SlideShare a Scribd company logo

April 2016 Shavlik Patch Tuesday Presentation

Download as PPTX, PDF
LANDESK
LANDESK

See the full blog post here: http://blog.shavlik.com/april-patch-tuesday-2016/ April’s Patch Tuesday is looking and sounding like a spring weather forecast. The forecast is calling for rain, but it turned out to be partly cloudy. There has been some mixed feelings about a newly announced vulnerability, or vulnerabilities as it were, in Samba. Badlock is a vulnerability recently identified in Windows and Samba. There are eight CVEs related to Badlock, categorized as man-in-the-middle and denial-of-service attacks. The primary CVE is CVE-2016-2118. This is a multi-vendor problem, so two CVEs were opened to track for each vendor.

Software
1 of 28
Patch Tuesday Webinar Wednesday, April 13th, 2016 Chris Goettl • Sr. Product Manager Dial In: 1-855-749-4750 (US) Attendees: 922 935 176
Agenda April 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
News – Badlock Badlock.org – Described a serious flaw in Samba that would also affect windows. The CVEs were released yesterday and were a bit disappointing given the hype put out by SerNet. The primary vulnerability (CVE-2016-2118) has a base CVSS of 7.1, which is high, but the vulnerability does not fit the profile of a vulnerability likely to be exploited. CVE-2016-0128 is the only CVE relating to Windows (MS16-047). Some of the other CVEs talk about Windows, but in the context of older windows OSs and were issues resolved by config changes long ago.
News – LANDESK to acquire AppSense Complimentary features. On the Security side, Application Whitelisting and Privilege management compliment the Shavlik solutions to complete the top preventative measures to protect your environment. Australian Signals Directorate – Top 4 Mitigation Strategies, Application Whitelisting, Patch Applications, Patch Operating System, Minimize Administrative Privleges SANSCIS Critical Security Controls – Quick 5 CSC 1: Inventory of Authorized and Unauthorized Devices CSC 2: Inventory of Authorized and Unauthorized Software CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CSC 4: Continuous Vulnerability Assessment and Remediation CSC 5: Controlled Use of Administrative Privileges
Known Issues MS16-039 – Bulletin states it is required on Server Core. Our test confirmed a failure to install, WSUS test confirmed update was not even offered for Core. For Office 2010 the bulletin states it only applies to pre-vista systems with Office 2010 installed. MS16-038, MS16-046, MS16-049 – These three bulletins only apply to Windows 10. Shavlik Protect users, you will see this as CSWU-023 in product. MS16-043 – Bulletin did not release.
CSWU-023: Cumulative update for Windows 10: April 12, 2016  Maximum Severity: Critical  Affected Products: Windows 10, Edge, Internet Explorer  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-037, MS16-038, MS16-039, MS16-040, MS16-045, MS16-046, MS16-047, MS16-048, MS16-049, and MS16-050.  Impact: Remote Code Execution, Elevation of Privilege, Security Feature Bypass  Fixes 23 vulnerabilities:  CVE-2016-0154, CVE-2016-0159, CVE-2016-0160 (Disclosed), CVE-2016-0162, CVE-2016-0164, CVE-2016-0166, CVE-2016- 0155, CVE-2016-0156, CVE-2016-0157, CVE-2016-0158, CVE-2016-0161, CVE-2016-0143, CVE-2016-0145, CVE-2016-0165, CVE-2016-0167, CVE-2016-0147, CVE-2016-0088, CVE-2016-0089, CVE-2016-0090, CVE-2016-0135, CVE-2016-0128, CVE-2016- 0151, CVE-2016-0150  Restart Required: Requires Restart
MS16-037: Cumulative Security Update for Internet Explorer (3148531)  Maximum Severity: Critical  Affected Products: Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 6 vulnerabilities:  CVE-2016-0154, CVE-2016-0159, CVE-2016-0160 (Disclosed), CVE-2016-0162, CVE-2016-0164, CVE-2016-0166  Restart Required: Requires Restart
MS16-038: Cumulative Security Update for Microsoft Edge (3148532)  Maximum Severity: Critical  Affected Products: Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.  Impact: Remote Code Execution  Fixes 6 vulnerabilities:  CVE-2016-0154, CVE-2016-0155, CVE-2016-0156, CVE-2016-0157, CVE-2016-0158, CVE-2016-0161  Restart Required: Requires Restart
