Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dial In Number 1-800-229-0449 Pin: 5639 Information About Microsoft January 2012 Security Bulletins Dustin Childs Sr. Security Program Manager, MSRC Microsoft.

Published byPhillip Lane Modified over 8 years ago

Similar presentations

Presentation on theme: "Dial In Number 1-800-229-0449 Pin: 5639 Information About Microsoft January 2012 Security Bulletins Dustin Childs Sr. Security Program Manager, MSRC Microsoft."— Presentation transcript:

1 Dial In Number 1-800-229-0449 Pin: 5639 Information About Microsoft January 2012 Security Bulletins Dustin Childs Sr. Security Program Manager, MSRC Microsoft Corporation Pete Voss Sr. Response Communications Manager Microsoft Corporation

2 Dial In Number 1-800-229-0449 Pin: 5639 Live Video Stream To receive our video stream in LiveMeeting:To receive our video stream in LiveMeeting: –Click on Voice & Video –Click the drop down next to the camera icon –Select Show Main Video

3 Dial In Number 1-800-229-0449 Pin: 5639 What We Will Cover Review of January 2012 Bulletin release information:Review of January 2012 Bulletin release information: –New Security Bulletins –Microsoft ® Windows ® Malicious Software Removal Tool ResourcesResources Questions and Answers: Please Submit NowQuestions and Answers: Please Submit Now

4 Dial In Number 1-800-229-0449 Pin: 5639 Severity and Exploitability Index Exploitability Index 1 RISK 2 3 DP3221223 Severity Critical IMPACT Important Moderate Low MS12-001MS12-002MS12-003MS12-004MS12-005MS12-006MS12-007 WindowsWindowsWindowsWindows Windows Developer Tools & Software Windows

5 Dial In Number 1-800-229-0449 Pin: 5639 Bulletin Deployment Priority

6 Dial In Number 1-800-229-0449 Pin: 5639 MS12-001: Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2012-0001Important11 Security Feature Bypass Cooperatively Disclosed Affected Products All supported versions of Windows and Windows Server (except XP SP3) Affected Components Windows Kernel Deployment Priority 3 Main Target Servers and Workstations Possible Attack Vectors An attacker could bypass the SafeSEH security feature in a software application.An attacker could bypass the SafeSEH security feature in a software application. Impact of Attack An attacker who successfully exploited this vulnerability could bypass the security feature and then use other vulnerabilities to run arbitrary code.An attacker who successfully exploited this vulnerability could bypass the security feature and then use other vulnerabilities to run arbitrary code. Mitigating Factors Only software applications that were compiled using the original RTM version of the Microsoft Visual C++.NET 2003 (version 7.1) can be used to exploit this vulnerability.Only software applications that were compiled using the original RTM version of the Microsoft Visual C++.NET 2003 (version 7.1) can be used to exploit this vulnerability. Additional Information Can only be exploited in conjunction with another vulnerability.Can only be exploited in conjunction with another vulnerability. Machines to which the update is applied are protected, regardless of whether affected applications are recompiled in an unaffected version of VS.Machines to which the update is applied are protected, regardless of whether affected applications are recompiled in an unaffected version of VS.

7 Dial In Number 1-800-229-0449 Pin: 5639 MS12-002: Vulnerability In Windows Object Packager Could Allow Remote Code Execution (2603381) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2012-0009ImportantN/A1 Remote Code Execution Cooperatively Disclosed Affected Products All supported editions of Windows XP and Windows Server 2003 Affected Components Object Packager Deployment Priority 2 Main Target Workstations Possible Attack Vectors An attacker could place a legitimate file with an embedded packaged object and a specially crafted executable file in a network share, a UNC, or WebDAV location and then convince the user to open the legitimate file.An attacker could place a legitimate file with an embedded packaged object and a specially crafted executable file in a network share, a UNC, or WebDAV location and then convince the user to open the legitimate file. Impact of Attack An attacker who exploits this vulnerability could gain the same user rights as the logged-on user.An attacker who exploits this vulnerability could gain the same user rights as the logged-on user. Mitigating Factors The attacker cannot force the user to visit an untrusted remote file system or WebDAV share and open a legitimate file.The attacker cannot force the user to visit an untrusted remote file system or WebDAV share and open a legitimate file. The file sharing protocol (SMB) is often disabled on the perimeter firewall.The file sharing protocol (SMB) is often disabled on the perimeter firewall. Additional Information Blocking TCP ports 139 and 445 at the firewall is a viable workaround for this vulnerability.Blocking TCP ports 139 and 445 at the firewall is a viable workaround for this vulnerability.

