Presentation is loading. Please wait.

Presentation is loading. Please wait.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Published byAdrian Washington Modified over 8 years ago

Similar presentations

Presentation on theme: "To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in."— Presentation transcript:

1

2 To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in Information: - 1 (877) 593-2001 Pin: 3959

3 Review of April 2013 Bulletin Release Information - Nine New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software Removal Tool Resources Questions and Answers: Please Submit Now - Submit Questions via Twitter #MSFTSecWebcast

4 Severity & Exploitability Index Exploitability Index 1 RISK 2 3 DP113223232 Severity Critical IMPACT Important Moderate Low MS13-028MS13-029MS13-030MS13-031MS13-032MS13-033MS13-034MS13-035MS13-036 Internet Explorer SharePoint Remote Desktop Client Kernel Kernel-Mode Driver CSRSS Antimalware Client Active Directory HTML Sanitization

5 Bulletin Deployment Priority

6 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1303Critical22Remote Code ExecutionCooperatively Disclosed CVE-2013-1304Critical22Remote Code ExecutionCooperatively Disclosed Affected Products IE6 – IE10 on all supported versions of Windows Client IE6 – IE10 on all supported versions of Windows Server Affected ComponentsInternet Explorer Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. (All CVEs) The attacker could take advantage of compromised websites and websites that accept or host user- provided content or advertisements. (All CVEs) Impact of AttackAn attacker could gain the same user rights as the current user. (All CVEs) Mitigating Factors An attacker cannot force users to view the attacker-controlled content. (All CVEs) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. (All CVEs) By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. (All CVEs) Additional InformationInstallations using Server Core are not affected. MS13-028: Cumulative Security Update for Internet Explorer (2817183)

7 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1296CriticalNA1Remote Code ExecutionCooperatively Disclosed Affected Products Remote Desktop Connection 6.1 Client and Remote Desktop Connection 7.0 Client on all supported versions of Windows Client (except Windows 8 & Windows RT) Remote Desktop Connection 6.1 Client and Remote Desktop Connection 7.0 Client on all supported versions of Windows Server (except Windows Server 2012) Affected ComponentsWindows Remote Desktop Client Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. The attacker could take advantage of compromised websites and websites that accept or host user- provided content or advertisements. Impact of AttackAn attacker could gain the same user rights as the current user. Mitigating Factors An attacker cannot force users to view the attacker-controlled content. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. (All CVEs) Additional InformationInstallations using Server Core are not affected. MS13-029: Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)

8 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1290Important3NAInformation DisclosurePublicly Disclosed Affected ProductsAll supported editions of Microsoft SharePoint Server 2013 Affected ComponentsMicrosoft SharePoint Server Deployment Priority3 Main TargetSystems that are running an affected version of SharePoint Server Possible Attack Vectors An attacker would need to know the address or location of a specific SharePoint list to access the list's items. In order to gain access to the SharePoint site where the list is maintained, the attacker would need to be able to satisfy the SharePoint site's authentication requests. Impact of Attack An attacker could gain access to list items in a SharePoint list that the list owner did not intend for the attacker to be able to access. Mitigating Factors An attacker must have valid Active Directory credentials before validation as a SharePoint user, and subsequent access to other users' files could be possible. The "Everyone" group used in assigning sharing permissions in Windows does not include "Anonymous users." Additional InformationThis update requires prior installation of the Project Server 2013 cumulative update (2768001). MS13-030: Vulnerability in SharePoint Could Allow Information Disclosure (2827663)

9 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1284Important2NAElevation of PrivilegeCooperatively Disclosed CVE-2013-1294Important22Elevation of PrivilegeCooperatively Disclosed Affected ProductsAll supported versions of Windows Client and Windows Server Affected ComponentsWindows Kernel Deployment Priority2 Main TargetWorkstations Possible Attack Vectors To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to elevate privileges. (All CVEs) Impact of AttackAn attacker could gain elevated privileges and read arbitrary amounts of kernel memory. (All CVEs) Mitigating Factors An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. (All CVEs) Additional InformationInstallations using Server Core are affected. MS13-031: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170)

