monthly security bulletin briefing
play

Monthly Security Bulletin Briefing (July 2013) Teresa Ghiorzoe - PowerPoint PPT Presentation

Monthly Security Bulletin Briefing (July 2013) Teresa Ghiorzoe Security Program Manager LATAM Blog de Seguridad: http://blogs.technet.com/b/seguridad/ Twitter: LATAMSRC GBS Security Worldwide Programs 1 Security Advisories July 2013 New


  1. Monthly Security Bulletin Briefing (July 2013) Teresa Ghiorzoe Security Program Manager LATAM Blog de Seguridad: http://blogs.technet.com/b/seguridad/ Twitter: LATAMSRC GBS Security Worldwide Programs 1

  2. Security Advisories July 2013 New Rerelease Agenda 0 1 Other Security Resources Detection and Deployment • Table Product Support Lifecycle New Security • Information Bulletins July 2013 Bulletin Release • Summary 7 TechNet Public Webcast • Details Appendix Critical Important Malicious Software Removal • Tool Updates Public Security Bulletin Links • 6 1 July 2013 Non-Security • Updates GBS Security Worldwide Programs

  3. Exploit July 2013 Bulletin Impact Component Severity Priority Public Index Security MS13-052 Remote Code Execution .NET Framework Critical 2 1 Yes Bulletins MS13-053 Remote Code Execution Kernel-Mode Drivers Critical 1 1 Yes MS13-054 Remote Code Execution GDI + Critical 2 1 No MS13-055 Remote Code Execution Internet Explorer Critical 1 1 No MS13-056 Remote Code Execution DirectShow Critical 2 1 No MS13-057 Remote Code Execution Media Format Runtime Critical 2 2 No Windows Defender MS13-058 Elevation of Privilege Important 3 1 No Exploitability Index: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated GBS Security Worldwide Programs

  4. Severity : Critical MS13-052 Affected Software: .NET Framework 1.0 SP3 on Windows XP  Vulnerabilities in Media Center & Tablet PC only More Information .NET Framework .NET Framework 1.1 SP1 Deployment Update  and / or Priority Replacement .NET Framework 2.0 SP2  Known Issues and Silverlight .NET Framework 3.0 SP2  MS10- 060​ .NET Framework 3.5  MS11-078 Could Allow 2 .NET Framework 3.5 SP1 MS12-034  MS12-035 Yes 3 Remote Code .NET Framework 3.5.1  MS12-074 .NET Framework 4.0  MS13-004 Execution .NET Framework 4.5  MS13-022 - on all supported editions of Windows (2861561) Restart Uninstall Support Silverlight 5 on Windows (all editions)  Requirement Silverlight 5 Developer Runtime on Windows   Use Add or Remove Silverlight 5 on Mac Programs in Control   A restart may be Panel Silverlight 5 Developer Runtime on Mac  required Detection and Deployment 1. The MBSA does not support Windows 8, WU MU MBSA WSUS ITMU SCCM Windows Server 2012, or Windows RT 2. Windows RT devices can only be serviced with Windows and Microsoft Update 3. Windows RT devices require update 2808380 Yes Yes Yes 1 | 2 Yes 2 Yes 2 Yes 2 to be installed before WU will offer this security update GBS Security Worldwide Programs

  5. Vulnerability Details: MS13-052 Four (4) remote code execution vulnerabilities exist in the .NET Framework and Silverlight that could allow an attacker • Vulnerabilities in to take complete control of an affected system if a user can be convinced to view a website that contains a specially crafted Silverlight application or to run a specially crafted Windows .NET Framework application. .NET Framework Three (3) elevation of privilege vulnerabilities exist in the .NET Framework that could allow an attacker to take • complete control of an affected system if a user can be convinced to view a website and run a specially crafted XBAP (XAML browser application) or to run a Windows .NET Framework application . and Silverlight CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory Could Allow CVE-2013-3129 Critical Remote Code Execution 1 1 P No None None CVE-2013-3131 Critical Remote Code Execution 2 2 NA Yes None None Remote Code CVE-2013-3132 Important Elevation of Privilege 3 3 NA No None None CVE-2013-3133 Important Elevation of Privilege 3 3 NA No None None CVE-2013-3134 Critical Remote Code Execution 2 2 NA Yes None None Execution CVE-2013-3171 Important Elevation of Privilege 3 3 NA No None None CVE-2013-3178 Critical Remote Code Execution 1 1 NA No None None (2861561) Attack Vectors Mitigations Workarounds A specially crafted Web page Exploitation only gains the same user Disable Silverlight in IE, Firefox, or • • • rights as the logged on account Chrome for CVE-2013-3131 and A specially crafted XAML browser • CVE-2013-3178 application Users would have to be persuaded to • visit a malicious web site Disable partially trusted .NET apps • A specially crafted Windows .NET • for CVE-2013-3131 application Cannot be exploited automatically • through e-mail, because a user must Disable XAML browser apps in IE • A specially crafted Silverlight • open an attachment application Restrict websites to only your • By default, XBAP applications prompt trusted websites • A specially crafted TrueType font • the user before executing code file for CVE-2013-3129 There are no workarounds for • By default, IE runs in a restricted CVE-2013-3129, CVE-2013-3134, • mode for all Windows Servers and CVE-2013-3171 There are no mitigations for CVE- • 2013-3129, CVE-2013-3171 Exploitability Index: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated DoS Rating: T = Temporary (DoS ends when an attack ceases) | P = Permanent (Administrative action required to recover) GBS Security Worldwide Programs

