SlideShare une entreprise Scribd logo

April 2016 Shavlik Patch Tuesday Presentation

Télécharger en tant que PPTX, PDF
LANDESK
LANDESK

See the full blog post here: http://blog.shavlik.com/april-patch-tuesday-2016/ April’s Patch Tuesday is looking and sounding like a spring weather forecast. The forecast is calling for rain, but it turned out to be partly cloudy. There has been some mixed feelings about a newly announced vulnerability, or vulnerabilities as it were, in Samba. Badlock is a vulnerability recently identified in Windows and Samba. There are eight CVEs related to Badlock, categorized as man-in-the-middle and denial-of-service attacks. The primary CVE is CVE-2016-2118. This is a multi-vendor problem, so two CVEs were opened to track for each vendor.

Logiciels
1  sur  28
Patch Tuesday Webinar Wednesday, April 13th, 2016 Chris Goettl • Sr. Product Manager Dial In: 1-855-749-4750 (US) Attendees: 922 935 176
Agenda April 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
News – Badlock Badlock.org – Described a serious flaw in Samba that would also affect windows. The CVEs were released yesterday and were a bit disappointing given the hype put out by SerNet. The primary vulnerability (CVE-2016-2118) has a base CVSS of 7.1, which is high, but the vulnerability does not fit the profile of a vulnerability likely to be exploited. CVE-2016-0128 is the only CVE relating to Windows (MS16-047). Some of the other CVEs talk about Windows, but in the context of older windows OSs and were issues resolved by config changes long ago.
News – LANDESK to acquire AppSense Complimentary features. On the Security side, Application Whitelisting and Privilege management compliment the Shavlik solutions to complete the top preventative measures to protect your environment. Australian Signals Directorate – Top 4 Mitigation Strategies, Application Whitelisting, Patch Applications, Patch Operating System, Minimize Administrative Privleges SANSCIS Critical Security Controls – Quick 5 CSC 1: Inventory of Authorized and Unauthorized Devices CSC 2: Inventory of Authorized and Unauthorized Software CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CSC 4: Continuous Vulnerability Assessment and Remediation CSC 5: Controlled Use of Administrative Privileges
Known Issues MS16-039 – Bulletin states it is required on Server Core. Our test confirmed a failure to install, WSUS test confirmed update was not even offered for Core. For Office 2010 the bulletin states it only applies to pre-vista systems with Office 2010 installed. MS16-038, MS16-046, MS16-049 – These three bulletins only apply to Windows 10. Shavlik Protect users, you will see this as CSWU-023 in product. MS16-043 – Bulletin did not release.
CSWU-023: Cumulative update for Windows 10: April 12, 2016  Maximum Severity: Critical  Affected Products: Windows 10, Edge, Internet Explorer  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-037, MS16-038, MS16-039, MS16-040, MS16-045, MS16-046, MS16-047, MS16-048, MS16-049, and MS16-050.  Impact: Remote Code Execution, Elevation of Privilege, Security Feature Bypass  Fixes 23 vulnerabilities:  CVE-2016-0154, CVE-2016-0159, CVE-2016-0160 (Disclosed), CVE-2016-0162, CVE-2016-0164, CVE-2016-0166, CVE-2016- 0155, CVE-2016-0156, CVE-2016-0157, CVE-2016-0158, CVE-2016-0161, CVE-2016-0143, CVE-2016-0145, CVE-2016-0165, CVE-2016-0167, CVE-2016-0147, CVE-2016-0088, CVE-2016-0089, CVE-2016-0090, CVE-2016-0135, CVE-2016-0128, CVE-2016- 0151, CVE-2016-0150  Restart Required: Requires Restart
MS16-037: Cumulative Security Update for Internet Explorer (3148531)  Maximum Severity: Critical  Affected Products: Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 6 vulnerabilities:  CVE-2016-0154, CVE-2016-0159, CVE-2016-0160 (Disclosed), CVE-2016-0162, CVE-2016-0164, CVE-2016-0166  Restart Required: Requires Restart
MS16-038: Cumulative Security Update for Microsoft Edge (3148532)  Maximum Severity: Critical  Affected Products: Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.  Impact: Remote Code Execution  Fixes 6 vulnerabilities:  CVE-2016-0154, CVE-2016-0155, CVE-2016-0156, CVE-2016-0157, CVE-2016-0158, CVE-2016-0161  Restart Required: Requires Restart