10 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1282Important33Denial of ServiceCooperatively Disclosed Affected Products Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services on all supported versions of Windows Server (excluding Itanium-based systems) Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services on all supported versions of Windows Client (except Windows RT) Affected ComponentsActive Directory Deployment Priority2 Main TargetServers Possible Attack Vectors An attacker could exploit this vulnerability by sending a specially crafted query to the Lightweight Directory Access Protocol (LDAP) service. Impact of Attack An attacker could cause the Lightweight Directory Access Protocol (LDAP) service to become non- responsive. Mitigating Factors An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited remotely by anonymous users. However, the affected component is available remotely to users who have standard user accounts. In certain configurations, anonymous users could authenticate as the Guest account. Additional InformationInstallations using Server Core are affected. MS13-032: Vulnerability in Active Directory Could Lead to Denial of Service (2830914)

11 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1295ImportantNA3Elevation of PrivilegeCooperatively Disclosed Affected Products Windows XP Professional x64 Edition and all supported editions of Windows Server 2003 Windows XP SP3 and all supported editions of Windows Vista and Windows Server 2008 Affected ComponentsWindows Client/Server Run-time Subsystem (CSRSS) Deployment Priority3 Main TargetWorkstations Possible Attack Vectors To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over an affected system. Impact of Attack On Windows XP Professional x64 Edition and Windows Server 2003, an attacker who successfully exploited this vulnerability could run arbitrary code in the context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. On Windows XP, Windows Vista, and Windows Server 2008, an attacker who successfully exploited this vulnerability could cause the system to become unresponsive until restarted. Mitigating FactorsAn attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Additional InformationWindows Server 2008 installations using Server Core are affected. MS13-033: Vulnerability in Windows Client/Server Run- time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)

12 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-0078Important1NAElevation of PrivilegeCooperatively Disclosed Affected ProductsAll supported versions of Windows Defender for Windows 8 and Windows RT Affected ComponentsMicrosoft Antimalware Client Deployment Priority2 Main TargetWindows 8 workstations Possible Attack Vectors To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability. Impact of Attack An attacker could execute arbitrary code in the security context of the LocalSystem account and take complete control of the system. Mitigating Factors An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users. Additional Information This update includes other functionality changes as described in Microsoft Knowledge Base Article 2781197.Microsoft Knowledge Base Article 2781197 MS13-034: Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482)

13 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1289ImportantNA3Elevation of PrivilegeCooperatively Disclosed Affected Products All supported editions of Microsoft SharePoint Server 2010, Microsoft Groove Server 2010, Microsoft SharePoint Foundation 2010, and Microsoft Office Web Apps 2010 Affected ComponentsHTML Sanitization Deployment Priority3 Main TargetSystems where users connect to a SharePoint Server Possible Attack Vectors An attacker would have to convince a user to view specially crafted SharePoint content, which then runs a script in the context of the user. Compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. Impact of Attack An attacker could read content that the attacker is not authorized to read or use the victim's identity to take actions on the targeted site or application. Mitigating FactorsMicrosoft has not identified any mitigating factors for this vulnerability. Additional Information For supported editions of Microsoft SharePoint Server 2010, in addition to the security update packages for Microsoft SharePoint 2010 (2687421 and 2760408), customers also need to install the security update for Microsoft SharePoint Foundation 2010 (2810059) to be protected from the vulnerability described in this bulletin. Severity ratings do not apply to this update for all editions of InfoPath 2010 because the known attack vectors for the vulnerability are blocked. MS13-035: Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)

