Presentation is loading. Please wait.

Presentation is loading. Please wait.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Published byKerrie Simpson Modified over 8 years ago

Similar presentations

Presentation on theme: "To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in."— Presentation transcript:

1

2 To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in Information: - 1 (877) 593-2001 Pin: 3959

3 Review of May 2013 Bulletin Release Information - Ten New Security Bulletins - Two New Security Advisories ⁻ One Updated Security Advisory ⁻ Microsoft Windows Malicious Software Removal Tool Resources Questions and Answers: Please Submit Now - Submit Questions via Twitter #MSFTSecWebcast

4 Severity & Exploitability Index Exploitability Index 1 RISK 2 3 DP1113222332 Severity Critical IMPACT Important Moderate Low MS13-037MS13-038MS13- 039MS13-040MS13-041MS13-042MS13-043 MS13-044MS13-045MS13-046 Internet Explorer Lync Visio Publisher Word HTTP.sys.NET Framework Windows Essentials Kernel-Mode Drivers

5 Bulletin Deployment Priority

6 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-0811 Critical NA2 Remote Code Execution Cooperatively Disclosed CVE-2013-1307NA2 CVE-2013-130921 CVE-2013-1306 CVE-2013-1310 CVE-2013-1311 CVE-2013-1313 NA1 CVE-2013-131212 CVE-2013-1308 CVE-2013-2551 11 CVE-2013-1297ImportantNA3Information Disclosure Cooperatively Disclosed Affected ProductsIE6 – IE10 on all supported versions of Windows Client IE6 – IE10 on all supported versions of Windows Server Affected ComponentsInternet Explorer Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. (All CVEs) The attacker could take advantage of compromised websites and websites that accept or host user-provided content or advertisements. (All CVEs) Impact of Attack An attacker could read the contents of JSON data files. (CVE-2013-1297) An attacker could gain the same user rights as the current user. (Remaining CVEs) Mitigating Factors An attacker cannot force users to view the attacker-controlled content. (All CVEs) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. (All CVEs except CVE-2013-1297) By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. (All CVEs) Additional InformationInstallations using Server Core not affected. (All CVEs) MS13-037: Cumulative Security Update for Internet Explorer (2829530)

7 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1347CriticalNA1Remote Code ExecutionPublicly Disclosed Affected ProductsIE8 on all supported versions of Windows ClientIE8 on all supported versions of Windows Servers Affected ComponentsInternet Explorer Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. Impact of Attack The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. Mitigating Factors By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that mitigates this vulnerability. Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone, which disables script and ActiveX controls and helps reduce the risk. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. MS13-038: Vulnerability in Internet Explorer Could Allow Remote Code Execution (2847140)

8 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1305Important3NADenial of ServiceCooperatively Disclosed Affected Products All supported editions of Windows 8 and Windows Server 2012 Affected Components HTTP.sys Deployment Priority 1 Main Target Windows 2012 Servers in an internet-facing deployment Possible Attack Vectors In an HTTP attack scenario, an attacker could send a specially crafted HTTP packet to a Windows 2012 Server. Impact of Attack An attacker who successfully exploited this vulnerability could cause a system to stop responding. Mitigating Factors By default, IIS is not enabled on any Windows operating system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems connected directly to the Internet have a minimal number of ports exposed. Additional Information Update for Windows RT is available via Windows Update. MS13-039: Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)

9 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1336 Important SpoofingCooperatively Disclosed CVE-2013-1337NASecurity BypassPublicly Disclosed Affected Products.NET Framework 2.0 SP2,.NET Framework 3.5,.NET Framework 3.5.1,.NET Framework 4, and.NET Framework 4.5 on all supported versions of Windows Client and Windows Server. Affected Components.NET Framework Deployment Priority3 Main TargetWorkstations and Servers that run.NET and/or WCF Possible Attack Vectors In a.NET application attack scenario, an attacker could modify the contents of an XML file without invalidating the signature associated with the file. (CVE-2013-1336) In a.NET application attack scenario, an attacker could send specially crafted queries to a WCF endpoint. (CVE-2013-1337) Impact of Attack An attacker who successfully exploited this vulnerability could modify the contents of an XML file without invalidating the signature associated with the file. (CVE-2013-1336) An attacker could gain access to the endpoint functions as if they were an authenticated user. (CVE- 2013-1337) Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability. (CVE-2013-1336) By default the WCF authentication mode is set to "Windows" in the userNamePasswordValidationMode property, which is not vulnerable. (CVE-2013-1337) Additional Information.NET Framework 4 and.NET Framework 4 Client Profile affected. MS13-040: Vulnerabilities in.NET Framework Could Allow Spoofing (2836440)

10 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1302Important22Remote Code ExecutionCooperatively Disclosed Affected Products Microsoft Communicator 2007 R2, Microsoft Lync 2010, Microsoft Lync 2010 Attendee, and Microsoft Lync Server 2013 Affected ComponentsLync Deployment Priority2 Main TargetWorkstations Possible Attack Vectors The vulnerability could allow remote code execution if an attacker shares specially crafted content, such as a file or program, as a presentation in Lync or Communicator and then convinces a user to accept an invitation to view or share the presentable content. Impact of Attack An attacker could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Mitigating Factors An attacker would have no way to force users to view or share the attacker-controlled file or program. Additional Information Applying the Lync Server 2013 security update (2827754) also installs the February 2013 cumulative updates for Lync Server 2013. MS13-041: Vulnerability in Lync Could Allow Remote Code Execution (2834695)

