Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dial In Number 1-800-229-0449 Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.

Published byJoel Griffin Modified over 8 years ago

Similar presentations

Presentation on theme: "Dial In Number 1-800-229-0449 Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft."— Presentation transcript:

1 Dial In Number 1-800-229-0449 Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft Corporation Jerry Bryant Group Manager, Response Communications Microsoft Corporation

2 Dial In Number 1-800-229-0449 Pin: 3750 What We Will Cover Review of August 2011 Bulletin release information:Review of August 2011 Bulletin release information: –New Security Bulletins –Security Advisory –Re-released Bulletins –Announcements –Microsoft ® Windows ® Malicious Software Removal Tool ResourcesResources Questions and answers: Please Submit NowQuestions and answers: Please Submit Now

3 Dial In Number 1-800-229-0449 Pin: 3750 Severity and Exploitability Index Exploitability Index 1 RISK 2 3 DP 1132322223333 Severity Critical IMPACT Important Moderate Low MS11-057MS11-058MS11-059MS11-060MS11-061MS11-062MS11-063MS11-064MS11-065MS11-066MS11-067MS11-068 MS11- 069 WindowsWindows OfficeWindowsWindows Windows Internet Explorer.NET Visual Studio Windows.NET Framework Windows Windows

4 Dial In Number 1-800-229-0449 Pin: 3750 Bulletin Deployment Priority

5 Dial In Number 1-800-229-0449 Pin: 3750 MS11-057: Cumulative Security Update for Internet Explorer (2559049) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2011-1257ImportantNA1 Remote Code Execution Cooperatively disclosed CVE-2011-1960Important33 Information Disclosure Cooperatively disclosed CVE-2011-1961Important11 Remote Code Execution Cooperatively disclosed CVE-2011-1962ModerateNANA Information Disclosure Publicly disclosed CVE-2011-1963Critical11 Remote Code Execution Cooperatively disclosed CVE-2011-1964Critical11 Remote Code Execution Cooperatively disclosed CVE-2011-2383ModerateNANA Information Disclosure Publicly disclosed Affected Products IE6, IE7, IE 8 and IE 9 on all supported versions of Windows and Windows Server except IE6 on Windows Server 2003, x64, and Itanium IE 6 on Windows Server 2003, x64, and Itanium Affected Components Internet Explorer Deployment Priority 1 Main Target Workstations and Servers Possible Attack Vectors Browse and Own: An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. (CVE-2011-1960, 1961, 1962, 1963, 1964)Browse and Own: An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. (CVE-2011-1960, 1961, 1962, 1963, 1964) Clickjacking: An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer, and then convince a user to view the Web site and perform a series of clicks in different Internet Explorer windows. (CVE-2011-1257)Clickjacking: An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer, and then convince a user to view the Web site and perform a series of clicks in different Internet Explorer windows. (CVE-2011-1257) Drag and Drop: An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page and performed a drag-and-drop operation. (CVE-2011-2383)Drag and Drop: An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page and performed a drag-and-drop operation. (CVE-2011-2383) Impact of Attack An attacker could gain the same user rights as the logged on user. (CVE-2011-1257, 1961, 1963, 1964, 1256, 1260, 1261, 1262)An attacker could gain the same user rights as the logged on user. (CVE-2011-1257, 1961, 1963, 1964, 1256, 1260, 1261, 1262) An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone. (CVE-2011- 1960, 1962)An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone. (CVE-2011- 1960, 1962) An attacker who successfully exploited this vulnerability could gain access to cookie files stored in the local machine. (CVE-2011-2383)An attacker who successfully exploited this vulnerability could gain access to cookie files stored in the local machine. (CVE-2011-2383) Mitigating Factors By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration.By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration.Enhanced Security ConfigurationEnhanced Security Configuration By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone, which disables script and ActiveX controls.By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone, which disables script and ActiveX controls. An attacker could not force a user to visit a specially crafted site.An attacker could not force a user to visit a specially crafted site. Additional Information Installations using Server Core are not affected.Installations using Server Core are not affected.