14 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1283Important33Elevation of PrivilegeCooperatively Disclosed CVE-2013-1292Important11Elevation of PrivilegeCooperatively Disclosed CVE-2013-1291ModerateDenial of ServiceCooperatively Disclosed CVE-2013-1293ModerateElevation of PrivilegePublicly Disclosed Affected ProductsAll supported versions of Windows Client and Windows Server Affected ComponentsKernel-Mode Driver Deployment Priority2 Main TargetWorkstations Possible Attack Vectors An attacker would first have to log on to the system, and then could run a specially crafted application designed to increase privileges. (CVE-2013-1283, CVE-2013-1292) In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. (CVE-2013-1291) In a file sharing attack scenario, an attacker could provide a specially crafted document that is designed to exploit this vulnerability, and then convince a user to open the document. (CVE-2013- 1291) In a local attack scenario, an attacker could run a specially crafted application. However, the attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability in this scenario. (CVE-2013-1291) To exploit this vulnerability an attacker would have to mount a specially crafted NTFS volume. (CVE- 2013-1293) MS13-036: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)

15 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1283Important33Elevation of PrivilegeCooperatively Disclosed CVE-2013-1292Important11Elevation of PrivilegeCooperatively Disclosed CVE-2013-1291ModerateDenial of ServiceCooperatively Disclosed CVE-2013-1293ModerateElevation of PrivilegePublicly Disclosed Impact of Attack An attacker could gain elevated privileges and read arbitrary amounts of kernel memory. (CVE-2013- 1283, CVE-2013-1292) An attacker could cause the system to stop responding and restart. (CVE-2013-1291) An attacker could run arbitrary code in kernel mode. (CVE-2013-1293) Mitigating Factors An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. (CVE-2013-1283, CVE-2013-1292) An attacker would have no way to force users to visit specially crafted websites. (CVE-2013-1291) The malicious file could be sent as an email attachment, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability. (CVE-2013-1291) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. (CVE-2013-1291) An attacker must have admin privileges to mount a specially crafted NTFS volume, or have physical access to the system and insert a USB flash drive containing a specially crafted NTFS volume, to exploit this vulnerability. (CVE-2013-1293) Additional InformationInstallations using Server Core are affected. MS13-036: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996) cont…

16 Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 - On April 9, 2013, Microsoft released an update (2833510) for all supported editions of Windows 8, Windows Server 2012 and Windows RT. The update addresses the vulnerabilities described in Adobe Security Bulletin APSB13- 11.

17 Detection & Deployment 1.The MBSA does not support detection on Windows 8, Windows RT, and Windows Server 2012. 2.Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store.

18 Other Update Information 1.This update can be uninstalled in all supported editions of InfoPath 2010.

19 During this release, Microsoft will increase/add detection capability for the following families in the MSRT: - Win32/Babonock: A trojan that collects information about your computer, which it then sends to a remote server.Win32/Babonock - Win32/Redyms: A trojan that redirects search engine results. It may pose as a fake Adobe Flash installer. It has been known to be distributed by the Blackhole exploit kit.Win32/Redyms - Win32/Vesenlosow: A worm that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new computers. Commonly, worms may spread directly by copying themselves to removable or network drives, or by attempting to exploit particular vulnerabilities on targeted computers.Win32/Vesenlosow Available as a priority update through Windows Update or Microsoft Update Offered through WSUS 3.0 or as a download at: www.microsoft.com/malwareremove

20

21 Submit text questions using the “Ask” button. Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC blog. http://blogs.technet.com/msrc Register for next month’s webcast at: http://microsoft.com/technet/security/current.aspx

22

Download ppt "To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in."

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
Monthly Security Bulletin Briefing

Monthly Security Bulletin Briefing
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
SP2 Mikael Nystrom. Agenda Översikt Installation.

SP2 Mikael Nystrom. Agenda Översikt Installation.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number 1-800-227-8104 Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.

Dial In Number Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.
Group Policy in Microsoft Windows Active Directory.

Group Policy in Microsoft Windows Active Directory.
Dial In Number 1-800-229-0449 Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.

Dial In Number Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.
Dial In Number 1-800-227-8104 PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Similar presentations

Ads by Google