MS16-039: Security Update for Microsoft Graphics Component (3148522)  Maximum Severity: Critical  Affected Products: Windows, .Net, Office, Skype, Lync  Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-0143, CVE-2016-0145, CVE-2016-165 (Exploited), CVE-2016-0167 (Exploited)  Restart Required: Requires Restart
MS16-040: Security Update for Microsoft XML Core Services (3148541)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0147  Restart Required: May Require Restart
MS16-041: Security Update for .NET Framework (3148789)  Maximum Severity: Important  Affected Products: Windows, .Net  Description: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0148 (Disclosed)  Restart Required: May Require Restart
MS16-042: Security Update for Microsoft Office (3148775)  Maximum Severity: Critical  Affected Products: Office, Sharepoint  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-0122, CVE-2016-0127, CVE-2016-0136, CVE-2016-0139  Restart Required: May Require Restart
MS16-046: Security Update for Secondary Logon (3148538)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0135 (Disclosed)  Restart Required: Requires Restart
MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack. An attacker could then force a downgrade of the authentication level of the SAM and LSAD channels and impersonate an authenticated user.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0128 (Disclosed)  Restart Required: Requires Restart
MS16-050: Security Update for Adobe Flash Player (3154132)  Maximum Severity: Critical  Affected Products: Windows, Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.  Impact: Remote Code Execution  Fixes 24 vulnerabilities:  CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016- 1017, CVE-2016-1018, CVE-2016-1019 (Exploited), CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE- 2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016- 1031, CVE-2016-1032, CVE-2016-1033  Restart Required: Requires Restart
APSB16-10: Security updates available for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player, Adobe AIR • Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. • Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. Please refer to APSA16-01 for details  .  Impact: Remote Code Execution  Fixes 24 vulnerabilities:  CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016- 1017, CVE-2016-1018, CVE-2016-1019 (Exploited), CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE- 2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016- 1031, CVE-2016-1032, CVE-2016-1033  Restart Required: Requires Restart
JAVA8u79: Oracle Quarterly CPU coming next week, April 19th  Maximum Severity: Critical  Affected Products: Java Runtime • Description:  Impact:  Fixes x vulnerabilities:  ,  Restart Required: Restart Required
MS16-044: Security Update for Windows OLE (3146706)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0153  Restart Required: Requires Restart
MS16-045: Security Update for Windows Hyper-V (3143118)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.  Impact: Remote Code Execution  Fixes 3 vulnerabilities:  CVE-2016-0088, CVE-2016-0089, CVE-2016-0090  Restart Required: Requires Restart
MS16-048: Security Update for CSRSS (3148528)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application.  Impact: Security Feature Bypass  Fixes 1 vulnerabilities:  CVE-2016-0151  Restart Required: Requires Restart
MS16-049: Security Update for HTTP.sys (3148795)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.  Impact: Denial of Service  Fixes 1 vulnerabilities:  CVE-2016-0150  Restart Required: Requires Restart
• Why should you attend? • Great Value: • Two days of hands on and deep dive product sessions for less than one day of consulting services • Interaction with Shavlik Product Managers and Systems Engineers • Earlybird rate of $795 • And, of course, because its Vegas baby! • For details see: • http://www.shavlik.com/tech-summit/
Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.
Thank you

Recommended

How is life like changing weather
How is life like changing weatherHow is life like changing weather
How is life like changing weatherKatie Vanko
 
Obtaining Advanced Dental Assistant Certification in South Dakota
Obtaining Advanced Dental Assistant Certification in South DakotaObtaining Advanced Dental Assistant Certification in South Dakota
Obtaining Advanced Dental Assistant Certification in South DakotaBrooke Kuecker
 