6 Dial In Number 1-800-229-0449 Pin: 3750 MS11-058: Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2011-1966Critical33 Remote Code Execution Cooperatively disclosed CVE-2011-1970Important33 Denial of Service Cooperatively disclosed Affected Products Windows Server 2008, Windows Server 2008 x64, Windows Server 2008R2 x64 Windows Server 2003, Windows Server 2003 x64, Windows Server 2003 for Itanium Affected Components DNS Server Deployment Priority 1 Main Target Servers running in the DNS role Possible Attack Vectors A remote unauthenticated attacker could exploit this vulnerability by registering a domain, creating an NAPTR DNS resource record, and then sending a specially crafted NAPTR query to the target DNS server. (CVE-2011-1066)A remote unauthenticated attacker could exploit this vulnerability by registering a domain, creating an NAPTR DNS resource record, and then sending a specially crafted NAPTR query to the target DNS server. (CVE-2011-1066) A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted DNS query to the target DNS server for a resource record of a domain that does not exist. (CVE-2011-1970)A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted DNS query to the target DNS server for a resource record of a domain that does not exist. (CVE-2011-1970) Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the system. (CVE- 2011-1966)An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the system. (CVE- 2011-1966) A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted DNS query to the target DNS server for a resource record of a domain that does not exist. (CVE-2011-1970)A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted DNS query to the target DNS server for a resource record of a domain that does not exist. (CVE-2011-1970) Mitigating Factors Microsoft has not identified any mitigating factors for this issue.Microsoft has not identified any mitigating factors for this issue. Additional Information Installations using Server Core are affected.Installations using Server Core are affected.

7 Dial In Number 1-800-229-0449 Pin: 3750 MS11-059: Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2011-1975Important1NA Remote Code Execution Cooperatively disclosed Affected Products Windows 7, Windows 7 x64, Windows Server 2008R2 x64, Windows Server 2008R2 for Itanium Affected Components Data Access Components (DAC) Deployment Priority 3 Main Target Workstations Possible Attack Vectors In a network attack scenario, an attacker could place a legitimate Office-related file and a specially crafted DLL in a network share, a UNC, or WebDAV location and then convince the user to open the file.In a network attack scenario, an attacker could place a legitimate Office-related file and a specially crafted DLL in a network share, a UNC, or WebDAV location and then convince the user to open the file. In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a legitimate Excel-related file attachment (such as an.xlsx file) to a user, and convincing the user to place the attachment into a directory containing a specially crafted DLL file and to open the legitimate file. Then, while opening the legitimate file, Microsoft Office could attempt to load the DLL file and execute any code it contained.In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a legitimate Excel-related file attachment (such as an.xlsx file) to a user, and convincing the user to place the attachment into a directory containing a specially crafted DLL file and to open the legitimate file. Then, while opening the legitimate file, Microsoft Office could attempt to load the DLL file and execute any code it contained. Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user.An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. Mitigating Factors For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open an Excel-related file (such as a.xlsx file).For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open an Excel-related file (such as a.xlsx file). The file sharing protocol, Server Message Block (SMB), is often disabled on the perimeter firewall. This limits the potential attack vectors for this vulnerability.The file sharing protocol, Server Message Block (SMB), is often disabled on the perimeter firewall. This limits the potential attack vectors for this vulnerability. Additional Information Installations using Server Core are affected.Installations using Server Core are affected.

8 Dial In Number 1-800-229-0449 Pin: 3750 MS11-060: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2011-1972Important11 Remote Code Execution Cooperatively disclosed CVE-2011-1979ImportantNA1 Remote Code Execution Cooperatively disclosed Affected Products Visio 2003, 2007, 2010 32-bit, and 2010 64-bit Affected Components Visio Deployment Priority 2 Main Target Workstations Possible Attack Vectors This vulnerability requires that a user view a specially crafted WMF image file. An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site.This vulnerability requires that a user view a specially crafted WMF image file. An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site. Impact of Attack In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Visio file to the user and by convincing the user to open the file.In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Visio file to the user and by convincing the user to open the file. In a Web-based attack scenario, an attacker would have to host a Web site that contains a specially crafted Visio file that is used to attempt to exploit this vulnerability. An attacker would then convince a user to open the Visio file.In a Web-based attack scenario, an attacker would have to host a Web site that contains a specially crafted Visio file that is used to attempt to exploit this vulnerability. An attacker would then convince a user to open the Visio file. Mitigating Factors An attacker would have no way to force users to visit a malicious web site.An attacker would have no way to force users to visit a malicious web site. The vulnerability cannot be exploited automatically through e-mail.The vulnerability cannot be exploited automatically through e-mail. Additional Information Microsoft Visio 2010 Viewer is not affected.Microsoft Visio 2010 Viewer is not affected.

