eEye Digital Security - Vulnerability Expert Forum, June 2011

1,118 views
1,035 views

Published on

eEye’s monthly Vulnerability Expert Forum provides a complete analysis of recently announced critical vulnerabilities from Microsoft and other software vendors. Join us the second Wednesday of each month - the day after Patch Tuesday, when Microsoft discloses their monthly patches – to get:

- A complete analysis on the latest critical vulnerabilities, vendor patches, and zero-day threats

- Detailed assessment of the true criticality of each patch to best prioritize rollout

Expert guidance on the actions necessary to protect your systems

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,118
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

eEye Digital Security - Vulnerability Expert Forum, June 2011

  1. 1. Vulnerability Expert Forum June 15, 2011eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com
  2. 2. Agenda About eEye Microsoft’s June Security Bulletins Retina Community Other Vendor Security Updates Security Landscape: InfoSec News Secure and Comply with eEye Q&A eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 2
  3. 3. eEye at a Glance Industry Pioneers  Security Experts  Leaders in IT security since 1998  Seasoned security professionals  Developed one of the first vulnerability  Thousands of customers scanners  Some of the largest VM installations in the  Growing and profitable world Thought Leaders  Award-Winning Solutions  World-renowned security research team  Recognized product leadership  Trusted advisors to organizations  Securing companies of all sizes across industries and sizes  Unparalleled services and support eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 3
  4. 4. Why eEye The Industry Experts Say… “Retina provides a solid feature set with easy-to- use scanning controls. It’s an excellent  vulnerability scanner at a good price. This one gets our Best Buy.” “eEye Digital Security raises the standard in  enterprise endpoint protection with a management console that could almost be called next generation.” “eEye’s security research team continues to  provide good Windows vulnerability coverage and mitigation advice for zero-day vulnerabilities.” Making the Complex “Retina has many desirable features…and an Simple  extremely flexible reporting portal. The product is also attractively priced.” Unified Efficient Effective eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 4
  5. 5. eEye Research Services   eEye Preview • Advanced Vulnerability Information • Full Zero-Day Analysis and Mitigation • Custom Malware Analysis • eEye Research Tool Access • Includes Managed Perimeter Scanning   eEye AMP • Any Means Possible Penetration Testing • Gain true insight into network insecurities • “Capture-The-Flag” Scenarios   eEye Custom Research • Exploit Development • Malware Analysis   Forensics Support • Compliance Review eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 5
  6. 6. Microsoft June Security Bulletins 16 Total Bulletins; 34 Issues Fixed  Vulnerability in MHTML Could Allow Information Disclosure (2544893)  Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)  Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)  Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)  Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)  Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)  Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)  Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814) eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 6
  7. 7. Microsoft June Security Bulletins 16 Total Bulletins; 34 Issues Fixed  Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)  Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)  Vulnerability in Hyper-V Could Allow Denial of Service (2525835)  Vulnerability in SMB Server Could Allow Denial of Service (2536275)  Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)  Cumulative Security Update for Internet Explorer (2530548)  Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)  Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521) eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 7
  8. 8. Microsoft Security Bulletin: MS11-037 1 Vulnerability Fixed in Bulletin  MHTML MIME-Formatted Request Vulnerability - CVE-2011- 1894 Severity: Important My Magical Mime and Me  Allows Information Disclosure  Publicly Disclosed Mitigations  Disable the MHTML Protocol eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 8
  9. 9. Microsoft Security Bulletin: MS11-038 1 Vulnerability Fixed in Bulletin  OLE Automation Underflow Vulnerability - CVE-2011-0658 Severity: Critical Ole! Ole ole ole!  Remote code execution under the context of the currently logged in user  Privately Reported  Likely attack vector is a webpage hosting a specially crafted Windows Metafile image. Mitigations  Disable scripting, make use of trusted zones eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 9
  10. 10. Microsoft Security Bulletin: MS11-039 1 Vulnerability Fixed in Bulletin  .NET Framework Array Offset Vulnerability - CVE-2011-0664 Severity: Critical You wearing your Hair.NET?  Remote code execution under the context of the currently logged in user  Privately Reported Mitigations  Disable the ability to run partially trusted .NET applications  Adjust settings to prompt before running XAML browser applications in Internet Explorer  Prevent the Microsoft Silverlight ActiveX control from running eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 10