International sales training- English language in Hochiminh Vietnam
International sales training- English language in Hochiminh VietnamInternational sales training- English language in Hochiminh Vietnam
International sales training- English language in Hochiminh VietnamWin Chu
 
Yang baru
Yang baruYang baru
Yang barubanatpalma
 
Ir classification association
Ir classification associationIr classification association
Ir classification associationswapnil shinde
 
Task: 31 Editing images
Task: 31 Editing imagesTask: 31 Editing images
Task: 31 Editing imagesPOD97
 
Preparing the Engineer of the Future, Part II: Projects around the Globe
Preparing the Engineer of the Future, Part II: Projects around the GlobePreparing the Engineer of the Future, Part II: Projects around the Globe
Preparing the Engineer of the Future, Part II: Projects around the GlobeRick Vaz
 
Guide To Content Analysis
Guide To Content AnalysisGuide To Content Analysis
Guide To Content AnalysisTommy Jo St John
 

Recommended

How is life like changing weather
How is life like changing weatherHow is life like changing weather
How is life like changing weatherKatie Vanko
 
Obtaining Advanced Dental Assistant Certification in South Dakota
Obtaining Advanced Dental Assistant Certification in South DakotaObtaining Advanced Dental Assistant Certification in South Dakota
Obtaining Advanced Dental Assistant Certification in South DakotaBrooke Kuecker
 
International sales training- English language in Hochiminh Vietnam
International sales training- English language in Hochiminh VietnamInternational sales training- English language in Hochiminh Vietnam
International sales training- English language in Hochiminh VietnamWin Chu
 
Yang baru
Yang baruYang baru
Yang barubanatpalma
 
Ir classification association
Ir classification associationIr classification association
Ir classification associationswapnil shinde
 
Task: 31 Editing images
Task: 31 Editing imagesTask: 31 Editing images
Task: 31 Editing imagesPOD97
 
Preparing the Engineer of the Future, Part II: Projects around the Globe
Preparing the Engineer of the Future, Part II: Projects around the GlobePreparing the Engineer of the Future, Part II: Projects around the Globe
Preparing the Engineer of the Future, Part II: Projects around the GlobeRick Vaz
 
Guide To Content Analysis
Guide To Content AnalysisGuide To Content Analysis
Guide To Content AnalysisTommy Jo St John
 
Innovation academy
Innovation academyInnovation academy
Innovation academyStrategy Crowd
 
Formato plan de asignatura o área
Formato plan de asignatura o áreaFormato plan de asignatura o área
Formato plan de asignatura o áreaAndrea Londoño
 
Alternative education.britishopenuniversity
Alternative education.britishopenuniversityAlternative education.britishopenuniversity
Alternative education.britishopenuniversityJoem Magante
 
Tribological testing regime for establishing ficiency of zddp in presence of ...
Tribological testing regime for establishing ficiency of zddp in presence of ...Tribological testing regime for establishing ficiency of zddp in presence of ...
Tribological testing regime for establishing ficiency of zddp in presence of ...IAEME Publication
 
การทำตัวอักษรควันบุหรี่
การทำตัวอักษรควันบุหรี่การทำตัวอักษรควันบุหรี่
การทำตัวอักษรควันบุหรี่Lovevy Poi
 
Field Hockey patterns of play 13
Field Hockey patterns of play 13Field Hockey patterns of play 13
Field Hockey patterns of play 13Derek Pappas
 
January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikLANDESK
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikLANDESK
 
November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikLANDESK
 
October2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikOctober2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikLANDESK
 
Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016LANDESK
 
August Patch Tuesday 2016
August Patch Tuesday 2016August Patch Tuesday 2016
August Patch Tuesday 2016LANDESK
 
Ransomware Mitigation Strategies
Ransomware Mitigation StrategiesRansomware Mitigation Strategies
Ransomware Mitigation StrategiesLANDESK
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 

More Related Content

Viewers also liked

Formato plan de asignatura o área
Formato plan de asignatura o áreaFormato plan de asignatura o área
Formato plan de asignatura o áreaAndrea Londoño
 