9 Dial In Number 1-800-229-0449 Pin: 3750 MS11-061: Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2011-1263Important1NA Elevation of Privilege Cooperatively disclosed Affected Products Windows Server 2008 R2 x64 Affected Components Remote Desktop Web Access Deployment Priority 3 Main Target Servers running the Remote Desktop Web Access role Possible Attack Vectors In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially crafted link to the user and convincing the user to click the link.In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially crafted link to the user and convincing the user to click the link. Impact of Attack An attacker who successfully exploited this vulnerability could inject a client-side script into the user's instance of Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the Remote Desktop Web Access site.An attacker who successfully exploited this vulnerability could inject a client-side script into the user's instance of Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the Remote Desktop Web Access site. Mitigating Factors The XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack for its users when browsing to a Remote Desktop Web Access server in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone.The XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack for its users when browsing to a Remote Desktop Web Access server in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone. An attacker would have no way to force a user to visit a malicious site.An attacker would have no way to force a user to visit a malicious site. By Remote Desktop Web Access is not installed by default. When you install Remote Desktop Web Access, Microsoft Internet Information Services (IIS) is also installed as a required component.By Remote Desktop Web Access is not installed by default. When you install Remote Desktop Web Access, Microsoft Internet Information Services (IIS) is also installed as a required component. Additional Information Installation using Server Core are not affected.Installation using Server Core are not affected.

10 Dial In Number 1-800-229-0449 Pin: 3750 MS11-062: Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2011-1974ImportantNA1 Elevation of Privilege Cooperatively disclosed Affected Products Windows XP, XP x64, Windows Server 2003, Windows Server 2003 x64, Windows Server 2003 for Itanium Affected Components NDISTAPI.sys Deployment Priority 2 Main Target Workstations Possible Attack Vectors To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability.To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability. Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the local system.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the local system. Mitigating Factors An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Additional Information The NDISTAPI driver is part of the RAS architecture and interfaces the NDISWAN to TAPI services.The NDISTAPI driver is part of the RAS architecture and interfaces the NDISWAN to TAPI services. There are no workarounds for this update.There are no workarounds for this update.

11 Dial In Number 1-800-229-0449 Pin: 3750 MS11-063: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2011-1967Important11 Elevation of Privilege Cooperatively disclosed Affected Products All supported versions of Windows and Windows Server Affected Components Client/Server Run-time Subsystem Deployment Priority 2 Main Target Workstations and Servers Possible Attack Vectors To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to send a device event message to a higher-integrity process.To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to send a device event message to a higher-integrity process. Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process. Mitigating Factors An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Additional Information Installations using Server Core are affected.Installations using Server Core are affected.

12 Dial In Number 1-800-229-0449 Pin: 3750 MS11-064: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2011-1871Important33 Denial of Service Cooperatively disclosed CVE-2011-1965Important3NA Denial of Service Cooperatively disclosed Affected Products Windows Server 2008 and 2008 x64, Windows Server 2008 for Itanium, Windows Server 2008R2 x64, Windows Server 2008R2 for Itanium Vista, Vista x64, Windows 7 and Windows 7 x64 Affected Components TCP/IP Stack Deployment Priority 2 Main Target Workstations and Servers Possible Attack Vectors A remote unauthenticated attacker could exploit this vulnerability by creating a program to send a sequence of specially crafted ICMP messages to a target system. (CVE-2011-1871)A remote unauthenticated attacker could exploit this vulnerability by creating a program to send a sequence of specially crafted ICMP messages to a target system. (CVE-2011-1871) In a remote attack scenario, an unauthenticated attacker could exploit this vulnerability by sending a specially crafted URL request to a server that is serving Web content and has URL-based QoS enabled. (CVE-2011-1965)In a remote attack scenario, an unauthenticated attacker could exploit this vulnerability by sending a specially crafted URL request to a server that is serving Web content and has URL-based QoS enabled. (CVE-2011-1965) Impact of Attack An attacker who successfully exploited this vulnerability could cause the target system to stop responding and automatically restart.An attacker who successfully exploited this vulnerability could cause the target system to stop responding and automatically restart. Mitigating Factors By default, the URL-based Quality of Service feature is not enabled on any Windows operating system. Users would need to manually install this feature in order to be affected by this vulnerability. (CVE-2011-1965)By default, the URL-based Quality of Service feature is not enabled on any Windows operating system. Users would need to manually install this feature in order to be affected by this vulnerability. (CVE-2011-1965) Additional Information Installations using Server Core are affected.Installations using Server Core are affected.

