Presentation is loading. Please wait.

Presentation is loading. Please wait.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Published byScott Joseph Modified over 8 years ago

Similar presentations

Presentation on theme: "To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in."— Presentation transcript:

1

2 To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in Information: - 1 (877) 593-2001 Pin: 3959

3 Review of October 2013 Bulletin Release Information - Eight New Security Bulletins - One updated Security Advisory - Microsoft Windows Malicious Software Removal Tool Resources Questions and Answers: Please Submit Now - Submit Questions via Twitter #MSFTSecWebcast

4 Severity & Exploitability Index Exploitability Index 1 RISK 2 3 DP11213223 Severity Critical IMPACT Important Moderate Low MS13-080MS13-081MS13- 082MS13-083MS13-084MS13-085MS13-086MS13-087 Internet Explorer.NET Framework Silverlight Common Controls Kernel-Mode Drivers SharePoint Word Excel

5 Bulletin Deployment Priority

6 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3872 CVE-2013-3873 CVE-2013-3874 CVE-2013-3875 CVE-2013-3882 CVE-2013-3885 CVE-2013-3886 CriticalNA1Remote Code ExecutionCooperatively Disclosed CVE-2013-3893 Critical11Remote Code ExecutionPublicly Disclosed CVE-2013-3897 Critical11Remote Code ExecutionCooperatively Disclosed Affected Products IE6 – IE11 on all supported versions of Windows Client (except for IE11 on Windows 7) IE6 – IE11 on all supported versions of Windows Server (except for IE11 on Windows Server 2008 R2 x64) Affected ComponentsInternet Explorer Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. (All CVEs) The attacker could take advantage of compromised websites and websites that accept or host user- provided content or advertisements. (All CVEs) Impact of AttackAn attacker could gain the same user rights as the current user. (All CVEs) Mitigating Factors An attacker cannot force users to view the attacker-controlled content. (All CVEs) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. (All CVEs) By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. (All CVEs) Additional InformationInstallations using Server Core are not affected. MS13-080: Cumulative Security Update for Internet Explorer (2879017)

7 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3128CriticalNA1Remote Code ExecutionCooperatively Disclosed CVE-2013-3894CriticalNA2Remote Code ExecutionCooperatively Disclosed CVE-2013-3200 CVE-2013-3880 CVE-2013-3881 ImportantNA1Elevation of PrivilegeCooperatively Disclosed CVE-2013-3879 CVE-2013-3888 ImportantNA2Elevation of PrivilegeCooperatively Disclosed Affected ProductsAll supported versions of Windows Client and Windows Server through Windows 8 Affected ComponentsKernel-Mode Driver Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could exploit the vulnerability by convincing a user to view a specially crafted font. (CVE- 2013-3128/3894) An attacker could exploit the vulnerability by inserting a malicious USB device into the system. (CVE 2013-3200) All other CVEs For an attacker to exploit this vulnerability, a user would have to execute a specially crafted application. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted application to a user and convincing them to run it. MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)

8 Impact of Attack CVE-2013-3880 An attacker who successfully exploited this vulnerability could disclose info from a different App Container All other CVEs An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. Mitigating Factors CVE-2013-3128/3894 An attacker would have no way to force users to visit specially crafted websites. An attacker would have to convince users to visit the website and open the specially crafted font CVE-2013-3200 In a default scenario, an attacker would require physical access to exploit this vulnerability. All other CVEs An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability or convince a locally authenticated user to execute a specially crafted application. Additional Information Installations using Server Core are affected. CVE-2013-3128/3894 Disable Preview Pane and Details Pane in Windows Explorer CVE-2003-3128 is shared with MS13-082 Vulnerabilities in.NET Framework Could Allow Remote Code Execution. Both updates are required to fully address this issue. MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)