11

12 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1316 Important 1 Remote Code ExecutionCooperatively Disclosed CVE-2013-1317 CVE-2013-1318 CVE-2013-1319 CVE-2013-1320 CVE-2013-1321 NA CVE-2013-1322 CVE-2013-1323 CVE-2013-1327 CVE-2013-1328 CVE-2013-1329 3 Affected ProductsMicrosoft Publisher 2003, Microsoft Publisher 2007, and Microsoft Publisher 2010 Affected ComponentsPublisher Deployment Priority2 Main TargetWorkstations Possible Attack Vectors In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit these vulnerabilities. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit these vulnerabilities. Impact of Attack An attacker who successfully exploited these vulnerabilities could run arbitrary code as the current user. Mitigating Factors Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. These vulnerabilities cannot be exploited automatically through e-mail. MS13-042: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2830397)

13 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1335ImportantNA2Remote Code ExecutionCooperatively Disclosed Affected Products Microsoft Word 2003 and Microsoft Word Viewer Affected ComponentsWord Deployment Priority2 Main TargetWorkstations Possible Attack Vectors An attacker could host a website that contains a specially crafted Office file that is used to attempt to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. Impact of Attack An attacker who successfully exploited this vulnerability could gain the same user rights as the current user and run arbitrary code in the context of the current user. Mitigating Factors An attacker would have no way to force users to visit these websites. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Additional Information Outlook is not directly affected because the vulnerability exists in Microsoft Word. If Word is the selected email reader, then an attacker could leverage Outlook for the email attack vector to exploit the vulnerability MS13-043: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)

14 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1301ImportantNA3Information DisclosureCooperatively Disclosed Affected Products Microsoft Visio 2003, Microsoft Visio 2007, and Microsoft Visio 2010 Affected ComponentsVisio Deployment Priority3 Main TargetWorkstations Possible Attack Vectors An attacker could host a website that contains a specially crafted Visio file that is used to attempt to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. Impact of Attack An attacker who successfully exploited this vulnerability could read data from a file located on the target system. Mitigating Factors An attacker would have no way to force users to visit a specially crafted website. The vulnerability cannot be exploited automatically through email. MS13-044: Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)

15 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-0096Important33Information DisclosureCooperatively Disclosed Affected ProductsWindows Essentials 2011 and Windows Essentials 2012 on all supported versions of Windows Client. Affected ComponentsWriter Deployment Priority3 Main TargetSystems with Windows Writer Possible Attack Vectors An attacker would have to host a website and convince a user to click on a specially crafted URL in order to exploit this vulnerability. Impact of Attack An attacker who successfully exploited the vulnerability could override Windows Writer proxy settings and overwrite files accessible to the user on the target system. Mitigating Factors An attacker would have no way to force users to visit these websites. Additional Information There is no update available for Windows Essentials 2011. This update is available through the Windows Essentials page. MS13-045: Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)

16 CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE-2013-1332 Important 22 Elevation of PrivilegeCooperatively Disclosed CVE-2013-1333NA 1 CVE-2013-1334 Affected Products Windows XP, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT Affected ComponentsKernel-Mode Driver Deployment Priority2 Main TargetWorkstations and Terminal Servers Possible Attack Vectors To exploit this vulnerability, an attacker would first have to log on to the system then run a specially crafted application designed to increase privileges. (All CVEs) Impact of Attack An elevation of privilege vulnerability exists when the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) improperly handles objects in memory. (CVE-2013-1332) An attacker could gain elevated privileges and cause system instability. (CVE-2013-1333) An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2013-1334) Mitigating Factors An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. (All CVEs) Additional Information This update is available via Windows Update. For some products, this update is for DiD only. For more information, please refer to the update. MS13-046: Vulnerability in Kernel-Mode Drivers Could Allow Elevation of Privilege (2840221)

17 Microsoft Security Advisory (2820197): Update Rollup for ActiveX Kill Bits - Microsoft is releasing a new set of ActiveX kill bits with this advisory. Microsoft Security Advisory (2846338): Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution - This advisory addresses a security vulnerability that only affects x64-based versions of the Malware Protection Engine.

18 Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 ⁻ On May 14, 2013, Microsoft released an update (2840613) for all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-14.

19 Detection & Deployment 1.The MBSA does not support detection on Windows 8, Windows RT, and Windows Server 2012. 2.Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store.

20 Other Update Information

21 During this release Microsoft will increase detection capability for the following families in the MSRT: ₋WIN32/Fakdef: A family of trojans that displays fake warnings of "malicious programs and viruses", and tells you that they need to pay money to register the software to remove these non-existent threats. WIN32/Fakdef ₋WIN32/Vicenor: A family of trojans that launch a Bitcoin mining utility on your computer. WIN32/Vicenor ₋WIN32/Kexqoud: A family of trojans that use your computer without your consent to generate digital currency, also known as Bitcoins. WIN32/Kexqoud Available as a priority update through Windows Update or Microsoft Update. Offered through WSUS 3.0 or as a download at: www.microsoft.com/malwareremove. www.microsoft.com/malwareremove

22

23 Submit text questions using the “Ask” button. Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC blog. http://blogs.technet.com/msrc Register for next month’s webcast at: http://microsoft.com/technet/security/current.aspx

24

Download ppt "To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Dial In Number 1-800-227-8104 Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
Information for Developers Windows XP Service Pack 2 Information for Developers.

Information for Developers Windows XP Service Pack 2 Information for Developers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Monthly Security Bulletin Briefing

Monthly Security Bulletin Briefing
WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.

WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number 1-800-227-8104 Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.

Dial In Number Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Dial In Number 1-800-229-0449 Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.

Dial In Number Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.
Dial In Number 1-800-227-8104 PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,

Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,

Similar presentations

Ads by Google