  11. 11. Microsoft Security Bulletin: MS11-040 1 Vulnerability Fixed in Bulletin  TMG Firewall Client Memory Corruption Vulnerability - CVE- 2011-1889 Severity: Critical Fe Fi Fofront Fum  Requires that the client make specially crafted network requests  Privately Reported Mitigations  Disable the TMG Client eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 11
  12. 12. Microsoft Security Bulletin: MS11-041 1 Vulnerability Fixed in Bulletin  Win32k OTF Validation Vulnerability - CVE-2011-1873 Severity: Critical Oh That OTF!!!  Remote code execution with Kernel level privileges  Privately Reported  Exploited when a user views a specially crafted OpenType font Mitigations  Disable the WebClient service  Disable the Preview the Details Panes in Windows Explorer  Block TCP ports 139 and 445 at the firewall eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 12
  13. 13. Microsoft Security Bulletin: MS11-042 2 Vulnerabilities Fixed in Bulletin  DFS Memory Corruption Vulnerability - CVE-2011-1868  DFS Referral Response Vulnerability - CVE-2011-1869 Severity: Critical DFS = Dress For Success  Possible unauthenticated remote code execution with elevated privileges  Both Privately Reported Mitigations  No mitigations have been identified with these vulnerabilities eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 13
  14. 14. Microsoft Security Bulletin: MS11-043 1 Vulnerability Fixed in Bulletin  SMB Response Parsing Vulnerability - CVE-2011-1268 Severity: Critical 1-Ups and Koopa Shells  Vulnerability is in the processing of an SMB response sent to a client initiated request  Unauthenticated remote code execution with elevated privileges  Privately Reported Mitigations  Block ports 139 and 445 at the firewall eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 14
  15. 15. Microsoft Security Bulletin: MS11-044 1 Vulnerability Fixed in Bulletin  .NET Framework JIT Optimization Vulnerability - CVE-2011- 1271 Severity: Critical Just In Time For Another .NET Vulnerability  Remote code execution with same privileges as the currently logged in user  Publicly Disclosed Mitigations  Disable the ability to run partially trusted .NET applications  Adjust settings to prompt before running XAML browser applications in Internet Explorer eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 15
  16. 16. Microsoft Security Bulletin: MS11-045 8 Vulnerabilities Fixed in Bulletin  Excel Insufficient Record Validation Vulnerability - CVE-2011-1272  Excel Improper Record Parsing Vulnerability - CVE-2011-1273  Excel Out of Bounds Array Access Vulnerability - CVE-2011-1274  Excel Memory Heap Overwrite Vulnerability - CVE-2011-1275  Excel Buffer Overrun Vulnerability - CVE-2011-1276  Excel Memory Corruption Vulnerability - CVE-2011-1277  Excel WriteAV Vulnerability- CVE-2011-1278  Excel Out of Bounds WriteAV Vulnerability - CVE-2011-1279 Severity: Important Excel With a Chance of a Shell  Standard Microsoft Office file format vulnerabilities Mitigations  Office file block policy  Prevent opening of files that fail Office File Validation eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 16
  17. 17. Microsoft Security Bulletin: MS11-046 1 Vulnerability Fixed in Bulletin  Ancillary Function Driver Elevation of Privilege Vulnerability - CVE-2011-1249 Severity: Important Kernel Privileges At An Ancillary Function Near You  Local elevation of privilege  Publicly Disclosed Mitigations  No mitigations have been identified with these vulnerabilities eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 17
  18. 18. Microsoft Security Bulletin: MS11-047 1 Vulnerability Fixed in Bulletin  VMBus Persistent DoS Vulnerability - CVE-2011-1872 Severity: Important Wheels on the VMBus Go Round then Down  Privately Reported  Authenticated denial of service Mitigations  No mitigations have been identified with these vulnerabilities eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 18
  19. 19. Microsoft Security Bulletin: MS11-048 1 Vulnerability Fixed in Bulletin  SMB Request Parsing Vulnerability- CVE-2011-1267 Severity: Important Watch Your Toadstool  Privately Reported  Remote, unauthenticated, denial of service via SMB requests Mitigations  Block TCP ports 139 and 445 at the firewall eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 19
  20. 20. Microsoft Security Bulletin: MS11-049 1 Vulnerability Fixed in Bulletin  XML External Entities Resolution Vulnerability - CVE-2011-1280 Severity: Important Party at the Disco  Exploited via specially crafted .disco files  Privately Reported  Information disclosure Mitigations  No mitigations have been identified with these vulnerabilities eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 20
  21. 21. Microsoft Security Bulletin: MS11-050 11 Vulnerabilities Fixed in Bulletin  MIME Sniffing Information Disclosure Vulnerability - CVE-2011-1246  Link Properties Handling Memory Corruption Vulnerability - CVE-2011-1250  DOM Manipulation Memory Corruption Vulnerability - CVE-2011-1251  toStaticHTML Information Disclosure Vulnerability - CVE-2011-1252  Drag and Drop Memory Corruption Vulnerability - CVE-2011-1254  Time Element Memory Corruption Vulnerability - CVE-2011-1255  DOM Modification Memory Corruption Vulnerability - CVE-2011-1256  Drag and Drop Information Disclosure Vulnerability - CVE-2011-1258  Layout Memory Corruption Vulnerability - CVE-2011-1260  Selection Object Memory Corruption Vulnerability - CVE-2011-1261  HTTP Redirect Memory Corruption Vulnerability - CVE-2011-1262 Severity: Critical I before E right after Vulnerability  All Privately Reported  Remote code execution Mitigations  Disable scripting, make use of trusted zones  Read emails in plain text eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 21
