Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft January 2013 Security Bulletins Andrew Gross Senior Security Program Manager Microsoft.

Published byPiers Maxwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft January 2013 Security Bulletins Andrew Gross Senior Security Program Manager Microsoft."— Presentation transcript:

1 Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft January 2013 Security Bulletins Andrew Gross Senior Security Program Manager Microsoft Corporation Dustin Childs Group Manager, Response Communications Microsoft Corporation

2 Dial In Number 1-877-593-2001 Pin: 3959 Live Video Stream To receive our video stream in LiveMeeting:To receive our video stream in LiveMeeting: –Click on Voice & Video –Click the drop down next to the camera icon –Select Show Main Video

3 Dial In Number 1-877-593-2001 Pin: 3959 What We Will Cover Review of January 2013 Bulletin Release InformationReview of January 2013 Bulletin Release Information –Seven new security bulletins –Two security advisory revisions –Microsoft ® Windows ® Malicious Software Removal Tool ResourcesResources Questions and Answers: Please Submit NowQuestions and Answers: Please Submit Now –Submit Questions via Twitter #MSFTSecWebcast

4 Dial In Number 1-877-593-2001 Pin: 3959 Severity and Exploitability Index Exploitability Index 1 RISK 2 3 DP2132223 Severity Critical IMPACT Important Moderate Low MS13-001MS13-002MS13-003MS13-004MS13-005MS13-006MS13-007 Windows Print Spooler Kernel Mode Drivers SSL Systems Center Operations Manager.NET Framework Open Data Protocol XML Core Services

5 Dial In Number 1-877-593-2001 Pin: 3959 Bulletin Deployment Priority

6 Dial In Number 1-877-593-2001 Pin: 3959 MS13-001: Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2013-0011CriticalNA1 Remote Code Execution Cooperatively Disclosed Affected Products Supported versions of Windows 7 and Windows Server 2008 R2 Affected Components Print Spooler Deployment Priority 2 Main Target Workstations and servers Possible Attack Vectors A remote unauthenticated attacker could exploit the vulnerability by sending a specially crafted print job to the print server.A remote unauthenticated attacker could exploit the vulnerability by sending a specially crafted print job to the print server. Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code on a user's system with system privileges.An attacker who successfully exploited this vulnerability could run arbitrary code on a user's system with system privileges. Mitigating Factors Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Additional Information Installations using Server Core are affected.Installations using Server Core are affected.

7 Dial In Number 1-877-593-2001 Pin: 3959 MS13-002: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2013-0006Critical11 Remote Code Execution Cooperatively Disclosed CVE-2013-0007Critical11 Remote Code Execution Cooperatively Disclosed Affected Products XML Core Services 4 & 6 on Windows Clients; XML Core Services 3 on XP, Vista x64, Windows 7 x64, Windows 8 x64; XML Core Services 5 on Office 2003 & 2007, Word Viewer, Office Compatibility Pack, Expressio0n Web Service Pack, Expression Web 2, SharePoint Server 2007, and Groove Server Service 2007 XML Core Services 4 & 6 on all supported versions of Windows Server; XML Core Services 3 on all supported versions of Windows Server except the 32-bit versions of Windows Server 2003 and Windows Server 2008 Affected Components XML Core Services Deployment Priority 1 Main Target Workstations Possible Attack Vectors An attacker could exploit the vulnerability by hosting a specially crafted website that is designed to invoke MSXML through Internet Explorer.An attacker could exploit the vulnerability by hosting a specially crafted website that is designed to invoke MSXML through Internet Explorer. Non-Microsoft web applications and services that utilize the MSXML library for parsing XML could also be vulnerable to this attack.Non-Microsoft web applications and services that utilize the MSXML library for parsing XML could also be vulnerable to this attack. Impact of Attack An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Mitigating Factors By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone.By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. An attacker cannot force a user to visit a malicious website.An attacker cannot force a user to visit a malicious website. Additional Information Installations using Server Core are affected except for Windows Server 2008 32-bit.Installations using Server Core are affected except for Windows Server 2008 32-bit. Depending on which version of Microsoft XML Core Services you have installed on your system, you may be offered more than one security update from this security bulletin.Depending on which version of Microsoft XML Core Services you have installed on your system, you may be offered more than one security update from this security bulletin.