9 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3128Critical22Remote Code ExecutionCooperatively Disclosed CVE-2013-3860 CVE-2013-3861 Important33Denial of ServiceCooperatively Disclosed Affected Products.NET Framework 2.0 SP2 and.NET Framework 3.5.1, on all supported versions of Windows Client and Windows Server..NET Framework 3.0,.NET Framework 3.5,.NET Framework 3.5.1 SP1,.NET Framework 4, and.NET Framework 4.5 on all supported versions of Windows Client and Windows Server. Affected Components.NET Framework Deployment Priority2 Main Target Workstations and Servers that run.NET and/or WCF Possible Attack Vectors In a.NET application attack scenario, an attacker could host an XAML Browser Application (XBAP) containing a specially crafted OTF file on a website (CVE-2013-3128) In a.NET application attack scenario, an attacker could cause an application or server to crash or become unresponsive until an administrator restarts the application or server. (CVE-2013-3860/3861) Impact of Attack An attacker who successfully exploited this vulnerability could execute code in the context of the logged on user. (CVE-2013-3128) An attacker could cause an application or server to crash or become unresponsive until an administrator restarts the application or server. (CVE-2013-3860/3861) Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability. (CVE-2013-3128) Affected systems do not accept and validate XML digital signatures by default. (CVE-2013-3860) Affected systems do not accept and validate JSON data by default. (CVE-2012-3861) Additional Information.NET Framework 4 and.NET Framework 4 Client Profile affected. CVE-2003-3128 is shared with MS13-081 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution. Both updates are required to fully address this issue. MS13-082: Vulnerabilities in.NET Framework Could Allow Remote Code Execution (2878890)

10 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3195CriticalNA1Remote Code ExecutionCooperatively Disclosed Affected Products All supported 64-bit versions of Windows Client and Windows Server (except Windows 8.1) All supported 32-bit versions of Windows Client and Windows Server (except Windows XP and Windows 8.1) Affected ComponentsMicrosoft Common Control Library Deployment Priority1 Main TargetWeb application servers Possible Attack Vectors An attacker could exploit the vulnerability by sending a specially crafted request to an affected system. Impact of Attack An attacker who successfully exploited this vulnerability could gain the same rights as the logged on user. Mitigating Factors An attacker who successfully exploited this vulnerability could gain the same user rights as the local user Additional Information Installations using Server Core are affected. Severity ratings do not apply to 32-bit software because the known attack vectors for the vulnerability discussed in this bulletin are blocked in a default configuration. MS13-083: Vulnerabilities in Windows Common Control Library Could Allow Remote Code Execution (2864058)

11 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3889Important12Remote Code ExecutionCooperatively Disclosed CVE-2013-3895ImportantNA3Elevation of PrivilegeCooperatively Disclosed Affected Products Microsoft SharePoint Server 2007, 2010 and 2013, All supported versions of Excel Services, Word Automation Services, and Web Services for SharePoint Server 2007, 2010 and 2013, Office Web Apps 2010 Affected ComponentsSharePoint Deployment Priority3 Main TargetServers where SharePoint is installed Possible Attack Vectors This vulnerability requires that a user open a specially crafted Office file with an affected version of Microsoft Excel software. (CVE-2013-3889) An unauthenticated attacker could create a specially crafted page and then convince an authenticated SharePoint user to visit the page. (CVE-2013-3895) Impact of Attack An attacker who successfully exploited this vulnerability could cause arbitrary code to run in the security context of the current user. (CVE-2013-3889) An attacker who successfully exploited this vulnerability could read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim. (CVE-2013-3895) Mitigating Factors An attacker would have no way to force users to open specially crafted Office files. (CVE-2013-3889) Microsoft has not identified any mitigating factors for these vulnerabilities. (CVE-2013-3895) Additional Information CVE-2013-3889 is also addressed by MS13-085 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution. Both updates are required to fully address this issue. MS13-084: Vulnerabilities in SharePoint Could Allow Remote Code Execution (2885059)