Alternative education.britishopenuniversity
Alternative education.britishopenuniversityAlternative education.britishopenuniversity
Alternative education.britishopenuniversityJoem Magante
 
Tribological testing regime for establishing ficiency of zddp in presence of ...
Tribological testing regime for establishing ficiency of zddp in presence of ...Tribological testing regime for establishing ficiency of zddp in presence of ...
Tribological testing regime for establishing ficiency of zddp in presence of ...IAEME Publication
 
การทำตัวอักษรควันบุหรี่
การทำตัวอักษรควันบุหรี่การทำตัวอักษรควันบุหรี่
การทำตัวอักษรควันบุหรี่Lovevy Poi
 
Field Hockey patterns of play 13
Field Hockey patterns of play 13Field Hockey patterns of play 13
Field Hockey patterns of play 13Derek Pappas
 

Viewers also liked (6)

Innovation academy
Innovation academyInnovation academy
Innovation academy
 
Formato plan de asignatura o área
Formato plan de asignatura o áreaFormato plan de asignatura o área
Formato plan de asignatura o área
 
Alternative education.britishopenuniversity
Alternative education.britishopenuniversityAlternative education.britishopenuniversity
Alternative education.britishopenuniversity
 
Tribological testing regime for establishing ficiency of zddp in presence of ...
Tribological testing regime for establishing ficiency of zddp in presence of ...Tribological testing regime for establishing ficiency of zddp in presence of ...
Tribological testing regime for establishing ficiency of zddp in presence of ...
 
การทำตัวอักษรควันบุหรี่
การทำตัวอักษรควันบุหรี่การทำตัวอักษรควันบุหรี่
การทำตัวอักษรควันบุหรี่
 
Field Hockey patterns of play 13
Field Hockey patterns of play 13Field Hockey patterns of play 13
Field Hockey patterns of play 13
 

More from LANDESK

January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikLANDESK
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikLANDESK
 
November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikLANDESK
 
October2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikOctober2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikLANDESK
 
Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016LANDESK
 
August Patch Tuesday 2016
August Patch Tuesday 2016August Patch Tuesday 2016
August Patch Tuesday 2016LANDESK
 
Ransomware Mitigation Strategies
Ransomware Mitigation StrategiesRansomware Mitigation Strategies
Ransomware Mitigation StrategiesLANDESK
 

More from LANDESK (7)

January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlik
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlik
 
November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlik
 
October2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikOctober2016 patchtuesdayshavlik
October2016 patchtuesdayshavlik
 
Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016
 
August Patch Tuesday 2016
August Patch Tuesday 2016August Patch Tuesday 2016
August Patch Tuesday 2016
 
Ransomware Mitigation Strategies
Ransomware Mitigation StrategiesRansomware Mitigation Strategies
Ransomware Mitigation Strategies
 

Recently uploaded

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 

Recently uploaded (20)