8 Dial In Number 1-877-593-2001 Pin: 3959 MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2013-0009ImportantNA1 Elevation of Privilege Cooperatively Disclosed CVE-2013-0010ImportantNA1 Elevation of Privilege Cooperatively Disclosed Affected Products Microsoft System Center Operations Manager 2007, Microsoft System Center Operations Manager 2007 R2 Affected Components Systems Center Operations Manager Deployment Priority 3 Main Target Systems Center Operations Manager Servers Possible Attack Vectors An attacker could exploit this vulnerability by having a user visit an affected website by way of a specially crafted URL. This can be done through any medium that can contain web links that are controlled by the attacker, such as a link in an email, a link on a website, or a redirect on a website.An attacker could exploit this vulnerability by having a user visit an affected website by way of a specially crafted URL. This can be done through any medium that can contain web links that are controlled by the attacker, such as a link in an email, a link on a website, or a redirect on a website. Impact of Attack An attacker who successfully exploited this vulnerability could inject a client-side script in the user's browser.An attacker who successfully exploited this vulnerability could inject a client-side script in the user's browser. Mitigating Factors An attacker would have no way to force users to visit a specially crafted website.An attacker would have no way to force users to visit a specially crafted website. Additional Information Microsoft System Center Operations Manager 2007 R2: Only available via the DLC and is cumulative.Microsoft System Center Operations Manager 2007 R2: Only available via the DLC and is cumulative. The update for Microsoft System Center Operations Manager 2007 is not available at this time; see the FAQ in the bulletin for more information.The update for Microsoft System Center Operations Manager 2007 is not available at this time; see the FAQ in the bulletin for more information.

9 Dial In Number 1-877-593-2001 Pin: 3959 MS13-004: Vulnerability in.NET Framework Could Allow Elevation of Privilege (2769324) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2013-0001ModerateNANA Information Disclosure Cooperatively Disclosed CVE-2013-0002Important11 Elevation of Privilege Cooperatively Disclosed CVE-2013-0003Important11 Elevation of Privilege Cooperatively Disclosed CVE-2013-0004Important11 Elevation of Privilege Cooperatively Disclosed Affected Products.NET Framework 1.1, 2.0, 3.5.1, 4.0, & 4.5 on all supported versions of Microsoft Windows Client and Microsoft Windows Server and 3.5 on Windows 8 and Windows Server 2012 only DiD:.NET Framework 3.0 on all supported versions of Microsoft Windows Client and Microsoft Windows Server Affected Components.NET Framework Deployment Priority 2 Main Target Exchange Server Systems Possible Attack Vector Web based: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that could exploit this vulnerability and then convince a user to view the website.Web based: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that could exploit this vulnerability and then convince a user to view the website..NET applications: This vulnerability could also be used by Windows.NET Framework applications to bypass Code Access Security (CAS) restrictions..NET applications: This vulnerability could also be used by Windows.NET Framework applications to bypass Code Access Security (CAS) restrictions. Impact of Attack An attacker could obtain data that is stored in unmanaged memory locations.An attacker could obtain data that is stored in unmanaged memory locations. An attacker who successfully exploited this vulnerability could take complete control of the affected system.An attacker who successfully exploited this vulnerability could take complete control of the affected system. Mitigating Factors Microsoft has not identified any mitigations to these vulnerabilities.Microsoft has not identified any mitigations to these vulnerabilities. Additional Information.NET Framework 4 and.NET Framework 4 Client Profile affected..NET Framework 4 and.NET Framework 4 Client Profile affected. Windows RT security updates are provided via Windows Update.Windows RT security updates are provided via Windows Update.Windows UpdateWindows Update

10 Dial In Number 1-877-593-2001 Pin: 3959 MS13-005: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2013-0008Important1NA Elevation of Privilege Cooperatively Disclosed Affected Products All supported versions of Windows Client and Windows Server except for all editions of Windows XP and Windows Server 2003 Affected Components Kernel-Mode Drivers Deployment Priority 2 Main Target Workstations Possible Attack Vectors This vulnerability requires that an attacker convince a user to run a specially crafted application.This vulnerability requires that an attacker convince a user to run a specially crafted application. Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code in the context of a higher Integrity Level (IL) process.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of a higher Integrity Level (IL) process. Mitigating Factors An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Additional Information Installations using Server Core are affected.Installations using Server Core are affected.