MS16-039: Security Update for Microsoft Graphics Component (3148522)  Maximum Severity: Critical  Affected Products: Windows, .Net, Office, Skype, Lync  Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-0143, CVE-2016-0145, CVE-2016-165 (Exploited), CVE-2016-0167 (Exploited)  Restart Required: Requires Restart
MS16-040: Security Update for Microsoft XML Core Services (3148541)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0147  Restart Required: May Require Restart
MS16-041: Security Update for .NET Framework (3148789)  Maximum Severity: Important  Affected Products: Windows, .Net  Description: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0148 (Disclosed)  Restart Required: May Require Restart
MS16-042: Security Update for Microsoft Office (3148775)  Maximum Severity: Critical  Affected Products: Office, Sharepoint  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-0122, CVE-2016-0127, CVE-2016-0136, CVE-2016-0139  Restart Required: May Require Restart
MS16-046: Security Update for Secondary Logon (3148538)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0135 (Disclosed)  Restart Required: Requires Restart
MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack. An attacker could then force a downgrade of the authentication level of the SAM and LSAD channels and impersonate an authenticated user.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0128 (Disclosed)  Restart Required: Requires Restart
MS16-050: Security Update for Adobe Flash Player (3154132)  Maximum Severity: Critical  Affected Products: Windows, Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.  Impact: Remote Code Execution  Fixes 24 vulnerabilities:  CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016- 1017, CVE-2016-1018, CVE-2016-1019 (Exploited), CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE- 2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016- 1031, CVE-2016-1032, CVE-2016-1033  Restart Required: Requires Restart
APSB16-10: Security updates available for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player, Adobe AIR • Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. • Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. Please refer to APSA16-01 for details  .  Impact: Remote Code Execution  Fixes 24 vulnerabilities:  CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016- 1017, CVE-2016-1018, CVE-2016-1019 (Exploited), CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE- 2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016- 1031, CVE-2016-1032, CVE-2016-1033  Restart Required: Requires Restart
JAVA8u79: Oracle Quarterly CPU coming next week, April 19th  Maximum Severity: Critical  Affected Products: Java Runtime • Description:  Impact:  Fixes x vulnerabilities:  ,  Restart Required: Restart Required
MS16-044: Security Update for Windows OLE (3146706)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0153  Restart Required: Requires Restart
MS16-045: Security Update for Windows Hyper-V (3143118)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.  Impact: Remote Code Execution  Fixes 3 vulnerabilities:  CVE-2016-0088, CVE-2016-0089, CVE-2016-0090  Restart Required: Requires Restart
MS16-048: Security Update for CSRSS (3148528)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application.  Impact: Security Feature Bypass  Fixes 1 vulnerabilities:  CVE-2016-0151  Restart Required: Requires Restart
MS16-049: Security Update for HTTP.sys (3148795)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.  Impact: Denial of Service  Fixes 1 vulnerabilities:  CVE-2016-0150  Restart Required: Requires Restart
• Why should you attend? • Great Value: • Two days of hands on and deep dive product sessions for less than one day of consulting services • Interaction with Shavlik Product Managers and Systems Engineers • Earlybird rate of $795 • And, of course, because its Vegas baby! • For details see: • http://www.shavlik.com/tech-summit/
Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.
Thank you

Recommandé

How is life like changing weather
How is life like changing weatherHow is life like changing weather
How is life like changing weatherKatie Vanko
 
Obtaining Advanced Dental Assistant Certification in South Dakota
Obtaining Advanced Dental Assistant Certification in South DakotaObtaining Advanced Dental Assistant Certification in South Dakota
Obtaining Advanced Dental Assistant Certification in South DakotaBrooke Kuecker
 