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 

April 2016 Shavlik Patch Tuesday Presentation

  • 1. Patch Tuesday Webinar Wednesday, April 13th, 2016 Chris Goettl • Sr. Product Manager Dial In: 1-855-749-4750 (US) Attendees: 922 935 176
  • 2. Agenda April 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
  • 3.
  • 4.
  • 5.
  • 6. News – Badlock Badlock.org – Described a serious flaw in Samba that would also affect windows. The CVEs were released yesterday and were a bit disappointing given the hype put out by SerNet. The primary vulnerability (CVE-2016-2118) has a base CVSS of 7.1, which is high, but the vulnerability does not fit the profile of a vulnerability likely to be exploited. CVE-2016-0128 is the only CVE relating to Windows (MS16-047). Some of the other CVEs talk about Windows, but in the context of older windows OSs and were issues resolved by config changes long ago.
  • 7. News – LANDESK to acquire AppSense Complimentary features. On the Security side, Application Whitelisting and Privilege management compliment the Shavlik solutions to complete the top preventative measures to protect your environment. Australian Signals Directorate – Top 4 Mitigation Strategies, Application Whitelisting, Patch Applications, Patch Operating System, Minimize Administrative Privleges SANSCIS Critical Security Controls – Quick 5 CSC 1: Inventory of Authorized and Unauthorized Devices CSC 2: Inventory of Authorized and Unauthorized Software CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CSC 4: Continuous Vulnerability Assessment and Remediation CSC 5: Controlled Use of Administrative Privileges
  • 8. Known Issues MS16-039 – Bulletin states it is required on Server Core. Our test confirmed a failure to install, WSUS test confirmed update was not even offered for Core. For Office 2010 the bulletin states it only applies to pre-vista systems with Office 2010 installed. MS16-038, MS16-046, MS16-049 – These three bulletins only apply to Windows 10. Shavlik Protect users, you will see this as CSWU-023 in product. MS16-043 – Bulletin did not release.
  • 9. CSWU-023: Cumulative update for Windows 10: April 12, 2016  Maximum Severity: Critical  Affected Products: Windows 10, Edge, Internet Explorer  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-037, MS16-038, MS16-039, MS16-040, MS16-045, MS16-046, MS16-047, MS16-048, MS16-049, and MS16-050.  Impact: Remote Code Execution, Elevation of Privilege, Security Feature Bypass  Fixes 23 vulnerabilities:  CVE-2016-0154, CVE-2016-0159, CVE-2016-0160 (Disclosed), CVE-2016-0162, CVE-2016-0164, CVE-2016-0166, CVE-2016- 0155, CVE-2016-0156, CVE-2016-0157, CVE-2016-0158, CVE-2016-0161, CVE-2016-0143, CVE-2016-0145, CVE-2016-0165, CVE-2016-0167, CVE-2016-0147, CVE-2016-0088, CVE-2016-0089, CVE-2016-0090, CVE-2016-0135, CVE-2016-0128, CVE-2016- 0151, CVE-2016-0150  Restart Required: Requires Restart
  • 10. MS16-037: Cumulative Security Update for Internet Explorer (3148531)  Maximum Severity: Critical  Affected Products: Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 6 vulnerabilities:  CVE-2016-0154, CVE-2016-0159, CVE-2016-0160 (Disclosed), CVE-2016-0162, CVE-2016-0164, CVE-2016-0166  Restart Required: Requires Restart
  • 11. MS16-038: Cumulative Security Update for Microsoft Edge (3148532)  Maximum Severity: Critical  Affected Products: Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.  Impact: Remote Code Execution  Fixes 6 vulnerabilities:  CVE-2016-0154, CVE-2016-0155, CVE-2016-0156, CVE-2016-0157, CVE-2016-0158, CVE-2016-0161  Restart Required: Requires Restart
  • 12. MS16-039: Security Update for Microsoft Graphics Component (3148522)  Maximum Severity: Critical  Affected Products: Windows, .Net, Office, Skype, Lync  Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-0143, CVE-2016-0145, CVE-2016-165 (Exploited), CVE-2016-0167 (Exploited)  Restart Required: Requires Restart