8 Dial In Number 1-800-229-0449 Pin: 5639 MS12-003: Vulnerability In Windows Client/Server Run-Time Subsystem Could Allow Elevation of Privilege (2646524) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2012-0005ImportantN/A1 Elevation of Privilege Cooperatively Disclosed Affected Products All supported editions of Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008 Affected Components Client Server Run-Time Subsystem (CSRSS) Deployment Priority 2 Main Target Servers and Workstations Possible Attack Vectors An attacker could exploit this vulnerability if they log on to the affected system and run a specially crafted application.An attacker could exploit this vulnerability if they log on to the affected system and run a specially crafted application. Impact of Attack An attacker could take complete control of the affected system.An attacker could take complete control of the affected system. Mitigating Factors An attacker must have valid logon credentials and be able to log on locally or remotely to exploit this vulnerability.An attacker must have valid logon credentials and be able to log on locally or remotely to exploit this vulnerability. This vulnerability can only be exploited on systems configured with a Chinese, Japanese, or Korean system locale.This vulnerability can only be exploited on systems configured with a Chinese, Japanese, or Korean system locale. Additional Information The vulnerability is not exploitable unless the system locale is set to Chinese, Japanese, or Korean.The vulnerability is not exploitable unless the system locale is set to Chinese, Japanese, or Korean.

9 Dial In Number 1-800-229-0449 Pin: 5639 MS12-004: Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2012-0003Critical11 Remote Code Execution Cooperatively Disclosed CVE-2012-0004Important11 Remote Code Execution Cooperatively Disclosed Affected Products All supported editions of Microsoft Windows XP, Vista, Server 2003 and Server 2008 R1 All editions of Windows 7, Windows Server 2008 R2, Windows Media Center TV Pack for Windows Vista x32 and x64 Affected Components Windows Media Player Deployment Priority 1 Main Target Workstations Possible Attack Vectors CVE-2012-0003: An attacker could exploit this vulnerability by convincing the user to open a specially crafted MIDI file.An attacker could exploit this vulnerability by convincing the user to open a specially crafted MIDI file.CVE-2012-0004: An attacker could exploit the vulnerability by sending a user an e-mail message containing a specially crafted media file and convincing the user to open the media file.An attacker could exploit the vulnerability by sending a user an e-mail message containing a specially crafted media file and convincing the user to open the media file. In a Web-based attack scenario, an attacker would have to host a website that contains a specially crafted media file.In a Web-based attack scenario, an attacker would have to host a website that contains a specially crafted media file. Impact of Attack An attacker could gain the same user rights as the exploited logged-on user, which could include installing programs, viewing, changing or deleting data, or create new accounts with full user rights.An attacker could gain the same user rights as the exploited logged-on user, which could include installing programs, viewing, changing or deleting data, or create new accounts with full user rights. Mitigating Factors An attacker has to convince the user to open the specially crafted media file.An attacker has to convince the user to open the specially crafted media file. CVE-2012-0004 ONLY: In Windows Media Player 10, 11, and 12, the WMP security settings block the display of captions by default.In Windows Media Player 10, 11, and 12, the WMP security settings block the display of captions by default. Additional Information Installations using Server Core are not affected for the following platforms: Windows Server 2008 R2, Windows Server 2008 x64 SP2 (DirectShow only), Windows Server 2008 x32 SP2 (DirectShow only).Installations using Server Core are not affected for the following platforms: Windows Server 2008 R2, Windows Server 2008 x64 SP2 (DirectShow only), Windows Server 2008 x32 SP2 (DirectShow only).

10 Dial In Number 1-800-229-0449 Pin: 5639 MS12-005: Vulnerability In Windows Could Allow Remote Code Execution (2584146) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2012-0013Important11 Remote Code Execution Cooperatively Disclosed Affected Products All supported editions of Microsoft Windows Affected Components Windows Deployment Priority 2 Main Target Workstations Possible Attack Vectors In either an email-based or web-based scenario, an attacker can exploit this vulnerability by convincing a user to open a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application.In either an email-based or web-based scenario, an attacker can exploit this vulnerability by convincing a user to open a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application. Impact of Attack This vulnerability allows attackers to embed ClickOnce application installers into Microsoft Office documents and execute code without user interaction.This vulnerability allows attackers to embed ClickOnce application installers into Microsoft Office documents and execute code without user interaction. Mitigating Factors An attacker has to convince the user to open the specially crafted Microsoft Office file.An attacker has to convince the user to open the specially crafted Microsoft Office file. To deploy across a network, the deployment manifest and application manifest of a ClickOnce deployment must both be signed with a digital certificate.To deploy across a network, the deployment manifest and application manifest of a ClickOnce deployment must both be signed with a digital certificate. Additional Information Installations using Server Core are not affected.Installations using Server Core are not affected.

