Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

April 2016 Shavlik Patch Tuesday Presentation

See the full blog post here: http://blog.shavlik.com/april-patch-tuesday-2016/

April’s Patch Tuesday is looking and sounding like a spring weather forecast. The forecast is calling for rain, but it turned out to be partly cloudy. There has been some mixed feelings about a newly announced vulnerability, or vulnerabilities as it were, in Samba.

Badlock is a vulnerability recently identified in Windows and Samba. There are eight CVEs related to Badlock, categorized as man-in-the-middle and denial-of-service attacks. The primary CVE is CVE-2016-2118. This is a multi-vendor problem, so two CVEs were opened to track for each vendor.

Ähnliche Bücher

Kostenlos mit einer 30-tägigen Testversion von Scribd

Alle anzeigen

Ähnliche Hörbücher

Kostenlos mit einer 30-tägigen Testversion von Scribd

Alle anzeigen
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

April 2016 Shavlik Patch Tuesday Presentation

  1. 1. Patch Tuesday Webinar Wednesday, April 13th, 2016 Chris Goettl • Sr. Product Manager Dial In: 1-855-749-4750 (US) Attendees: 922 935 176
  2. 2. Agenda April 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
  3. 3. News – Badlock Badlock.org – Described a serious flaw in Samba that would also affect windows. The CVEs were released yesterday and were a bit disappointing given the hype put out by SerNet. The primary vulnerability (CVE-2016-2118) has a base CVSS of 7.1, which is high, but the vulnerability does not fit the profile of a vulnerability likely to be exploited. CVE-2016-0128 is the only CVE relating to Windows (MS16-047). Some of the other CVEs talk about Windows, but in the context of older windows OSs and were issues resolved by config changes long ago.
  4. 4. News – LANDESK to acquire AppSense Complimentary features. On the Security side, Application Whitelisting and Privilege management compliment the Shavlik solutions to complete the top preventative measures to protect your environment. Australian Signals Directorate – Top 4 Mitigation Strategies, Application Whitelisting, Patch Applications, Patch Operating System, Minimize Administrative Privleges SANSCIS Critical Security Controls – Quick 5 CSC 1: Inventory of Authorized and Unauthorized Devices CSC 2: Inventory of Authorized and Unauthorized Software CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CSC 4: Continuous Vulnerability Assessment and Remediation CSC 5: Controlled Use of Administrative Privileges
  5. 5. Known Issues MS16-039 – Bulletin states it is required on Server Core. Our test confirmed a failure to install, WSUS test confirmed update was not even offered for Core. For Office 2010 the bulletin states it only applies to pre-vista systems with Office 2010 installed. MS16-038, MS16-046, MS16-049 – These three bulletins only apply to Windows 10. Shavlik Protect users, you will see this as CSWU-023 in product. MS16-043 – Bulletin did not release.
  6. 6. CSWU-023: Cumulative update for Windows 10: April 12, 2016  Maximum Severity: Critical  Affected Products: Windows 10, Edge, Internet Explorer  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-037, MS16-038, MS16-039, MS16-040, MS16-045, MS16-046, MS16-047, MS16-048, MS16-049, and MS16-050.  Impact: Remote Code Execution, Elevation of Privilege, Security Feature Bypass  Fixes 23 vulnerabilities:  CVE-2016-0154, CVE-2016-0159, CVE-2016-0160 (Disclosed), CVE-2016-0162, CVE-2016-0164, CVE-2016-0166, CVE-2016- 0155, CVE-2016-0156, CVE-2016-0157, CVE-2016-0158, CVE-2016-0161, CVE-2016-0143, CVE-2016-0145, CVE-2016-0165, CVE-2016-0167, CVE-2016-0147, CVE-2016-0088, CVE-2016-0089, CVE-2016-0090, CVE-2016-0135, CVE-2016-0128, CVE-2016- 0151, CVE-2016-0150  Restart Required: Requires Restart
  7. 7. MS16-037: Cumulative Security Update for Internet Explorer (3148531)  Maximum Severity: Critical  Affected Products: Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 6 vulnerabilities:  CVE-2016-0154, CVE-2016-0159, CVE-2016-0160 (Disclosed), CVE-2016-0162, CVE-2016-0164, CVE-2016-0166  Restart Required: Requires Restart
  8. 8. MS16-038: Cumulative Security Update for Microsoft Edge (3148532)  Maximum Severity: Critical  Affected Products: Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.  Impact: Remote Code Execution  Fixes 6 vulnerabilities:  CVE-2016-0154, CVE-2016-0155, CVE-2016-0156, CVE-2016-0157, CVE-2016-0158, CVE-2016-0161  Restart Required: Requires Restart
  9. 9. MS16-039: Security Update for Microsoft Graphics Component (3148522)  Maximum Severity: Critical  Affected Products: Windows, .Net, Office, Skype, Lync  Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-0143, CVE-2016-0145, CVE-2016-165 (Exploited), CVE-2016-0167 (Exploited)  Restart Required: Requires Restart
