Patch Tuesday Analysis - February 2016
•Download as PPTX, PDF•
0 likes•491 views
This document summarizes a webinar about the February 2016 Patch Tuesday updates. The webinar agenda includes an overview of the February 2016 Patch Tuesday, known issues, security bulletins, and a question and answer session. The document also lists several security updates from Microsoft, Adobe, Google, and Oracle that address vulnerabilities in Windows, Edge, Internet Explorer, Flash Player, Java, and other software. Many of the updates resolve remote code execution vulnerabilities and are marked as critically or highly severe.
More Related Content
What's hot
What's hot (16)
Viewers also liked
Viewers also liked (8)
Similar to Patch Tuesday Analysis - February 2016
Similar to Patch Tuesday Analysis - February 2016 (12)
More from Ivanti
More from Ivanti (20)
Recently uploaded
Recently uploaded (20)
Patch Tuesday Analysis - February 2016
- 1. Patch Tuesday Webinar Wednesday, February 10th, 2016 Chris Goettl • Sr. Product Manager Dial In: 1-855-749-4750 (US) Attendees: 929 080 249
- 2. Agenda February 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
- 6. Industry News DLL Hijacking vulnerability CVE- 2016-0603 resolved in Oracle Java out of band release. German security researcher has identified many other products that are susceptible. Flash Player redistribution to require EA with Adobe starting March 1st, 2016 (was February until recently)
- 7. CSWU-020: Cumulative Update for Windows 10: February 9, 2016 Maximum Severity: Critical Affected Products: Windows 10, Edge, Internet Explorer Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-009, MS16-011, MS16-012, MS16-013, MS16-014, MS16-016, MS16-017, MS16-018, MS16-019, and MS16-022. Impact: Remote Code Execution, Elevation of Privilege, Denial of Service Fixes 26 vulnerabilities: CVE-2016-0033, CVE-2016-0036, CVE-2016-0038, CVE-2016-0040 (Publicly Disclosed), CVE-2016-0041, CVE-2016-0042, CVE- 2016-0044, CVE-2016-0046, CVE-2016-0047, CVE-2016-0048, CVE-2016-0049, CVE-2016-0051, CVE-2016-0058, CVE-2016- 0059, CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0063, CVE-2016-0064, CVE-2016-0067, CVE-2016-0068, CVE-2016-0069, CVE-2016-0071, CVE-2016-0072, CVE-2016-0077, CVE-2016-0080, CVE-2016-0084 Restart Required: Requires Restart
- 8. MS16-009: Cumulative Security Update for Internet Explorer (3134220) Maximum Severity: Critical Affected Products: Internet Explorer Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Impact: Remote Code Execution Fixes 13 vulnerabilities: CVE-2016-0041, CVE-2016-0059, CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0063, CVE-2016-0064, CVE-2016- 0067, CVE-2016-0068, CVE-2016-0069, CVE-2016-0071, CVE-2016-0072, CVE-2016-0077 Restart Required: Requires Restart
- 9. MS16-011: Cumulative Security Update for Microsoft Edge (3134225) Maximum Severity: Critical Affected Products: Edge Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Impact: Remote Code Execution Fixes 6 vulnerabilities: CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0077, CVE-2016-0080, CVE-2016-0084 Restart Required: Requires Restart
- 10. MS16-012: Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938) Maximum Severity: Critical Affected Products: Microsoft Windows Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Microsoft Windows PDF Library improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. However, an attacker would have no way to force users to download or open a malicious PDF document. Impact: Remote Code Execution Fixes 2 vulnerabilities: CVE-2016-0046, CVE-2016-0058 Restart Required: May Require Restart
- 11. MS16-013: Security Update for Windows Journal to Address Remote Code Execution (3134811) Maximum Severity: Critical Affected Products: Microsoft Windows Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Impact: Remote Code Execution Fixes 1 vulnerabilities: CVE-2016-0038 Restart Required: May Require Restart
- 12. MS16-014: Security Update for Microsoft Windows to Address Remote Code Execution (3134228) Maximum Severity: Important Affected Products: Microsoft Windows Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application. Impact: Remote Code Execution Fixes 5 vulnerabilities: CVE-2016-0040 (Publicly Disclosed), CVE-2016-0041, CVE-2016-0042, CVE-2016-0044, CVE-2016-0049 Restart Required: Requires Restart