  22. 22. Microsoft Security Bulletin: MS11-051 1 Vulnerability Fixed in Bulletin  Active Directory Certificate Services Vulnerability - CVE-2011-1264 Severity: Important Cross Your T’s and Sign Your Certificates  Cross-Site Scripting (XSS)  Privately Reported  Requires that the user browse to an attacker controlled web site Mitigations  Enable XSS filter for Intranet Zone in Internet Explorer eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 22
  23. 23. Microsoft Security Bulletin: MS11-052 1 Vulnerability Fixed in Bulletin  VML Memory Corruption Vulnerability - CVE-2011-1266 Severity: Critical Whats Our Vector, Victor?  Privately Reported  Remote code execution with the same rights as the user  Requires that the user view an attacker controlled web site Mitigations  Disable scripting, make use of trusted zones  Read emails in plain text eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 23
  24. 24. Retina CommunityPowered by the renowned RetinaNetwork Security Scannertechnology, Retina Community is acompletely FREE vulnerabilityassessment solution.Scan up to 32 Unique IP AddressesAssessment Audits for OperatingSystems, Applications, Network Devices,and Virtualized EnvironmentsSCAP Configuration ScanningVulnerability and Executive ReportingData Export to XML, CSV, PDFAuto Update for Vulnerability Audits Download Now: http://community.eeye.com eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 24
  25. 25. Oracle Java CPU – June 2011 18 Vulnerabilities Addressed  Affecting JDK and JRE versions 6, 5, and 1.4.2  13 Vulnerabilities affect confidentiality, integrity, and availability  10 Vulnerabilities Scoring 10.0 CVSS v2 Base Score  All Vulnerabilities Remotely Exploitable Cup o’ Java  Vulnerabilities may be in an extremely common component (e.g. Sound)  Watch out for old versions not supported or those only supported by a contract  Applications package JRE as a component • “Shared” sense where Java is installed as a separate but required component • “Static” sense where Java is installed and buried within the application directory  Remove older versions of JRE/JDK if not needed eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 25
  26. 26. Adobe Security Updates – June 2011 Flash Player (APSB11-18)  Affecting 10.x on Windows, Mac OS X, UNIX/Linux, Android, Google Chrome  Exploitation seen in-the-wild; leading to execution of arbitrary code  Fixed in 10.3.181.26 for Windows, Mac, Unix, and Chrome  Android update not yet available Shockwave Player (APSB11-17)  24 Vulnerabilities Fixed Affecting Windows and Mac OS X  All Vulnerabilities could lead to code execution.  Fixed in 11.6.0.626 or newer Reader and Acrobat (APSB11-16)  13 Vulnerabilities Fixed Affecting Windows and Mac OS X  Code execution, Cross-document script execution, Security bypass  Incorporates APSB11-12 and APSB11-13 updates  Fixed in 10.1, 9.4.5, 8.3, or newer eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 26
  27. 27. Security Landscape - More than a Microsoft World CTO/CSO/CxO News  Computer Sabotage Between Nations is an Act of War  Back to the Wild West days of the Internet, oh 90s, how I missed you...  Android Wallet IT Admin News  Google Apps - What do you mean I have to update my browser now...  RSA Hacks  Apple Malware Outbreak - Because nobody predicted this would ever happen... Researcher News  Windows PatchGuard Protection  Android Trojans, Easy as 1, 2, 3... 4... 5! eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 27
  28. 28. VEF Contest You must post a comment on the “What Do You Think About eEye’s Zero- Day Tracker” blog post on the eEye blog found at http://blog.eeye.com • http://blog.eeye.com • We will pick someone at random from the responses posted • Give us your Questions, Comments, and Suggestions You must post your comment on the eEye Blog by Friday 6/17 at noon PST Prize: Amazon Kindle + $25 Amazon gift card eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 28
  29. 29. eEye Unified Vulnerability Management MANAGE AND REPORT • End-to-end vulnerability and compliance management • Assess, mitigate, and protect from one console • Centralized management, reporting, and controls • Advanced trending and analytics ASSESS MITIGATE PROTECT  Vulnerability Scanning  Integrated Patch Management  Zero-Day Protection  Configuration Auditing  Prioritized Mitigation  Intrusion Prevention  Asset Discovery & Inventory  Web Protection  Risk Scoring  Zero-Day Vulnerability Identification  Application Protection  Vulnerability Reporting  Security Alerts  System Protection  Compliance Auditing  Prescriptive Remediation Reporting SECURITY RESEARCH Automation and Efficiency = Minimized Risk and Lower TCO eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 29
  30. 30. Connect with eEye  http://blog.eeye.com  http://www.facebook.com/eEyeDigitalSecurity   http://www.twitter.com/eEye   http://www.YouTube.com/eEyeDigitalSecurity eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 30
  31. 31. Start Today Visit eEye http://www.eEye.com  About Us, Solutions, Awards, Resources, Downloads Visit the eEye Security Resource Center http://www.eEye.com/Resources  Demos, Guides, Whitepapers, Videos, Webinars, Events Contact Us 1.866.339.3732 or research@eEye.com eEye Digital Security  1.866.339.3732  www.eEye.com  info@eEye.com 31

×