International sales training- English language in Hochiminh Vietnam
International sales training- English language in Hochiminh VietnamInternational sales training- English language in Hochiminh Vietnam
International sales training- English language in Hochiminh VietnamWin Chu
 
Yang baru
Yang baruYang baru
Yang barubanatpalma
 
Ir classification association
Ir classification associationIr classification association
Ir classification associationswapnil shinde
 
Task: 31 Editing images
Task: 31 Editing imagesTask: 31 Editing images
Task: 31 Editing imagesPOD97
 
Preparing the Engineer of the Future, Part II: Projects around the Globe
Preparing the Engineer of the Future, Part II: Projects around the GlobePreparing the Engineer of the Future, Part II: Projects around the Globe
Preparing the Engineer of the Future, Part II: Projects around the GlobeRick Vaz
 
Guide To Content Analysis
Guide To Content AnalysisGuide To Content Analysis
Guide To Content AnalysisTommy Jo St John
 

Recommandé

How is life like changing weather
How is life like changing weatherHow is life like changing weather
How is life like changing weatherKatie Vanko
 
Obtaining Advanced Dental Assistant Certification in South Dakota
Obtaining Advanced Dental Assistant Certification in South DakotaObtaining Advanced Dental Assistant Certification in South Dakota
Obtaining Advanced Dental Assistant Certification in South DakotaBrooke Kuecker
 
International sales training- English language in Hochiminh Vietnam
International sales training- English language in Hochiminh VietnamInternational sales training- English language in Hochiminh Vietnam
International sales training- English language in Hochiminh VietnamWin Chu
 
Yang baru
Yang baruYang baru
Yang barubanatpalma
 
Ir classification association
Ir classification associationIr classification association
Ir classification associationswapnil shinde
 
Task: 31 Editing images
Task: 31 Editing imagesTask: 31 Editing images
Task: 31 Editing imagesPOD97
 
Preparing the Engineer of the Future, Part II: Projects around the Globe
Preparing the Engineer of the Future, Part II: Projects around the GlobePreparing the Engineer of the Future, Part II: Projects around the Globe
Preparing the Engineer of the Future, Part II: Projects around the GlobeRick Vaz
 
Guide To Content Analysis
Guide To Content AnalysisGuide To Content Analysis
Guide To Content AnalysisTommy Jo St John
 
Innovation academy
Innovation academyInnovation academy
Innovation academyStrategy Crowd
 
Formato plan de asignatura o área
Formato plan de asignatura o áreaFormato plan de asignatura o área
Formato plan de asignatura o áreaAndrea Londoño
 
Alternative education.britishopenuniversity
Alternative education.britishopenuniversityAlternative education.britishopenuniversity
Alternative education.britishopenuniversityJoem Magante
 
Tribological testing regime for establishing ficiency of zddp in presence of ...
Tribological testing regime for establishing ficiency of zddp in presence of ...Tribological testing regime for establishing ficiency of zddp in presence of ...
Tribological testing regime for establishing ficiency of zddp in presence of ...IAEME Publication
 
การทำตัวอักษรควันบุหรี่
การทำตัวอักษรควันบุหรี่การทำตัวอักษรควันบุหรี่
การทำตัวอักษรควันบุหรี่Lovevy Poi
 
Field Hockey patterns of play 13
Field Hockey patterns of play 13Field Hockey patterns of play 13
Field Hockey patterns of play 13Derek Pappas
 
January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikLANDESK
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikLANDESK
 
November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikLANDESK
 
October2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikOctober2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikLANDESK
 
Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016LANDESK
 
August Patch Tuesday 2016
August Patch Tuesday 2016August Patch Tuesday 2016
August Patch Tuesday 2016LANDESK
 
Ransomware Mitigation Strategies
Ransomware Mitigation StrategiesRansomware Mitigation Strategies
Ransomware Mitigation StrategiesLANDESK
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 

Contenu connexe

En vedette

Formato plan de asignatura o área
Formato plan de asignatura o áreaFormato plan de asignatura o área
Formato plan de asignatura o áreaAndrea Londoño
 