12 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3889Important12Remote Code ExecutionCooperatively Disclosed CVE-2013-3890ImportantNA3Remote Code ExecutionCooperatively Disclosed Affected Products All supported versions of Microsoft Office (except 2003 SP3), Excel Viewer, and Office Compatibility Pack SP3 Affected ComponentsMicrosoft Office Deployment Priority2 Main TargetWorkstations Possible Attack Vectors This vulnerability requires that a user open a specially crafted Office file with an affected version of Microsoft Excel software. (CVE-2013-3889) This vulnerability requires that a user open a specially crafted Office file with an affected version of Microsoft Office software. (CVE-2013-3890) Impact of Attack An attacker who successfully exploited this vulnerability could cause arbitrary code to run in the security context of the current user. (All CVEs) Mitigating Factors An attacker would have no way to force users to open specially crafted Office or Excel files. CVE-2013-3889 is also addressed by MS13-084 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution. Both updates are required to fully address this issue. MS13-085: Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2885080)

13 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-3891ImportantNA1Remote Code ExecutionCooperatively Disclosed CVE-2013-3892ImportantNA3Remote Code ExecutionCooperatively Disclosed Affected ProductsMicrosoft Word 2003, Microsoft Word 2007, and Microsoft Office Compatibility Pack Affected ComponentsMicrosoft Word Deployment Priority2 Main TargetWorkstations Possible Attack Vectors Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. (All CVEs) Impact of Attack An attacker who successfully exploited this vulnerability could cause arbitrary code to run in the security context of the current user. (All CVEs) Mitigating Factors An attacker would have no way to force users to open specially crafted Office files. Install and configure MOICE to be the registered handler for.doc files. Use Microsoft Office File Block policy to prevent the opening of.doc and.dot binary files MS13-086: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2885084)

14 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-2896Important33Information DisclosureCooperatively Disclosed Affected Products Microsoft Silverlight 5 and Microsoft Silverlight 5 Developer Runtime when installed on Mac and all supported versions of Windows Client (except Windows RT) and Windows Server Affected ComponentsSilverlight Deployment Priority3 Main TargetWorkstations Possible Attack Vectors An attacker could host a website that contains a specially crafted Silverlight application designed to exploit this vulnerability and then convince a user to view the website. The attacker could take advantage of compromised websites and websites that accept or host user- provided content or advertisements. Impact of Attack An attacker could disclose information on the local system. Mitigating Factors An attacker cannot force users to visit specially crafted websites. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. Additional Information Microsoft Silverlight build 5.1.20913.0, which was the current build of Microsoft Silverlight when this bulletin was first released, addresses the vulnerability and is not affected. Builds of Microsoft Silverlight prior to 5.1.20913.0 are affected. MS13-087: Vulnerability in Silverlight Could Allow Information Disclosure (2890788)

15

16 Detection & Deployment 1.The MBSA does not support detection on Windows 8, Windows RT, and Windows Server 2012. 2.Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store. 3.Mac is not supported by detection tools.

17 Other Update Information

18 During this release, Microsoft will increase/add detection capability for the following families in the MSRT: Win32/Shiotob - a family of trojans that monitors network activities of the affected system to steal system information and user credentials. Win32/Foidan - a family of trojans that monitors and may also change internet traffics of an affected computer. Available as a priority update through Windows Update or Microsoft Update Offered through WSUS 3.0 or as a download at: www.microsoft.com/malwareremove

19

20 Submit text questions using the “Ask” button. Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC blog. http://blogs.technet.com/msrc Register for next month’s webcast at: http://microsoft.com/technet/security/current.aspx

21

Download ppt "To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in."

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Dial In Number 1-800-227-8104 Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Monthly Security Bulletin Briefing

Monthly Security Bulletin Briefing
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number 1-800-227-8104 Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.

Dial In Number Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Dial In Number 1-800-229-0449 Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.

Dial In Number Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.
Dial In Number 1-800-227-8104 PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,

Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.

Similar presentations

Ads by Google