- 13. MS16-015: Security Update for Microsoft Office to Address Remote Code Execution (3134226) Maximum Severity: Critical Affected Products: Microsoft Office, Sharepoint Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Impact: Remote Code Execution Fixes 7 vulnerabilities: CVE-2016-0022, CVE-2016-0039 (Publicly Disclosed), CVE-2016-0052, CVE-2016-0053, CVE-2016-0054, CVE-2016-0055, CVE- 2016-0056 Restart Required: May Require Restart
- 14. MS16-022: Security Update for Adobe Flash Player (3135782) Maximum Severity: Critical Affected Products: Microsoft Windows, Adobe Flash Player Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. Impact: Remote Code Execution Fixes 22 vulnerabilities: Resolved by Adobe Flash Player update. See APSB16-004 bulletin for details. Restart Required:
- 15. APSB16-04: Security updates available for Adobe Flash Player Maximum Severity: Priority 1 Affected Products: Flash Player Description: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Impact: Remote Code Execution Fixes 22 vulnerabilities: CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016- 0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985 Restart Required:
- 16. CHROME-160: Google Chrome 48.0.2564.109 Maximum Severity: High Affected Products: Flash Player Description: The stable channel has been updated to 48.0.2564.109 for Windows, Mac, and Linux. Impact: Same-origin bypass, buffer overflow, out-of-bounds read Fixes 6 vulnerabilities: CVE-2016-1622, CVE-2016-1623, CVE-2016-1624, CVE-2016-1625, CVE-2016-1626, CVE-2016-1627, Restart Required:
- 17. Java8u73: Critical Security Update for Java Runtime Maximum Severity: Critical Affected Products: Java SE Description: This update release contains several enhancements and changes. Impact: Remote Code Execution Fixes 1 vulnerabilities: CVE-2016-0603 Restart Required: May Require Restart (almost always)
- 18. MS16-016: Security Update for WebDAV to Address Elevation of Privilege (3136041) Maximum Severity: Important Affected Products: Microsoft Windows Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses the Microsoft Web Distributed Authoring and Versioning (WebDAV) client to send specifically crafted input to a server. Impact: Elevation of Privilege Fixes 1 vulnerabilities: CVE-2016-0051 Restart Required: Requires Restart
- 19. MS16-017: Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700) Maximum Severity: Important Affected Products: Windows Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an authenticated attacker logs on to the target system using RDP and sends specially crafted data over the connection. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. Impact: Elevation of Privilege Fixes 1 vulnerabilities: CVE-2016-0036 Restart Required: Requires Restart
- 20. MS16-018: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082) Maximum Severity: Important Affected Products: Windows Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. Impact: Elevation of Privilege Fixes 1 vulnerabilities: CVE-2016-0048 Restart Required: Requires Restart
- 21. MS16-019: Security Update for .NET Framework to Address Denial of Service (3137893) Maximum Severity: Important Affected Products: Windows, .Net Framework Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. Impact: Denial of Service Fixes 1 vulnerabilities: CVE-2016-0048 Restart Required: May Require Restart
- 22. MS16-020: Security Update for Active Directory Federation Services to Address Denial of Service (3134222) Maximum Severity: Important Affected Products: Windows Description: This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS server, causing the server to become nonresponsive. Impact: Denial of Service Fixes 1 vulnerabilities: CVE-2016-0037 Restart Required: May Require Restart
- 23. MS16-021: Security Update for NPS RADIUS Server to Address Denial of Service (3133043) Maximum Severity: Important Affected Products: Windows Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could cause denial of service on a Network Policy Server (NPS) if an attacker sends specially crafted username strings to the NPS, which could prevent RADIUS authentication on the NPS. Impact: Denial of Service Fixes 1 vulnerabilities: CVE-2016-0050 Restart Required: May Require Restart
- 25. Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.