Alternative education.britishopenuniversity
Alternative education.britishopenuniversityAlternative education.britishopenuniversity
Alternative education.britishopenuniversityJoem Magante
 
Tribological testing regime for establishing ficiency of zddp in presence of ...
Tribological testing regime for establishing ficiency of zddp in presence of ...Tribological testing regime for establishing ficiency of zddp in presence of ...
Tribological testing regime for establishing ficiency of zddp in presence of ...IAEME Publication
 
การทำตัวอักษรควันบุหรี่
การทำตัวอักษรควันบุหรี่การทำตัวอักษรควันบุหรี่
การทำตัวอักษรควันบุหรี่Lovevy Poi
 
Field Hockey patterns of play 13
Field Hockey patterns of play 13Field Hockey patterns of play 13
Field Hockey patterns of play 13Derek Pappas
 

En vedette (6)

Innovation academy
Innovation academyInnovation academy
Innovation academy
 
Formato plan de asignatura o área
Formato plan de asignatura o áreaFormato plan de asignatura o área
Formato plan de asignatura o área
 
Alternative education.britishopenuniversity
Alternative education.britishopenuniversityAlternative education.britishopenuniversity
Alternative education.britishopenuniversity
 
Tribological testing regime for establishing ficiency of zddp in presence of ...
Tribological testing regime for establishing ficiency of zddp in presence of ...Tribological testing regime for establishing ficiency of zddp in presence of ...
Tribological testing regime for establishing ficiency of zddp in presence of ...
 
การทำตัวอักษรควันบุหรี่
การทำตัวอักษรควันบุหรี่การทำตัวอักษรควันบุหรี่
การทำตัวอักษรควันบุหรี่
 
Field Hockey patterns of play 13
Field Hockey patterns of play 13Field Hockey patterns of play 13
Field Hockey patterns of play 13
 

Plus de LANDESK

January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikLANDESK
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikLANDESK
 
November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikLANDESK
 
October2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikOctober2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikLANDESK
 
Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016LANDESK
 
August Patch Tuesday 2016
August Patch Tuesday 2016August Patch Tuesday 2016
August Patch Tuesday 2016LANDESK
 
Ransomware Mitigation Strategies
Ransomware Mitigation StrategiesRansomware Mitigation Strategies
Ransomware Mitigation StrategiesLANDESK
 

Plus de LANDESK (7)

January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlik
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlik
 
November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlik
 
October2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikOctober2016 patchtuesdayshavlik
October2016 patchtuesdayshavlik
 
Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016
 
August Patch Tuesday 2016
August Patch Tuesday 2016August Patch Tuesday 2016
August Patch Tuesday 2016
 
Ransomware Mitigation Strategies
Ransomware Mitigation StrategiesRansomware Mitigation Strategies
Ransomware Mitigation Strategies
 

Dernier

%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 

Dernier (20)