13 Dial In Number 1-800-229-0449 Pin: 3750 MS11-065: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2011-1968ImportantNA3 Denial of Service Cooperatively disclosed Affected Products Windows Server 2003, Windows Server 2003 x64 and Windows Server 2003 for Itanium Windows XP and XP x64 Affected Components Remote Desktop Protocol Deployment Priority 2 Main Target Servers Possible Attack Vectors A remote unauthenticated attacker could exploit this vulnerability by sending a sequence of specially crafted RDP packets to the target system.A remote unauthenticated attacker could exploit this vulnerability by sending a sequence of specially crafted RDP packets to the target system. Impact of Attack An attacker who successfully exploited this vulnerability could cause a user’s system to stop responding and require a restart.An attacker who successfully exploited this vulnerability could cause a user’s system to stop responding and require a restart. Mitigating Factors By default, the Remote Desktop Protocol (RDP) is not enabled on any operating system. On Windows XP and Windows Server 2003, Remote Assistance can enable RDP.By default, the Remote Desktop Protocol (RDP) is not enabled on any operating system. On Windows XP and Windows Server 2003, Remote Assistance can enable RDP. Additional Information Installation using Server Core are affected.Installation using Server Core are affected. Systems that do not have RDP enabled are not at risk.Systems that do not have RDP enabled are not at risk.

14 Dial In Number 1-800-229-0449 Pin: 3750 MS11-066: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2011-1977Important3NA Information Disclosure Cooperatively disclosed Affected Products.NET Framework 4.0 on all supported versions of Windows and Windows Server, Chart Control for.NET Framework 3.5 SP1 (Developer Tools) Affected Components Chart Control Deployment Priority 3 Main Target Workstations and Servers Possible Attack Vectors To exploit this vulnerability, an attacker would send a specially crafted GET request to an affected server hosting the Chart controls.To exploit this vulnerability, an attacker would send a specially crafted GET request to an affected server hosting the Chart controls. Impact of Attack An attacker who successfully exploited this vulnerability would be able to read the contents of any file within the web site directory or subdirectories, such as web.config. The web.config file often stores sensitive information.An attacker who successfully exploited this vulnerability would be able to read the contents of any file within the web site directory or subdirectories, such as web.config. The web.config file often stores sensitive information. Mitigating Factors Only web applications using Microsoft Chart Control are affected by this issue. Default installations of the.NET Framework are not affected.Only web applications using Microsoft Chart Control are affected by this issue. Default installations of the.NET Framework are not affected. Additional Information Installation using Server Core are affected in some cases. See bulletin for details.Installation using Server Core are affected in some cases. See bulletin for details..NET 4.0 Client Profiles are not affected..NET 4.0 Client Profiles are not affected.

15 Dial In Number 1-800-229-0449 Pin: 3750 MS11-067: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2011-1976ImportantNA3 Information Disclosure Cooperatively disclosed Affected Products Visual Studio 2005 and 2005 Redistributable Package Affected Components Visual Studio Deployment Priority 3 Main Target Workstations Possible Attack Vectors In an e-mail attack scenario, an attacker could exploit the vulnerability by sending an e-mail message containing the specially crafted link to the user of the targeted affected server and by convincing the user to click on the specially crafted link.In an e-mail attack scenario, an attacker could exploit the vulnerability by sending an e-mail message containing the specially crafted link to the user of the targeted affected server and by convincing the user to click on the specially crafted link. In a Web-based attack scenario, an attacker would have to host a Web site that contains a specially crafted link to the targeted affected server that is used to attempt to exploit this vulnerability.In a Web-based attack scenario, an attacker would have to host a Web site that contains a specially crafted link to the targeted affected server that is used to attempt to exploit this vulnerability. Impact of Attack An attacker who successfully exploited this vulnerability could inject a client-side script in the user's browser. The script could then be used to spoof content or disclose sensitive information.An attacker who successfully exploited this vulnerability could inject a client-side script in the user's browser. The script could then be used to spoof content or disclose sensitive information. Mitigating Factors The vulnerability cannot be exploited automatically through e-mail.The vulnerability cannot be exploited automatically through e-mail. An attacker would have no way to force users to view the attacker-controlled content.An attacker would have no way to force users to view the attacker-controlled content. By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e- mail messages in the Restricted sites zone, which disables script and ActiveX controls.By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e- mail messages in the Restricted sites zone, which disables script and ActiveX controls. Additional Information By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration.By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration.Enhanced Security ConfigurationEnhanced Security Configuration