  10. 10. MS16-040: Security Update for Microsoft XML Core Services (3148541)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0147  Restart Required: May Require Restart
  11. 11. MS16-041: Security Update for .NET Framework (3148789)  Maximum Severity: Important  Affected Products: Windows, .Net  Description: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0148 (Disclosed)  Restart Required: May Require Restart
  12. 12. MS16-042: Security Update for Microsoft Office (3148775)  Maximum Severity: Critical  Affected Products: Office, Sharepoint  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-0122, CVE-2016-0127, CVE-2016-0136, CVE-2016-0139  Restart Required: May Require Restart
  13. 13. MS16-046: Security Update for Secondary Logon (3148538)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0135 (Disclosed)  Restart Required: Requires Restart
  14. 14. MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack. An attacker could then force a downgrade of the authentication level of the SAM and LSAD channels and impersonate an authenticated user.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0128 (Disclosed)  Restart Required: Requires Restart
  15. 15. MS16-050: Security Update for Adobe Flash Player (3154132)  Maximum Severity: Critical  Affected Products: Windows, Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.  Impact: Remote Code Execution  Fixes 24 vulnerabilities:  CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016- 1017, CVE-2016-1018, CVE-2016-1019 (Exploited), CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE- 2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016- 1031, CVE-2016-1032, CVE-2016-1033  Restart Required: Requires Restart
  16. 16. APSB16-10: Security updates available for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player, Adobe AIR • Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. • Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. Please refer to APSA16-01 for details  .  Impact: Remote Code Execution  Fixes 24 vulnerabilities:  CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016- 1017, CVE-2016-1018, CVE-2016-1019 (Exploited), CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE- 2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016- 1031, CVE-2016-1032, CVE-2016-1033  Restart Required: Requires Restart
  17. 17. JAVA8u79: Oracle Quarterly CPU coming next week, April 19th  Maximum Severity: Critical  Affected Products: Java Runtime • Description:  Impact:  Fixes x vulnerabilities:  ,  Restart Required: Restart Required
  18. 18. MS16-044: Security Update for Windows OLE (3146706)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0153  Restart Required: Requires Restart
  19. 19. MS16-045: Security Update for Windows Hyper-V (3143118)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.  Impact: Remote Code Execution  Fixes 3 vulnerabilities:  CVE-2016-0088, CVE-2016-0089, CVE-2016-0090  Restart Required: Requires Restart
  20. 20. MS16-048: Security Update for CSRSS (3148528)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application.  Impact: Security Feature Bypass  Fixes 1 vulnerabilities:  CVE-2016-0151  Restart Required: Requires Restart
  21. 21. MS16-049: Security Update for HTTP.sys (3148795)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.  Impact: Denial of Service  Fixes 1 vulnerabilities:  CVE-2016-0150  Restart Required: Requires Restart
  22. 22. • Why should you attend? • Great Value: • Two days of hands on and deep dive product sessions for less than one day of consulting services • Interaction with Shavlik Product Managers and Systems Engineers • Earlybird rate of $795 • And, of course, because its Vegas baby! • For details see: • http://www.shavlik.com/tech-summit/
  23. 23. Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.
  24. 24. Thank you

    Als Erste(r) kommentieren

    Loggen Sie sich ein, um Kommentare anzuzeigen.

See the full blog post here: http://blog.shavlik.com/april-patch-tuesday-2016/ April’s Patch Tuesday is looking and sounding like a spring weather forecast. The forecast is calling for rain, but it turned out to be partly cloudy. There has been some mixed feelings about a newly announced vulnerability, or vulnerabilities as it were, in Samba. Badlock is a vulnerability recently identified in Windows and Samba. There are eight CVEs related to Badlock, categorized as man-in-the-middle and denial-of-service attacks. The primary CVE is CVE-2016-2118. This is a multi-vendor problem, so two CVEs were opened to track for each vendor.

Aufrufe

Aufrufe insgesamt

178

Auf Slideshare

0

Aus Einbettungen

0

Anzahl der Einbettungen

10

Befehle

Downloads

1

Geteilt

0

Kommentare

0

Likes

0

×