  6. Severity | Critical MS13-053 Affected Software: Windows XP (all editions)  Vulnerabilities in Windows Server 2003 (all editions)  Windows Windows Vista (all editions) More Information  Deployment Update and / or Windows Server 2008 (all editions)  Priority Replacement Known Issues Kernel-Mode Windows 7 (all editions)  Windows Server 2008 R2 (all editions) 1  Drivers Could MS13-036 Windows 8 (all editions) Yes 3  MS13-046 Allow Remote Windows Server 2012 (all editions)  Windows RT (all editions)  Code Execution Restart Uninstall Support Requirement  Use Add or Remove (2850851) Programs in Control  A restart is Panel required Detection and Deployment 1. The MBSA does not support Windows 8, Windows Server 2012, or Windows RT WU MU MBSA WSUS ITMU SCCM 2. Windows RT devices can only be serviced with Windows and Microsoft Update 3. Windows RT devices require update 2808380 Yes Yes Yes 1 | 2 Yes 2 Yes 2 Yes 2 to be installed before WU will offer this security update GBS Security Worldwide Programs

  7. Vulnerability Details: MS13-053 Two (2) remote code execution vulnerabilities exist in the way that the Windows kernel-mode drivers improperly • Vulnerabilities in handle objects in memory and specially crafted TrueType font files could allow an attacker to take complete control of an affected system if a user opens a specially crafted file. Windows Five (5) elevation of privilege vulnerabilities exist when the Windows kernel-mode drivers improperly handle objects in • memory that could allow an attacker to execute arbitrary code with elevated privileges. A denial of service vulnerability exists in the way that the Windows kernel-mode driver improperly handles objects in • Kernel-Mode memory that could allow an attacker to cause the target system to stop responding. Drivers Could CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory CVE-2013-1300 Important Elevation of Privilege 1 1 P No No None Allow Remote CVE-2013-1340 Important Elevation of Privilege 3 1 P No No None CVE-2013-1345 Important Elevation of Privilege 3 1 P No No None Code Execution CVE-2013-3129 Critical Remote Code Execution 1 1 P No No None CVE-2013-3167 Important Elevation of Privilege NA 1 P No No None CVE-2013-3172 Moderate Denial of Service * * P Yes No None (2850851) CVE-2013-3173 Important Elevation of Privilege 1 1 P No No None CVE-2013-3660 Critical Remote Code Execution 3 3 P Yes Yes None Attack Vectors Mitigations Workarounds A specially crafted application An attacker must have valid logon Microsoft has not identified any • • • credentials and be able to log on workarounds for any of these A specially crafted TrueType font • locally to exploit this vulnerability vulnerabilities except… file for CVE-2013-3129 For CVE-2013-3129 For CVE-2013-3129 Users would have to be persuaded to Disable the WebClient service • • visit a malicious web site Block TCP ports 139 and 445 at • Cannot be exploited automatically the firewall • through e-mail, because a user must Disable the Preview Pane and • open an attachment Details Pane in Windows Explorer By default, all Microsoft e-mail clients • open HTML e-mail messages in the Restricted Sites zone Exploitability Index: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated DoS Rating: T = Temporary (DoS ends when an attack ceases) | P = Permanent (Administrative action required to recover) GBS Security Worldwide Programs

Recommend


More recommend