16 Dial In Number 1-800-229-0449 Pin: 3750 MS11-068: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2011-1971ModerateNANA Denial of Service Cooperatively disclosed Affected Products Vista and x64; Windows Server 2008, x64, and Itanium; Windows 7 and x64; Windows Server 2008 R2 x64 and Itanium Affected Components Kernel Deployment Priority 3 Main Target Workstations Possible Attack Vectors In a Web-based attack scenario, an attacker would have to host a Web site that points to a specially crafted file on a network share. Then, when the user navigates to the Web site, the affected control path is triggered via the Details and Preview panes in Windows Explorer.In a Web-based attack scenario, an attacker would have to host a Web site that points to a specially crafted file on a network share. Then, when the user navigates to the Web site, the affected control path is triggered via the Details and Preview panes in Windows Explorer. In a network-share based attack scenario, an attacker could host a specially crafted file on a network share. Then, when the user navigates to the share in Windows Explorer, the affected control path is triggered via the Details and Preview panes.In a network-share based attack scenario, an attacker could host a specially crafted file on a network share. Then, when the user navigates to the share in Windows Explorer, the affected control path is triggered via the Details and Preview panes. Impact of Attack An attacker who successfully exploited this vulnerability could cause the affected system to restart.An attacker who successfully exploited this vulnerability could cause the affected system to restart. Mitigating Factors The vulnerability cannot be exploited automatically through e-mail.The vulnerability cannot be exploited automatically through e-mail. An attacker would have no way to force users to view the attacker-controlled content.An attacker would have no way to force users to view the attacker-controlled content. Additional Information Installations using Server Core are not affected.Installations using Server Core are not affected.

17 Dial In Number 1-800-229-0449 Pin: 3750 MS11-069: Vulnerability in.NET Framework Could Allow Information Disclosure (2567951) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2011-1978ModerateNANA Information Disclosure Cooperatively disclosed Affected Products.NET 2.0, 3.5.1, 4.0 on all supported versions of Windows and Windows Server. Affected Components.NET Framework Deployment Priority 3 Main Target Workstations and Servers Possible Attack Vectors Web browsing: An attacker could host a specially crafted Web site that contains a specially crafted XBAP (XAML browser application) that could exploit this vulnerability and then convince a user to view the Web site.Web browsing: An attacker could host a specially crafted Web site that contains a specially crafted XBAP (XAML browser application) that could exploit this vulnerability and then convince a user to view the Web site. Web hosting: If a Web hosting environment allows users to upload custom ASP.NET applications, an attacker could upload a malicious ASP.NET application that uses this vulnerability to break out of the sandbox used to prevent ASP.NET code from performing harmful actions on the server system.Web hosting: If a Web hosting environment allows users to upload custom ASP.NET applications, an attacker could upload a malicious ASP.NET application that uses this vulnerability to break out of the sandbox used to prevent ASP.NET code from performing harmful actions on the server system. Windows.NET applications: This vulnerability could also be used by Windows.NET applications to bypass Code Access Security (CAS) restrictions.Windows.NET applications: This vulnerability could also be used by Windows.NET applications to bypass Code Access Security (CAS) restrictions. Impact of Attack An attacker who successfully exploited this vulnerability would be able to access information not intended to be exposed.An attacker who successfully exploited this vulnerability would be able to access information not intended to be exposed. This vulnerability could be used by an attacker to direct network traffic from a victim's system to other network resources the victim can access.This vulnerability could be used by an attacker to direct network traffic from a victim's system to other network resources the victim can access. This could also allow an attack to perform a denial of service to any system the victim's system can access or use the victim's system to perform scanning of network resources available to the victim.This could also allow an attack to perform a denial of service to any system the victim's system can access or use the victim's system to perform scanning of network resources available to the victim. Mitigating Factors An attacker would have no way to force users to visit these Web sites.An attacker would have no way to force users to visit these Web sites. In a Web-hosting scenario, an attacker must have permission to upload arbitrary ASP.NET pages to a Web site and ASP.NET must be installed on that Web server.In a Web-hosting scenario, an attacker must have permission to upload arbitrary ASP.NET pages to a Web site and ASP.NET must be installed on that Web server. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode known as Enhanced Security Configuration.By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode known as Enhanced Security Configuration. Additional Information Installations using Server Core are affected in some cases; see bulletin for details.Installations using Server Core are affected in some cases; see bulletin for details..NET 3.51.1 and 3.5 are not affected..NET 3.51.1 and 3.5 are not affected..NET 4 and.NET 4 Client Profiles are affected..NET 4 and.NET 4 Client Profiles are affected.