%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 

April 2016 Shavlik Patch Tuesday Presentation

  • 1. Patch Tuesday Webinar Wednesday, April 13th, 2016 Chris Goettl • Sr. Product Manager Dial In: 1-855-749-4750 (US) Attendees: 922 935 176
  • 2. Agenda April 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
  • 3.
  • 4.
  • 5.
  • 6. News – Badlock Badlock.org – Described a serious flaw in Samba that would also affect windows. The CVEs were released yesterday and were a bit disappointing given the hype put out by SerNet. The primary vulnerability (CVE-2016-2118) has a base CVSS of 7.1, which is high, but the vulnerability does not fit the profile of a vulnerability likely to be exploited. CVE-2016-0128 is the only CVE relating to Windows (MS16-047). Some of the other CVEs talk about Windows, but in the context of older windows OSs and were issues resolved by config changes long ago.
  • 7. News – LANDESK to acquire AppSense Complimentary features. On the Security side, Application Whitelisting and Privilege management compliment the Shavlik solutions to complete the top preventative measures to protect your environment. Australian Signals Directorate – Top 4 Mitigation Strategies, Application Whitelisting, Patch Applications, Patch Operating System, Minimize Administrative Privleges SANSCIS Critical Security Controls – Quick 5 CSC 1: Inventory of Authorized and Unauthorized Devices CSC 2: Inventory of Authorized and Unauthorized Software CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CSC 4: Continuous Vulnerability Assessment and Remediation CSC 5: Controlled Use of Administrative Privileges
  • 8. Known Issues MS16-039 – Bulletin states it is required on Server Core. Our test confirmed a failure to install, WSUS test confirmed update was not even offered for Core. For Office 2010 the bulletin states it only applies to pre-vista systems with Office 2010 installed. MS16-038, MS16-046, MS16-049 – These three bulletins only apply to Windows 10. Shavlik Protect users, you will see this as CSWU-023 in product. MS16-043 – Bulletin did not release.
  • 9. CSWU-023: Cumulative update for Windows 10: April 12, 2016  Maximum Severity: Critical  Affected Products: Windows 10, Edge, Internet Explorer  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-037, MS16-038, MS16-039, MS16-040, MS16-045, MS16-046, MS16-047, MS16-048, MS16-049, and MS16-050.  Impact: Remote Code Execution, Elevation of Privilege, Security Feature Bypass  Fixes 23 vulnerabilities:  CVE-2016-0154, CVE-2016-0159, CVE-2016-0160 (Disclosed), CVE-2016-0162, CVE-2016-0164, CVE-2016-0166, CVE-2016- 0155, CVE-2016-0156, CVE-2016-0157, CVE-2016-0158, CVE-2016-0161, CVE-2016-0143, CVE-2016-0145, CVE-2016-0165, CVE-2016-0167, CVE-2016-0147, CVE-2016-0088, CVE-2016-0089, CVE-2016-0090, CVE-2016-0135, CVE-2016-0128, CVE-2016- 0151, CVE-2016-0150  Restart Required: Requires Restart
  • 10. MS16-037: Cumulative Security Update for Internet Explorer (3148531)  Maximum Severity: Critical  Affected Products: Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 6 vulnerabilities:  CVE-2016-0154, CVE-2016-0159, CVE-2016-0160 (Disclosed), CVE-2016-0162, CVE-2016-0164, CVE-2016-0166  Restart Required: Requires Restart
  • 11. MS16-038: Cumulative Security Update for Microsoft Edge (3148532)  Maximum Severity: Critical  Affected Products: Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.  Impact: Remote Code Execution  Fixes 6 vulnerabilities:  CVE-2016-0154, CVE-2016-0155, CVE-2016-0156, CVE-2016-0157, CVE-2016-0158, CVE-2016-0161  Restart Required: Requires Restart
  • 12. MS16-039: Security Update for Microsoft Graphics Component (3148522)  Maximum Severity: Critical  Affected Products: Windows, .Net, Office, Skype, Lync  Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-0143, CVE-2016-0145, CVE-2016-165 (Exploited), CVE-2016-0167 (Exploited)  Restart Required: Requires Restart