11 Dial In Number 1-800-229-0449 Pin: 5639 MS12-006: Vulnerability In SSL/TLS Could Allow Information Disclosure (2643584) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2011-3389Important33 Information Disclosure Publicly Disclosed Affected Products All Supported Editions of Microsoft Windows Affected Components SSL/TLS Deployment Priority 2 Main Target Workstations and Servers Possible Attack Vectors An attacker could exploit this vulnerability by intercepting encrypted web traffic from an affected system, via the web browser.An attacker could exploit this vulnerability by intercepting encrypted web traffic from an affected system, via the web browser. Impact of Attack An attacker could decrypt intercepted encrypted traffic.An attacker could decrypt intercepted encrypted traffic. Mitigating Factors TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected. Additional Information This security update also addresses the vulnerability first described in Microsoft Security Advisory 2588513.This security update also addresses the vulnerability first described in Microsoft Security Advisory 2588513. This vulnerability affects the SSL/TLS protocol and is not specific to the Windows operating system.This vulnerability affects the SSL/TLS protocol and is not specific to the Windows operating system.

12 Dial In Number 1-800-229-0449 Pin: 5639 MS12-007: Vulnerability In AntiXSS Library Could Allow Information Disclosure (2607664) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2012-0007Important33 Information Disclosure Cooperatively Disclosed Affected Products Microsoft Anti-Cross Site Scripting Library versions 3.x and 4 Affected Components Anti-Cross Site Scripting (AntiXSS) Library Deployment Priority 3 Main Target Workstations Possible Attack Vectors To exploit this vulnerability, an attacker could send specially crafted HTML to a target website that is using the sanitization module of the AntiXSS Library.To exploit this vulnerability, an attacker could send specially crafted HTML to a target website that is using the sanitization module of the AntiXSS Library. Impact of Attack An attacker could perform a cross-site scripting (XSS) attack on a website that is using the AntiXSS Library to sanitize user provided HTML and pass a malicious script through a sanitization function and expose information not intended to be disclosed.An attacker could perform a cross-site scripting (XSS) attack on a website that is using the AntiXSS Library to sanitize user provided HTML and pass a malicious script through a sanitization function and expose information not intended to be disclosed. Mitigating Factors Only sites that use the sanitization module of the AntiXSS Library are affected by this vulnerability.Only sites that use the sanitization module of the AntiXSS Library are affected by this vulnerability. Additional Information This bulletin will be available via the Download Center only.This bulletin will be available via the Download Center only. This vulnerability would not allow an attacker to execute code or elevate the attacker’s user rights directly.This vulnerability would not allow an attacker to execute code or elevate the attacker’s user rights directly. Version 4.2 is not affected.Version 4.2 is not affected.

13 Dial In Number 1-800-229-0449 Pin: 5639 Detection & Deployment *Available Via Download Center Only

14 Dial In Number 1-800-229-0449 Pin: 5639 Other Update Information

15 Dial In Number 1-800-229-0449 Pin: 5639 Windows Malicious Software Removal Tool (MSRT) This month, the Windows Malicious Software Removal Tool will add detections for the following family: Win32/Sefnit is a widespread trojan that includes a configurable payload controlled by a set of remote hosts.Win32/Sefnit -- Available as a priority update through Windows Update or Microsoft Update -- Is offered through WSUS 3.0 -- Also available as a download at: www.microsoft.com/malwareremove www.microsoft.com/malwareremove

