june 2016 shavlik patch tuesday presentation
TRANSCRIPT
Patch Tuesday WebinarWednesday, June 15th, 2016
Chris Goettl• Product Manager, Shavlik
Dial In: 1-855-749-4750 (US) Attendees: 922 036 784Gary McAllister
Product Manager, AppSense
Agenda
June 2016 Patch Tuesday Overview
Known Issues
Bulletins
Q & A
1
2
3
4
Best Practices
Privilege Management Mitigates Impact of many exploits
High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure.
User Targeted – Whitelisting and Containerization mitigate
OF RECIPIENTS NOW OPEN PHISHING MESSAGES AND 11% CLICK ON ATTACHMENTS.
23%“Verizon 2015 Data Breach Investigations Reporthttp://www.verizonenterprise.com/DBIR/2015/”
The weakest link
Definition: User TargetedA vulnerability that cannot be exploited except by means of convincing a user to take an action. These often take the form of phishing attacks, targeted web content or documents designed to exploit the vulnerability.
January February March April May June 0
2
4
6
8
10
12
14
16
18
Bulletin Count User Targeted
Mitigate Impact
A vulnerability that when exploited allows the attacker to operate in the context of the current user. Reducing user privileges reduces the attackers ability to operate thereby slowing their ability to move around your environment.
January February March April May June0
2
4
6
8
10
12
14
16
18
Bulletin Count Privilege Management Reduces Impact
Privilege Management Reduces Impact:
News –
Adobe Zero Day update releasing tomorrow (MOST LIKELY)Expect a Chrome updateExpect another Microsoft Security BulletinFireFox will have a variation to be updated as well
Yes, this is the exact same text as I had on this slide last month…
CSWU-025: Cumulative update for Windows 10: June 14, 2016
Maximum Severity: Critical Affected Products: Windows 10, Edge, Internet Explorer, .Net Framework, WindowsDescription: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-063, MS16-068, MS16-072, MS16-073, MS16-074, MS16-075, MS16-077, MS16-078, MS16-080, MS16-082
Impact: Remote Code Execution, Elevation of Privilege, Denial of ServiceFixes 28 vulnerabilities:
CVE-2016-0199, CVE-2016-0200, CVE-2016-3202, CVE-2016-3205, CVE-2016-3206, CVE-2016-3207, CVE-2016-3210, CVE-2016-3211, CVE-2016-3212, CVE-2016-3213, CVE-2016-3198, CVE-2016-3201, CVE-2016-3203, CVE-2016-3213, CVE-2016-3214, CVE-2016-3215, CVE-2016-3222 (Publicly Disclosed), CVE-2016-3223, CVE-2016-3218, CVE-2016-3221, CVE-2016-3232, CVE-2016-3216, CVE-2016-3219, CVE-2016-3220, CVE-2016-3225, CVE-2016-3231, CVE-2016-3236, CVE-2016-3230
Restart Required: Requires Restart
MS16-063: Cumulative Security Update for Internet Explorer (3163649)
Maximum Severity: Critical Affected Products: Internet ExplorerDescription: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact: Remote Code ExecutionFixes 10 vulnerabilities:
CVE-2016-0199, CVE-2016-0200, CVE-2016-3202, CVE-2016-3205, CVE-2016-3206, CVE-2016-3207, CVE-2016-3210, CVE-2016-3211, CVE-2016-3212, CVE-2016-3213
Restart Required: Requires Restart
MS16-068: Cumulative Security Update for Microsoft Edge (3163656)
Maximum Severity: Critical Affected Products: EdgeDescription: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Impact: Remote Code ExecutionFixes 8 vulnerabilities:
CVE-2016-3198, CVE-2016-3199, CVE-2016-3201, CVE-2016-3202, CVE-2016-3203, CVE-2016-3214, CVE-2016-3215, CVE-2016-3222 (Publicly Disclosed)
Restart Required: Requires Restart
MS16-069: Cumulative Security Update for JScript and VBScript (3163640)
Maximum Severity: Critical Affected Products: WindowsDescription: This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact: Remote Code ExecutionFixes 3 vulnerabilities:
CVE-2016-3205, CVE-2016-3206, CVE-2016-3207
Restart Required: May Require Restart
MS16-070: Security Update for Microsoft Office (3163610)
Maximum Severity: Critical Affected Products: Office, SharePointDescription: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user right.