18 Dial In Number 1-800-229-0449 Pin: 3750 Detection & Deployment

19 Dial In Number 1-800-229-0449 Pin: 3750 Other Update Information

20 Dial In Number 1-800-229-0449 Pin: 3750 Security Advisories SA 2562937: Update Rollup for ActiveX Kill Bits This Advisory contains killbits for the following third-party software products: Check Point SSL VPN On-Demand applications (Check Point Software Technologies)Check Point SSL VPN On-Demand applications (Check Point Software Technologies) ActBar (IBM)ActBar (IBM) EBI R Web Toolkit (Honeywell)EBI R Web Toolkit (Honeywell) All three vendors have issued advisories and/or updates on their sites regarding these issues.

21 Dial In Number 1-800-229-0449 Pin: 3750 Bulletin Re-releases MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code ExecutionMS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution –Microsoft is rereleasing this bulletin to add Visual Studio 2010 Service Pack 1 and the Visual C++ 2010 Redistributable Package SP1 as Affected Software. –We are also correcting the file verification information for the Visual C++ 2005 SP1 Redistributable Package, the Visual C++ 2008 SP1 Redistributable Package, and the Visual C++ 2010 Redistributable Package. MS11-043: Vulnerability in SMB Client Could Allow Remote Code ExecutionMS11-043: Vulnerability in SMB Client Could Allow Remote Code Execution –This bulletin is being re-released to refine the update’s behavior when performing certain data writes. MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information DisclosureMS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure –This bulletin is being re-released to address additional SKUs.

22 Dial In Number 1-800-229-0449 Pin: 3750 Announcing… The BlueHat Prize: One week after On August 3 at Black Hat, we introduced the BlueHat Prize, to be awarded to promising defensive-security mitigations. Top award? $200,000. The response to the initial announcement has been gratifying… - See a video overview of the announcement with Senior Security Strategist and program architect Katie Moussouris at www.bluehatprize.com. www.bluehatprize.com

23 Dial In Number 1-800-229-0449 Pin: 3750 Windows Malicious Software Removal Tool (MSRT) During this release Microsoft will increase detection capability for the following families in the MSRT:During this release Microsoft will increase detection capability for the following families in the MSRT: –Win32/FakeSysdef: A top rogue that is causing dramatic customer issues. FakeSysdef tends to kill some antimalware solutions, though MSRT is not susceptible. –Win32/FakeSysdef: A top rogue that is causing dramatic customer issues. FakeSysdef tends to kill some antimalware solutions, though MSRT is not susceptible. Win32/FakeSysdef –Win32/Hiloti: Another prevalent trojan downloader. It’s also known for killing certain antimalware packages, though again MSRT is not susceptible. Win32/Hiloti Available as a priority update through Windows Update or Microsoft Update.Available as a priority update through Windows Update or Microsoft Update. Is offered through WSUS 3.0 or as a download at: www.microsoft.com/malwareremove.Is offered through WSUS 3.0 or as a download at: www.microsoft.com/malwareremove. www.microsoft.com/malwareremove

24 Dial In Number 1-800-229-0449 Pin: 3750 Questions and Answers Submit text questions using the “Ask” button.Submit text questions using the “Ask” button. Don’t forget to fill out the survey.Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC Blog: http://microsoft.com/msrcblog Register for next month’s webcast at: http://microsoft.com/technet/security/current.aspxA recording of this webcast will be available within 48 hours on the MSRC Blog: http://microsoft.com/msrcblog Register for next month’s webcast at: http://microsoft.com/technet/security/current.aspx http://microsoft.com/msrcblog http://microsoft.com/technet/security/current.aspx http://microsoft.com/msrcblog http://microsoft.com/technet/security/current.aspx