  • 13. MS16-040: Security Update for Microsoft XML Core Services (3148541)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0147  Restart Required: May Require Restart
  • 14. MS16-041: Security Update for .NET Framework (3148789)  Maximum Severity: Important  Affected Products: Windows, .Net  Description: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0148 (Disclosed)  Restart Required: May Require Restart
  • 15. MS16-042: Security Update for Microsoft Office (3148775)  Maximum Severity: Critical  Affected Products: Office, Sharepoint  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-0122, CVE-2016-0127, CVE-2016-0136, CVE-2016-0139  Restart Required: May Require Restart
  • 16. MS16-046: Security Update for Secondary Logon (3148538)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0135 (Disclosed)  Restart Required: Requires Restart
  • 17. MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack. An attacker could then force a downgrade of the authentication level of the SAM and LSAD channels and impersonate an authenticated user.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0128 (Disclosed)  Restart Required: Requires Restart
  • 18. MS16-050: Security Update for Adobe Flash Player (3154132)  Maximum Severity: Critical  Affected Products: Windows, Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.  Impact: Remote Code Execution  Fixes 24 vulnerabilities:  CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016- 1017, CVE-2016-1018, CVE-2016-1019 (Exploited), CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE- 2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016- 1031, CVE-2016-1032, CVE-2016-1033  Restart Required: Requires Restart
  • 19. APSB16-10: Security updates available for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player, Adobe AIR • Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. • Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. Please refer to APSA16-01 for details  .  Impact: Remote Code Execution  Fixes 24 vulnerabilities:  CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016- 1017, CVE-2016-1018, CVE-2016-1019 (Exploited), CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE- 2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016- 1031, CVE-2016-1032, CVE-2016-1033  Restart Required: Requires Restart
  • 20. JAVA8u79: Oracle Quarterly CPU coming next week, April 19th  Maximum Severity: Critical  Affected Products: Java Runtime • Description:  Impact:  Fixes x vulnerabilities:  ,  Restart Required: Restart Required
  • 21. MS16-044: Security Update for Windows OLE (3146706)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0153  Restart Required: Requires Restart
  • 22. MS16-045: Security Update for Windows Hyper-V (3143118)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.  Impact: Remote Code Execution  Fixes 3 vulnerabilities:  CVE-2016-0088, CVE-2016-0089, CVE-2016-0090  Restart Required: Requires Restart
  • 23. MS16-048: Security Update for CSRSS (3148528)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application.  Impact: Security Feature Bypass  Fixes 1 vulnerabilities:  CVE-2016-0151  Restart Required: Requires Restart
  • 24. MS16-049: Security Update for HTTP.sys (3148795)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.  Impact: Denial of Service  Fixes 1 vulnerabilities:  CVE-2016-0150  Restart Required: Requires Restart
  • 25.
  • 26. • Why should you attend? • Great Value: • Two days of hands on and deep dive product sessions for less than one day of consulting services • Interaction with Shavlik Product Managers and Systems Engineers • Earlybird rate of $795 • And, of course, because its Vegas baby! • For details see: • http://www.shavlik.com/tech-summit/
  • 27. Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.