Impact: Remote Code ExecutionFixes 4 vulnerabilities:
CVE-2016-0025, CVE-2016-3233, CVE-2016-3234, CVE-2016-3235
Restart Required: May Require Restart
MS16-071: Security Update for Microsoft Windows DNS Server (3164065)
Maximum Severity: CriticalAffected Products: WindowsDescription: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a specially crafted website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact: Remote Code ExecutionFixes 1 vulnerabilities:
CVE-2016-3227
Restart Required: Requires Restart
MS16-075: Security Update for Windows SMB Server (3164038)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
Impact: Elevation of Privilege Fixes 1 vulnerabilities:
CVE-2016-3225 (Publicly Disclosed)
Restart Required: Requires Restart
MS16-077: Security Update for WPAD (3165191)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.
Impact: Elevation of Privilege Fixes 1 vulnerabilities:
CVE-2016-3236 (Publicly Disclosed)
Restart Required: Requires Restart
MS16-082: Security Update for Microsoft Windows Search Component (3165270)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.
Impact: Denial of Service Fixes 1 vulnerabilities:
CVE-2016-3230 (Publicly Disclosed)
Restart Required: Requires Restart
APSA16-03: Security Advisory for Adobe Flash Player
Maximum Severity: CriticalAffected Products: Adobe Flash PlayerDescription: A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
Impact: Remote Code ExecutionFixes 1 vulnerabilities:
CVE-2016-4171 (Exploited)
Restart Required:
MS16-072: Security Update for Group Policy (3163622)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine.
Impact: Elevation of PrivilegeFixes 1 vulnerabilities:
CVE-2016-3223
Restart Required: Requires Restart
MS16-073: Security Update for Windows Kernel-Mode Drivers (3164028)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Impact: Elevation of Privilege Fixes 3 vulnerabilities:
CVE-2016-3218, CVE-2016-3221, CVE-2016-3232
Restart Required: Requires Restart
MS16-074: Security Update for Microsoft Graphics Component (3164036)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted document or visits a specially crafted website.
Impact: Elevation of PrivilegeFixes 1 vulnerabilities:
CVE-2016-3216
Restart Required: Requires Restart
MS16-076: Security Update for Netlogon (3167691)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller.
Impact: Remote Code Execution Fixes 1 vulnerabilities:
CVE-2016-3228
Restart Required: Requires Restart
MS16-078: Security Update for Windows Diagnostic Hub (3165479)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Impact: Elevation of Privilege Fixes 1 vulnerabilities:
CVE-2016-3231
Restart Required: Requires Restart
MS16-079: Security Update for Microsoft Exchange Server (3160339)
Maximum Severity: ImportantAffected Products: Exchange ServerDescription: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted image URL in an Outlook Web Access (OWA) message that is loaded, without warning or filtering, from the attacker-controlled URL.
Impact: Information DisclosureFixes 1 vulnerabilities:
CVE-2016-0028
Restart Required: May Require Restart
MS16-080: Security Update for Microsoft Windows PDF (3164302)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user. However, an attacker would have no way to force a user to open a specially crafted .pdf file.
Impact: Remote Code ExecutionFixes 3 vulnerabilities:
CVE-2016-3201, CVE-2016-3203, CVE-2016-3215
Restart Required: May Require Restart
MS16-081: Security Update for Active Directory (3160352)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.
Impact: Denial of Service Fixes 1 vulnerabilities:
CVE-2016-3226
Restart Required: Requires Restart
Between Patch Tuesdays New Product Support: Slack Machine-Wide Installer 2, Programmer's Notepad 2, Inkscape, Microsoft Power BI Desktop 2, Malwarebytes Anti-Malware Home
Security Updates: Microsoft (1), Chrome (4), Flash Player (2), Thunderbird (2), HP System Management, LibreOffice, VMware Player, 7zip (3), iTunes (2), UltraVNC, Notepad++, Adobe Reader (3), Adobe Reader DC (3), Skype, FileZilla, Opera (2), Firefox\ESR (1), VLC Media Player, WireShark (2), KeePass,
Non-Security Updates: Microsoft (45), Slack Machine-Wide Installer (2), AutoCAD 2017 (2), TeamViewer, VMware Workstation, CDBurnerXP, GoToMeeting, Apache Tomcat, BoxSync, Splunk Universal Forwarder, VMware Tools (2), CCleaner, HipChat (3), Google Drive, Programmers Notepad, Citrix XenApp (2), Inkscape, Microsoft Power BI Desktop 2, VDA Core Services, Dropbox (2), Malwarebytes Anti-Malware Home, CoreFTP, GoodSync
Security Tools: Microsoft (1)
Resources and Webinars
Get Shavlik Content Updates
Get Social with Shavlik
Sign up for next months Patch Tuesday Webinar
Watch previous webinars and download presentation.
Thank you