25 Dial In Number 1-800-229-0449 Pin: 3750 Resources Blogs Microsoft Security Response Center (MSRC) blog: www.microsoft.com/msrcblogMicrosoft Security Response Center (MSRC) blog: www.microsoft.com/msrcblog www.microsoft.com/msrcblog Security Research & Defense Blog: http://blogs.technet.com/srdSecurity Research & Defense Blog: http://blogs.technet.com/srd http://blogs.technet.com/srd Microsoft Malware Protection Center Blog: http://blogs.technet.com/mmpc/Microsoft Malware Protection Center Blog: http://blogs.technet.com/mmpc/ http://blogs.technet.com/mmpc/ Twitter @MSFTSecResponse@MSFTSecResponse Security Centers Microsoft Security Home Page: www.microsoft.com/securityMicrosoft Security Home Page: www.microsoft.com/security www.microsoft.com/security TechNet Security Center: www.microsoft.com/technet/securityTechNet Security Center: www.microsoft.com/technet/security www.microsoft.com/technet/security MSDN Security Developer Center: http://msdn.microsoft.com/en- us/security/default.aspxMSDN Security Developer Center: http://msdn.microsoft.com/en- us/security/default.aspx http://msdn.microsoft.com/en- us/security/default.aspx http://msdn.microsoft.com/en- us/security/default.aspx Microsoft Malicious Software Removal Tool: www.microsoft.com/malwareremoveMicrosoft Malicious Software Removal Tool: www.microsoft.com/malwareremove www.microsoft.com/malwareremove Bulletins, Advisories, Notifications & Newsletters Security Bulletins Summary: www.microsoft.com/technet/security/bulletin/sum mary.mspxSecurity Bulletins Summary: www.microsoft.com/technet/security/bulletin/sum mary.mspx www.microsoft.com/technet/security/bulletin/sum mary.mspx www.microsoft.com/technet/security/bulletin/sum mary.mspx Security Bulletins Search: www.microsoft.com/technet/security/current.aspxSecurity Bulletins Search: www.microsoft.com/technet/security/current.aspx www.microsoft.com/technet/security/current.aspx Security Advisories: www.microsoft.com/technet/security/advisory/Security Advisories: www.microsoft.com/technet/security/advisory/ www.microsoft.com/technet/security/advisory/ Microsoft Technical Security Notifications: www.microsoft.com/technet/security/bulletin/notify.mspxMicrosoft Technical Security Notifications: www.microsoft.com/technet/security/bulletin/notify.mspx www.microsoft.com/technet/security/bulletin/notify.mspx www.microsoft.com/technet/security/bulletin/notify.mspx Microsoft Security Newsletter: www.microsoft.com/technet/security/secnewsMicrosoft Security Newsletter: www.microsoft.com/technet/security/secnews www.microsoft.com/technet/security/secnews Other Resources Update Management Process: http://www.microsoft.com/technet/security/guidanc e/patchmanagement/secmod193.mspxUpdate Management Process: http://www.microsoft.com/technet/security/guidanc e/patchmanagement/secmod193.mspx http://www.microsoft.com/technet/security/guidanc e/patchmanagement/secmod193.mspx http://www.microsoft.com/technet/security/guidanc e/patchmanagement/secmod193.mspx Microsoft Active Protection Program Partners: http://www.microsoft.com/security/msrc/mapp/part ners.mspxMicrosoft Active Protection Program Partners: http://www.microsoft.com/security/msrc/mapp/part ners.mspx http://www.microsoft.com/security/msrc/mapp/part ners.mspx http://www.microsoft.com/security/msrc/mapp/part ners.mspx

Download ppt "Dial In Number 1-800-229-0449 Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft."

Similar presentations

Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Dial In Number 1-800-227-8104 Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Information for Developers Windows XP Service Pack 2 Information for Developers.

Information for Developers Windows XP Service Pack 2 Information for Developers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number 1-800-227-8104 Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.

Dial In Number Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Dial In Number 1-800-227-8104 PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,

Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.

Similar presentations

Ads by Google