Editor's Notes

  1. http://www.landesk.com/company/press-releases/2016/appsense-acquisition/ http://www.asd.gov.au/publications/protect/top_4_mitigations.htm https://www.sans.org/critical-security-controls/guidelines
  2. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
  3. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Ensure that your Internet Explorer version is at the latest for the OS you are installed on. Microsoft is only updating the latest version for each supported OS since January 2016. For details please see: https://support.microsoft.com/en-us/lifecycle#gp/Microsoft-Internet-Explorer User targeted vulnerabilities – Least Privilege Mitigates Impact (4 of 6) Multiple Internet Explorer Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker could host a specially crafted website that is designed to exploit these vulnerabilities through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-generated content or advertisements, by adding specially crafted content that could exploit the vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by an enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerabilities by modifying how Internet Explorer handles objects in memory.
  4. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. User targeted vulnerabilities – Least Privilege Mitigates Impact (5 of 6) Multiple Microsoft Edge Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist when Microsoft Edge improperly accesses objects in memory. The vulnerabilities could corrupt memory that enables an attacker to execute arbitrary code in the context of the current user. An attacker could host a specially crafted website that is designed to exploit the vulnerabilities through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerabilities by modifying how Microsoft Edge handles objects in memory.
  5. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. User targeted vulnerabilities Multiple Win32k Elevation of Privilege Vulnerabilities Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerabilities and take control of an affected system. The update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory. Graphics Memory Corruption Vulnerability – CVE-2016-0145 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded fonts. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.
  6. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. User targeted vulnerabilities MSXML 3.0 Remote Code Execution Vulnerability - CVE-2016-0147 A remote code execution vulnerability exists when the Microsoft XML Core Services (MSXML) parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially-crafted website that is designed to invoke MSXML through Internet Explorer. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or a link in an Instant Messenger request that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.
  7. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Least Privilege Mitigates Impact .NET Framework Remote Code Execution Vulnerability - CVE-2016-0148 A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to access the local system with the ability to execute a malicious application. The security update addresses the vulnerability by correcting how .NET validates input on library load.
  8. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Least Privilege Mitigates Impact (4 of 4) Multiple Microsoft Office Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. Note that where the severity is indicated as Critical in the Affected Software and Vulnerability Severity Ratings table, the Preview Pane is an attack vector for CVE-2016-0127. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince them to open the specially crafted file. The security update addresses the vulnerabilities by correcting how Office handles objects in memory.
  9. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Secondary Logon Elevation of Privilege Vulnerability - CVE-2016-0135 An elevation of privilege vulnerability exists in Microsoft Windows when the Windows Secondary Logon Service fails to properly manage requests in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker must first log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how the Windows Secondary Logon Service handles requests in memory.
  10. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. https://isc.sans.edu/diary/BadLock+Vulnerability+%28CVE-2016-2118%29/20933 What to tell your Boss/Spouse/Parent Due to the hype associated with this vulnerability, you will likely get a lot of questions about it. Overall, nothing fundamentally changed: Patch as you get to it, but no reason to rush this one Do not use SMB over networks you don't trust Firewall SMB inbound and outbound If you need to connect to remote file shares, do so over a VPN. Windows SAM and LSAD Downgrade Vulnerability- CVE-2016-0128 An elevation of privilege vulnerability exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols when they accept authentication levels that do not protect them adequately. The vulnerability is caused by the way the SAM and LSAD remote protocols establish the Remote Procedure Call (RPC) channel. An attacker who successfully exploited this vulnerability could gain access to the SAM database. To exploit the vulnerability, an attacker could launch a man-in-the-middle (MiTM) attack, force a downgrade of the authentication level of the SAM and LSAD channels, and then impersonate an authenticated user. The security update addresses the vulnerability by modifying how the SAM and LSAD remote protocols handle authentication levels.
  11. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. To fully patch Flash Player you need to update the Player and plug-ins in all browsers. This could mean 4 updates for Flash, Flash for IE, Flash for Firefox, and Chrome. https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
  12. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. To fully patch Flash Player you need to update the Player and plug-ins in all browsers. This could mean 4 updates for Flash, Flash for IE, Flash for Firefox, and Chrome. https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://helpx.adobe.com/security/products/flash-player/apsa16-01.html Added AIR on April 12: http://blogs.adobe.com/psirt/?p=1334
  13. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. User targeted vulnerabilities
  14. Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. User Targeted Vulnerability Windows OLE Remote Code Execution Vulnerability - CVE-2016-0153 A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. To exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or a program from either a webpage or an email message. The update addresses the vulnerability by correcting how Windows OLE validates user input.
  15. Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Hyper-V Remote Code Execution Vulnerability – CVE-2016-0088 A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. Multiple Hyper-V Information Disclosure Vulnerabilities Information disclosure vulnerabilities exist when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerabilities, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. Customers who have not enabled the Hyper-V role are not affected. An attacker who successfully exploited the vulnerabilities could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerabilities by correcting how Hyper-V validates guest operating system user input.
  16. Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Windows CSRSS Security Feature Bypass Vulnerability - CVE-2016-0151 A security feature bypass vulnerability exists in Microsoft Windows when the Client-Server Run-time Subsystem (CSRSS) fails to properly manage process tokens in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows manages process tokens in memory.
  17. Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. HTTP.sys Denial of Service Vulnerability - CVE-2016-0150 A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. To exploit this vulnerability, an attacker could send a specially crafted HTTP packet to a target system, causing the affected system to become nonresponsive. The update addresses the vulnerability by modifying how the Windows HTTP protocol stack handles HTTP 2.0 requests. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights.
  18. Use registration code “Int2016Shavlik”
  19. Sign up for Content Announcements: Email http://www.shavlik.com/support/xmlsubscribe/ RSS http://protect7.shavlik.com/feed/ Twitter @ShavlikXML Follow us on: Shavlik on LinkedIn Twitter @ShavlikProtect Shavlik blog -> www.shavlik.com/blog Chris Goettl on LinkedIn Twitter @ChrisGoettl Sign up for webinars or download presentations and watch playbacks: http://www.shavlik.com/webinars/