure, Microsoft recommends customers apply this security update. CVEs: CVE-2013-1248, CVE-2013-1249, CVE-2013-1250, CVE-2013-1251, CVE-2013-1252, CVE-2013-1253, CVE-2013-1254, CVE- 2013-1255, CVE-2013-1256, CVE-2013-1257, CVE-2013-1258, CVE-2013-1259, CVE-2013-1260, CVE-2013-1261, CVE-2013-1262, CVE-2013-1263, CVE-2013-1264, CVE-2013-1265, CVE-2013-1266, CVE-2013-1267, CVE-2013-1268, CVE-2013-1269, CVE-2013- 1270, CVE-2013-1271, CVE-2013-1272, CVE-2013-1273, CVE-2013-1274, CVE-2013-1275, CVE-2013-1276, CVE-2013-1277 MS13-016: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2778344)

14 CVESeverity Exploitability | Versions CommentNote LatestOlder CVE-2013-1278Important22Elevation of PrivilegeCooperatively Disclosed CVE-2013-1279Important11Elevation of PrivilegeCooperatively Disclosed CVE-2013-1280Important22Elevation of PrivilegeCooperatively Disclosed Affected ProductsAll supported versions of Windows Client and Windows Server Affected ComponentsWindows Kernel Deployment Priority2 Main TargetWorkstations Possible Attack Vectors An attacker could run a specially crafted application that could exploit the vulnerability and take complete control over the affected system. Impact of AttackAn attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. Mitigating FactorsAn attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Additional InformationInstallations using Server Core are affected. MS13-017: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494)

15 CVESeverity Exploitability | Versions CommentNote LatestOlder CVE-2013-0075Important33Denial of ServiceCooperatively Disclosed Affected Products All supported versions of Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 All supported versions of Vista, Windows 7, Windows 8, and Windows RT Affected ComponentsTCP/IP Deployment Priority3 Main TargetServers Possible Attack Vectors An unauthenticated attacker could send a specially crafted connection termination packet to the server. Impact of AttackAn attacker could cause the target system to stop responding and automatically restart. Mitigating FactorsMicrosoft has not identified any mitigating factors for this vulnerability. Additional InformationInstallations using Server Core are affected. MS13-018: Vulnerability in Windows TCP/IP Could Allow Denial of Service (2790655)

16 CVESeverity Exploitability | Versions CommentNote LatestOlder CVE-2013-0076ImportantNA2Elevation of PrivilegePublicly Disclosed Affected ProductsAll supported editions of Windows 7 and Windows Server 2008 R2 Affected Components Windows CSRSS Deployment Priority2 Main TargetWorkstations Possible Attack Vectors An attacker could run a specially crafted application that could exploit the vulnerability and take complete control over an affected system. Impact of AttackAn attacker could run arbitrary code in the context of the local system. Mitigating FactorsAn attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Additional Information Installations using Server Core are affected. At the time of release there were no known attacks using this vulnerability. MS13-019: Vulnerability in Windows Client/Server Run- time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113)

17 CVESeverity Exploitability | Versions CommentNote LatestOlder CVE-2013-1313CriticalNA1Remote Code ExecutionCooperatively Disclosed Affected ProductsWindows XP Service Pack 3 Affected ComponentsOLE Automation Deployment Priority1 Main TargetWorkstations Possible Attack Vectors Email: an attacker could send specially crafted RTF-formatted data to the user and then convince the user to open the file. Web-based: an attacker could host a website that contains a file that is used to exploit this vulnerability and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. Impact of AttackAn attacker could gain the same user rights as the local user. Mitigating FactorsAn attacker would have no way to force a user to visit a malicious site or open a specially crafted file. MS13-020: Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968)

18 Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 - On February 12, 2013, Microsoft released an update (KB2805940) for all supported editions of Windows 8, Windows Server 2012 and Windows RT. The update addresses the vulnerabilities described in Adobe Security Bulletin APSB13-05.

19 Detection & Deployment 1.The MBSA does not support detection on Windows 8, Windows RT, and Windows Server 2012. 2.Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store (except for MS13-010 which is available through WU only). 3.This update is available through the Microsoft Download Center only.

20 Other Update Information

21 During this release, Microsoft will increase/add detection capability for the following families in the MSRT: Win32/Sirefef: A multi-component family of malware that uses stealth to hide its presence on an affected computer. Win32/Sirefef February MSRT will be distributed to Windows 8 (x86 and x64) Available as a priority update through Windows Update or Microsoft Update Offered through WSUS 3.0 or as a download at: www.microsoft.com/malwareremove

22

23 Submit text questions using the “Ask” button. Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC blog. http://blogs.technet.com/msrc Register for next month’s webcast at: http://microsoft.com/technet/security/current.aspx

24

Download ppt "Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Dial In Number 1-800-227-8104 Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Monthly Security Bulletin Briefing

Monthly Security Bulletin Briefing
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number 1-800-227-8104 Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.

Dial In Number Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Dial In Number 1-800-229-0449 Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.

Dial In Number Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.
Dial In Number 1-800-227-8104 PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Similar presentations

Ads by Google