16 Dial In Number 1-800-229-0449 Pin: 5639 Resources Blogs Microsoft Security Response Center (MSRC) blog: www.blogs.technet.com/msrcMicrosoft Security Response Center (MSRC) blog: www.blogs.technet.com/msrc www.blogs.technet.com/msrc Security Research & Defense blog: http://blogs.technet.com/srdSecurity Research & Defense blog: http://blogs.technet.com/srd http://blogs.technet.com/srd Microsoft Malware Protection Center Blog: http://blogs.technet.com/mmpc/Microsoft Malware Protection Center Blog: http://blogs.technet.com/mmpc/ http://blogs.technet.com/mmpc/ Twitter @MSFTSecResponse@MSFTSecResponse Security Centers Microsoft Security Home Page: www.microsoft.com/securityMicrosoft Security Home Page: www.microsoft.com/security www.microsoft.com/security TechNet Security Center: www.microsoft.com/technet/securityTechNet Security Center: www.microsoft.com/technet/security www.microsoft.com/technet/security MSDN Security Developer Center: http://msdn.microsoft.com/en-us/security/default.aspxMSDN Security Developer Center: http://msdn.microsoft.com/en-us/security/default.aspx http://msdn.microsoft.com/en-us/security/default.aspx Bulletins, Advisories, Notifications & Newsletters Security Bulletins Summary: www.microsoft.com/technet/security/bulletin/summary. mspxSecurity Bulletins Summary: www.microsoft.com/technet/security/bulletin/summary. mspx www.microsoft.com/technet/security/bulletin/summary. mspx www.microsoft.com/technet/security/bulletin/summary. mspx Security Bulletins Search: www.microsoft.com/technet/security/current.aspxSecurity Bulletins Search: www.microsoft.com/technet/security/current.aspx www.microsoft.com/technet/security/current.aspx Security Advisories: www.microsoft.com/technet/security/advisory/Security Advisories: www.microsoft.com/technet/security/advisory/ www.microsoft.com/technet/security/advisory/ Microsoft Technical Security Notifications: www.microsoft.com/technet/security/bulletin/notify.mspxMicrosoft Technical Security Notifications: www.microsoft.com/technet/security/bulletin/notify.mspx www.microsoft.com/technet/security/bulletin/notify.mspx Microsoft Security Newsletter: www.microsoft.com/technet/security/secnewsMicrosoft Security Newsletter: www.microsoft.com/technet/security/secnews www.microsoft.com/technet/security/secnews Other Resources Update Management Process http://www.microsoft.com/technet/security/guidance/pat chmanagement/secmod193.mspxUpdate Management Process http://www.microsoft.com/technet/security/guidance/pat chmanagement/secmod193.mspx http://www.microsoft.com/technet/security/guidance/pat chmanagement/secmod193.mspx http://www.microsoft.com/technet/security/guidance/pat chmanagement/secmod193.mspx Microsoft Active Protection Program Partners: http://www.microsoft.com/security/msrc/mapp/partners. mspxMicrosoft Active Protection Program Partners: http://www.microsoft.com/security/msrc/mapp/partners. mspx http://www.microsoft.com/security/msrc/mapp/partners. mspx http://www.microsoft.com/security/msrc/mapp/partners. mspx

17 Dial In Number 1-800-229-0449 Pin: 5639 Questions and Answers Submit text questions using the “Ask” button.Submit text questions using the “Ask” button. Don’t forget to fill out the survey.Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC Blog: http://blogs.technet.com/msrcA recording of this webcast will be available within 48 hours on the MSRC Blog: http://blogs.technet.com/msrc http://blogs.technet.com/msrc Register for next month’s webcast at: http://microsoft.com/technet/security/current.aspxRegister for next month’s webcast at: http://microsoft.com/technet/security/current.aspx http://microsoft.com/technet/security/current.aspx

18 Dial In Number 1-800-229-0449 Pin: 5639

Download ppt "Dial In Number 1-800-229-0449 Pin: 5639 Information About Microsoft January 2012 Security Bulletins Dustin Childs Sr. Security Program Manager, MSRC Microsoft."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Configuring Windows to run Dr.Web scanner remotely.

Configuring Windows to run Dr.Web scanner remotely.
Dial In Number 1-800-227-8104 Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
Chapter 10: Configuring Windows Vista Applications.

Chapter 10: Configuring Windows Vista Applications.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Monthly Security Bulletin Briefing

Monthly Security Bulletin Briefing
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security

Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
SP2 Mikael Nystrom. Agenda Översikt Installation.

SP2 Mikael Nystrom. Agenda Översikt Installation.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number 1-800-227-8104 Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.

Dial In Number Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.
Dial In Number 1-800-229-0449 Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.

Dial In Number Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.
Dial In Number 1-800-227-8104 PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,

Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,

Similar presentations

Ads by Google