11 Dial In Number 1-877-593-2001 Pin: 3959 MS13-006: Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2013-0013ImportantNANA Security Feature Bypass Cooperatively Disclosed Affected Products All supported versions of Windows Client and Windows Server except for all editions of Windows XP and Windows Server 2003 Affected Components SSL and TLS Deployment Priority 2 Main Target Workstations and servers that send and receive SSL/TLS encrypted traffic Possible Attack Vectors In a man-in-the-middle attack, an attacker could inject malformed traffic into an SSL version 3 or TLS browsing session between Internet Explorer and a third-party server or a third-party client and a Microsoft server, silently downgrading the connection to SSL version 2.In a man-in-the-middle attack, an attacker could inject malformed traffic into an SSL version 3 or TLS browsing session between Internet Explorer and a third-party server or a third-party client and a Microsoft server, silently downgrading the connection to SSL version 2. Impact of Attack Each user in the communication unknowingly sends traffic to and receives traffic from the attacker, all the while thinking they are communicating only with the intended user.Each user in the communication unknowingly sends traffic to and receives traffic from the attacker, all the while thinking they are communicating only with the intended user. Mitigating Factors Microsoft has not identified any mitigations for this vulnerability.Microsoft has not identified any mitigations for this vulnerability. Additional Information Installations using Server Core are affected.Installations using Server Core are affected.

12 Dial In Number 1-877-593-2001 Pin: 3959 MS13-007: Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE-2013-0005Important33 Denial of Service Cooperatively Disclosed Affected Products.NET Framework 3.5, 3.5.1, 4.0 on all supported versions of Microsoft Windows Client (except Windows RT) and Microsoft Windows Server ; Management OData Extension on Windows 8 and Windows Server 2012 Affected Components Open Data Protocol Deployment Priority 3 Main Target Workstations Possible Attack Vectors An unauthenticated attacker could send a small number of specially crafted HTTP requests to an affected site, causing a denial of service conditionAn unauthenticated attacker could send a small number of specially crafted HTTP requests to an affected site, causing a denial of service condition Impact of Attack An attacker could use this vulnerability to cause a denial of service attack and disrupt the availability of sites that use.NET WCF Services.An attacker could use this vulnerability to cause a denial of service attack and disrupt the availability of sites that use.NET WCF Services. Mitigating Factors Microsoft has not identified any mitigations for this vulnerability.Microsoft has not identified any mitigations for this vulnerability. Additional Information Installations using Server Core are affected.Installations using Server Core are affected.

13 Dial In Number 1-877-593-2001 Pin: 3959 Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 –On January 8, 2013, Microsoft revised a security advisory to announce the availability of a new Adobe Flash update. (KB 27960960) Microsoft Security Advisory (973811): Extended Protection for AuthenticationMicrosoft Security Advisory (973811): Extended Protection for Authentication –Microsoft is centralizing recommendations and best practices in KB973811. These are not new recommendations, but are being consolidated into a single KB article. –This revision also includes a Fix it that automatically sets Windows XP and Windows Server 2003 systems to allow NTLMv2 only as recommended. Microsoft Security Advisories

14 Dial In Number 1-877-593-2001 Pin: 3959 Detection & Deployment 1.MBSA does not support detection on Windows 8, Windows RT, and Windows Server 2012 2.Yes, except for Windows Server 2012 3.Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store 4.Updates for this bulletin are only available via the Microsoft Download Center

15 Dial In Number 1-877-593-2001 Pin: 3959 Other Update Information

16 Dial In Number 1-877-593-2001 Pin: 3959 Windows Malicious Software Removal Tool (MSRT) During this release Microsoft will increase/add detection capability for the following families in the MSRT: Win32/Ganelp: A worm that can spread itself from one computer to anotherWin32/Ganelp: A worm that can spread itself from one computer to anotherWin32/Ganelp: Win32/Lefgroo: A worm that spreads by dropping copies of itself to all writeable fixed and removable drives in the systemWin32/Lefgroo: A worm that spreads by dropping copies of itself to all writeable fixed and removable drives in the systemWin32/Lefgroo January MSRT will be distributed to Windows 8, x86 and x64. Available as a priority update through Windows Update or Microsoft Update. Offered through WSUS 3.0 or as a download at: www.microsoft.com/malwareremove. www.microsoft.com/malwareremove