  • 13. MS16-040: Security Update for Microsoft XML Core Services (3148541)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0147  Restart Required: May Require Restart
  • 14. MS16-041: Security Update for .NET Framework (3148789)  Maximum Severity: Important  Affected Products: Windows, .Net  Description: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0148 (Disclosed)  Restart Required: May Require Restart
  • 15. MS16-042: Security Update for Microsoft Office (3148775)  Maximum Severity: Critical  Affected Products: Office, Sharepoint  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-0122, CVE-2016-0127, CVE-2016-0136, CVE-2016-0139  Restart Required: May Require Restart
  • 16. MS16-046: Security Update for Secondary Logon (3148538)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0135 (Disclosed)  Restart Required: Requires Restart
  • 17. MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack. An attacker could then force a downgrade of the authentication level of the SAM and LSAD channels and impersonate an authenticated user.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0128 (Disclosed)  Restart Required: Requires Restart
  • 18. MS16-050: Security Update for Adobe Flash Player (3154132)  Maximum Severity: Critical  Affected Products: Windows, Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.  Impact: Remote Code Execution  Fixes 24 vulnerabilities:  CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016- 1017, CVE-2016-1018, CVE-2016-1019 (Exploited), CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE- 2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016- 1031, CVE-2016-1032, CVE-2016-1033  Restart Required: Requires Restart
  • 19. APSB16-10: Security updates available for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player, Adobe AIR • Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. • Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. Please refer to APSA16-01 for details  .  Impact: Remote Code Execution  Fixes 24 vulnerabilities:  CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016- 1017, CVE-2016-1018, CVE-2016-1019 (Exploited), CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE- 2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016- 1031, CVE-2016-1032, CVE-2016-1033  Restart Required: Requires Restart
  • 20. JAVA8u79: Oracle Quarterly CPU coming next week, April 19th  Maximum Severity: Critical  Affected Products: Java Runtime • Description:  Impact:  Fixes x vulnerabilities:  ,  Restart Required: Restart Required
  • 21. MS16-044: Security Update for Windows OLE (3146706)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0153  Restart Required: Requires Restart
  • 22. MS16-045: Security Update for Windows Hyper-V (3143118)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.  Impact: Remote Code Execution  Fixes 3 vulnerabilities:  CVE-2016-0088, CVE-2016-0089, CVE-2016-0090  Restart Required: Requires Restart
  • 23. MS16-048: Security Update for CSRSS (3148528)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application.  Impact: Security Feature Bypass  Fixes 1 vulnerabilities:  CVE-2016-0151  Restart Required: Requires Restart
  • 24. MS16-049: Security Update for HTTP.sys (3148795)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.  Impact: Denial of Service  Fixes 1 vulnerabilities:  CVE-2016-0150  Restart Required: Requires Restart
  • 25.
  • 26. • Why should you attend? • Great Value: • Two days of hands on and deep dive product sessions for less than one day of consulting services • Interaction with Shavlik Product Managers and Systems Engineers • Earlybird rate of $795 • And, of course, because its Vegas baby! • For details see: • http://www.shavlik.com/tech-summit/
  • 27. Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.