17 Dial In Number 1-877-593-2001 Pin: 3959 Resources Blogs Microsoft Security Response Center (MSRC) blog: www.blogs.technet.com/msrcMicrosoft Security Response Center (MSRC) blog: www.blogs.technet.com/msrc www.blogs.technet.com/msrc Security Research & Defense blog: http://blogs.technet.com/srdSecurity Research & Defense blog: http://blogs.technet.com/srd http://blogs.technet.com/srd Microsoft Malware Protection Center Blog: http://blogs.technet.com/mmpc/Microsoft Malware Protection Center Blog: http://blogs.technet.com/mmpc/ http://blogs.technet.com/mmpc/ Twitter @MSFTSecResponse@MSFTSecResponse Security Centers Microsoft Security Home Page: www.microsoft.com/securityMicrosoft Security Home Page: www.microsoft.com/security www.microsoft.com/security TechNet Security Center: www.microsoft.com/technet/securityTechNet Security Center: www.microsoft.com/technet/security www.microsoft.com/technet/security MSDN Security Developer Center: http://msdn.microsoft.com/en- us/security/default.aspxMSDN Security Developer Center: http://msdn.microsoft.com/en- us/security/default.aspx http://msdn.microsoft.com/en- us/security/default.aspx http://msdn.microsoft.com/en- us/security/default.aspx Bulletins, Advisories, Notifications & Newsletters Security Bulletins Summary: www.microsoft.com/technet/security/bulletin/summ ary.mspxSecurity Bulletins Summary: www.microsoft.com/technet/security/bulletin/summ ary.mspx www.microsoft.com/technet/security/bulletin/summ ary.mspx www.microsoft.com/technet/security/bulletin/summ ary.mspx Security Bulletins Search: www.microsoft.com/technet/security/current.aspxSecurity Bulletins Search: www.microsoft.com/technet/security/current.aspx www.microsoft.com/technet/security/current.aspx Security Advisories: www.microsoft.com/technet/security/advisory/Security Advisories: www.microsoft.com/technet/security/advisory/ www.microsoft.com/technet/security/advisory/ Microsoft Technical Security Notifications: www.microsoft.com/technet/security/bulletin/notify. mspxMicrosoft Technical Security Notifications: www.microsoft.com/technet/security/bulletin/notify. mspx www.microsoft.com/technet/security/bulletin/notify. mspx www.microsoft.com/technet/security/bulletin/notify. mspx Microsoft Security Newsletter: www.microsoft.com/technet/security/secnewsMicrosoft Security Newsletter: www.microsoft.com/technet/security/secnews www.microsoft.com/technet/security/secnews Other Resources Update Management Process http://www.microsoft.com/technet/security/guidanc e/patchmanagement/secmod193.mspxUpdate Management Process http://www.microsoft.com/technet/security/guidanc e/patchmanagement/secmod193.mspx http://www.microsoft.com/technet/security/guidanc e/patchmanagement/secmod193.mspx http://www.microsoft.com/technet/security/guidanc e/patchmanagement/secmod193.mspx Microsoft Active Protection Program Partners: http://www.microsoft.com/security/msrc/mapp/part ners.mspxMicrosoft Active Protection Program Partners: http://www.microsoft.com/security/msrc/mapp/part ners.mspx http://www.microsoft.com/security/msrc/mapp/part ners.mspx http://www.microsoft.com/security/msrc/mapp/part ners.mspx

18 Dial In Number 1-877-593-2001 Pin: 3959 Questions and Answers Submit text questions using the “Ask” button.Submit text questions using the “Ask” button. Don’t forget to fill out the survey.Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC Blog: http://blogs.technet.com/msrcA recording of this webcast will be available within 48 hours on the MSRC Blog: http://blogs.technet.com/msrc http://blogs.technet.com/msrc Register for next month’s webcast at: http://microsoft.com/technet/security/current.aspxRegister for next month’s webcast at: http://microsoft.com/technet/security/current.aspx http://microsoft.com/technet/security/current.aspx

19 Dial In Number 1-877-593-2001 Pin: 3959

Download ppt "Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft January 2013 Security Bulletins Andrew Gross Senior Security Program Manager Microsoft."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Dial In Number 1-800-227-8104 Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number 1-800-227-8104 Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.

Dial In Number Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Dial In Number 1-800-229-0449 Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.

Dial In Number Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.
Dial In Number 1-800-227-8104 PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

Similar presentations

Ads by Google