Notes de l'éditeur

  1. http://www.landesk.com/company/press-releases/2016/appsense-acquisition/ http://www.asd.gov.au/publications/protect/top_4_mitigations.htm https://www.sans.org/critical-security-controls/guidelines
  2. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
  3. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Ensure that your Internet Explorer version is at the latest for the OS you are installed on. Microsoft is only updating the latest version for each supported OS since January 2016. For details please see: https://support.microsoft.com/en-us/lifecycle#gp/Microsoft-Internet-Explorer User targeted vulnerabilities – Least Privilege Mitigates Impact (4 of 6) Multiple Internet Explorer Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker could host a specially crafted website that is designed to exploit these vulnerabilities through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-generated content or advertisements, by adding specially crafted content that could exploit the vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by an enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerabilities by modifying how Internet Explorer handles objects in memory.
  4. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. User targeted vulnerabilities – Least Privilege Mitigates Impact (5 of 6) Multiple Microsoft Edge Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist when Microsoft Edge improperly accesses objects in memory. The vulnerabilities could corrupt memory that enables an attacker to execute arbitrary code in the context of the current user. An attacker could host a specially crafted website that is designed to exploit the vulnerabilities through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerabilities by modifying how Microsoft Edge handles objects in memory.
  5. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. User targeted vulnerabilities Multiple Win32k Elevation of Privilege Vulnerabilities Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerabilities and take control of an affected system. The update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory. Graphics Memory Corruption Vulnerability – CVE-2016-0145 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded fonts. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.
  6. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. User targeted vulnerabilities MSXML 3.0 Remote Code Execution Vulnerability - CVE-2016-0147 A remote code execution vulnerability exists when the Microsoft XML Core Services (MSXML) parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially-crafted website that is designed to invoke MSXML through Internet Explorer. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or a link in an Instant Messenger request that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.
  7. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Least Privilege Mitigates Impact .NET Framework Remote Code Execution Vulnerability - CVE-2016-0148 A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to access the local system with the ability to execute a malicious application. The security update addresses the vulnerability by correcting how .NET validates input on library load.
  8. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Least Privilege Mitigates Impact (4 of 4) Multiple Microsoft Office Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. Note that where the severity is indicated as Critical in the Affected Software and Vulnerability Severity Ratings table, the Preview Pane is an attack vector for CVE-2016-0127. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince them to open the specially crafted file. The security update addresses the vulnerabilities by correcting how Office handles objects in memory.
  9. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Secondary Logon Elevation of Privilege Vulnerability - CVE-2016-0135 An elevation of privilege vulnerability exists in Microsoft Windows when the Windows Secondary Logon Service fails to properly manage requests in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker must first log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how the Windows Secondary Logon Service handles requests in memory.
  10. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. https://isc.sans.edu/diary/BadLock+Vulnerability+%28CVE-2016-2118%29/20933 What to tell your Boss/Spouse/Parent Due to the hype associated with this vulnerability, you will likely get a lot of questions about it. Overall, nothing fundamentally changed: Patch as you get to it, but no reason to rush this one Do not use SMB over networks you don't trust Firewall SMB inbound and outbound If you need to connect to remote file shares, do so over a VPN. Windows SAM and LSAD Downgrade Vulnerability- CVE-2016-0128 An elevation of privilege vulnerability exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols when they accept authentication levels that do not protect them adequately. The vulnerability is caused by the way the SAM and LSAD remote protocols establish the Remote Procedure Call (RPC) channel. An attacker who successfully exploited this vulnerability could gain access to the SAM database. To exploit the vulnerability, an attacker could launch a man-in-the-middle (MiTM) attack, force a downgrade of the authentication level of the SAM and LSAD channels, and then impersonate an authenticated user. The security update addresses the vulnerability by modifying how the SAM and LSAD remote protocols handle authentication levels.
  11. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. To fully patch Flash Player you need to update the Player and plug-ins in all browsers. This could mean 4 updates for Flash, Flash for IE, Flash for Firefox, and Chrome. https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
  12. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. To fully patch Flash Player you need to update the Player and plug-ins in all browsers. This could mean 4 updates for Flash, Flash for IE, Flash for Firefox, and Chrome. https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://helpx.adobe.com/security/products/flash-player/apsa16-01.html Added AIR on April 12: http://blogs.adobe.com/psirt/?p=1334
  13. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. User targeted vulnerabilities
  14. Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. User Targeted Vulnerability Windows OLE Remote Code Execution Vulnerability - CVE-2016-0153 A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. To exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or a program from either a webpage or an email message. The update addresses the vulnerability by correcting how Windows OLE validates user input.
  15. Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Hyper-V Remote Code Execution Vulnerability – CVE-2016-0088 A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. Multiple Hyper-V Information Disclosure Vulnerabilities Information disclosure vulnerabilities exist when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerabilities, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. Customers who have not enabled the Hyper-V role are not affected. An attacker who successfully exploited the vulnerabilities could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerabilities by correcting how Hyper-V validates guest operating system user input.
  16. Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Windows CSRSS Security Feature Bypass Vulnerability - CVE-2016-0151 A security feature bypass vulnerability exists in Microsoft Windows when the Client-Server Run-time Subsystem (CSRSS) fails to properly manage process tokens in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows manages process tokens in memory.
  17. Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. HTTP.sys Denial of Service Vulnerability - CVE-2016-0150 A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. To exploit this vulnerability, an attacker could send a specially crafted HTTP packet to a target system, causing the affected system to become nonresponsive. The update addresses the vulnerability by modifying how the Windows HTTP protocol stack handles HTTP 2.0 requests. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights.
  18. Use registration code “Int2016Shavlik”
  19. Sign up for Content Announcements: Email http://www.shavlik.com/support/xmlsubscribe/ RSS http://protect7.shavlik.com/feed/ Twitter @ShavlikXML Follow us on: Shavlik on LinkedIn Twitter @ShavlikProtect Shavlik blog -> www.shavlik.com/blog Chris Goettl on LinkedIn Twitter @ChrisGoettl Sign up for webinars or download presentations and watch playbacks: http://www.shavlik.com/webinars/