- 26. Thank you
Editor's Notes
- http://news.softpedia.com/news/dll-hijacking-issue-plagues-products-like-firefox-chrome-itunes-openoffice-500060.shtml https://www.adobe.com/products/flashplayer/distribution3.html
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Many of the vulnerabilities target a user to exploit. https://support.microsoft.com/en-us/kb/3134814 Includes 7 non-security fixes as well. Most of the vulnerabilities are exploiting objects in memory. An attacker could host a specially crafted website that is designed to exploit these vulnerabilities through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerabilities by modifying how Internet Explorer handles objects in memory.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. 4 of 6 were common across IE and Edge. Those 4 were all memory corruption vulnerabilities like in IE. Many of the vulnerabilities target a user to exploit.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Discrepancy: Calls out Server Core, but update would not install on core. WSUS also does not offer for Core. Either they will push a re-release or pull the doc discrepancy. This is PDF related so would Core really be affected? Vulnerabilities target a user to exploit. For an attack to succeed, a user must open a specially crafted Windows Reader file with an affected version of Windows Reader. In an email attack scenario, an attacker would have to convince the user to open a specially crafted Windows Reader file. The update addresses the vulnerability by modifying how Windows Reader parses files.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. For an attack to be successful, this vulnerability requires that a user open a specially crafted Journal file with an affected version of Windows Journal. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Journal file to the user and then convincing the user to open the file.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Publicly disclosed CVE-2016-0040 Known issue # 1 https://support.microsoft.com/en-us/kb/3126593 (KB3126587) Customers using Corel VideoStudio X8 or Corel VideoStudio X9 on Windows 7 may experience a crash while launching or using that product. Customers should install the latest updates from Corel to prevent this issue, or contact Corel for more information and help. The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. Known issue # 1 https://support.microsoft.com/en-us/kb/3126593 (KB3126593) After you install this security update, the behavior of searching for DLLs to load in certain scenarios (specifically, when loading implicit dependencies of COM server DLLs) will be changed from the previous behavior in the following way: Unless a prefix of the current directory’s full path is in the Safe Load List, the current directory will be skipped during the search (notice that previously, the current directory was used to search for the DLL). This new behavior may affect some legacy application behavior, and when the DLL loader notices this possible change in behavior, a warning or error message that resembles one of the following may be displayed in the Application log that is available in Event Viewer: The following warning message indicates the dependency file was not loaded from the current working directory (CWD) because of it not being trusted, but was found in another location:Loading dependency %2 from the current directory was not allowed when attempted by %1. Another DLL was found: %3. The following error message indicates the DLL was not loaded from the current working directory (CWD) because of it not being trusted, and was not found at all.Loading dependency %2 from the current directory was not allowed when attempted by %1. No other DLL was found and the dependency resolution failed. In both cases, %1 is the full path to the application process’s executable (.exe) file, and %2 is the full path if the DLL is found in the CWD. If the application requires the old dependency loading behavior for its correct operation for a specific directory, you can achieve this scenario by adding this directory or its trusted ancestor to the Safe Load List. To do this, follow these steps:Make sure that your trusted location, together with all its descendant tree, is protected properly from unauthorized modifications by NTFS permissions. Add a string value to the following subkey in the registry in which the data is the full path to that trusted location:HKLM\System\CurrentControlSet\Control\Session Manager\Safe Load Prefixes After you make these changes, as long as the CWD is under that location, the DLLs in that CWD will be trusted and loaded as before. Known issue # 2 Customers using Corel VideoStudio X8 or Corel VideoStudio X9 on Windows 7 may experience a crash while launching or using that product. Customers should install the latest updates from Corel to prevent this issue, or contact Corel for more information and help. The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. MS updated an older Security Advisory relating to RDP from last nights release. https://technet.microsoft.com/en-us/library/security/2871997 there was also a hidden KB that is not in the bulletin, but was available to deploy. CVE-2016-0039 (Publicly Disclosed) Microsoft SharePoint XSS Vulnerability – CVE-2016-0039 An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. I have Microsoft Word 2010 installed. Why am I not being offered the 3114752 update? The 3114752 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. To fully update Flash Player you must apply the IE Security Advisory, Google Chrome update, Mozilla Firefox and the Flash Player install.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Also includes support for updated Flash and the 22 fixes for Adobe Flash Plug-In. To fully update Flash Player you must apply the IE Security Advisory, Google Chrome update, Mozilla Firefox and the Flash Player install.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. http://www.oracle.com/technetwork/java/javase/8u73-relnotes-2874654.html Oracle recommends removing all older install media from your network.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. WebDAV Elevation of Privilege Vulnerability - CVE-2016-0051 An elevation of privilege vulnerability exists in the Microsoft Web Distributed Authoring and Versioning (WebDAV) client when WebDAV improperly validates input. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated permissions. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Workstations and servers are primarily vulnerable to this attack. The update addresses the vulnerability by correcting how WebDAV validates input.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Known issues in security update 3126446 https://support.microsoft.com/en-us/kb/3134700 You may have to restart the computer multiple times after you install this security update on a Windows 7-based computer that is running RDP 8.0. Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability - CVE-2016-0036 An elevation of privilege vulnerability exists in Remote Desktop Protocol (RDP) when an attacker logs on to the target system using RDP and sends specially crafted data over the authenticated connection. An attacker who successfully exploited this vulnerability could execute code with elevated privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the target system by using the Remote Desktop Protocol (RDP). An attacker could then run a specially crafted application that is designed to create the crash condition that leads to elevated privileges. The update addresses the vulnerability by correcting how RDP handles objects in memory.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Kernel-Mode Driver update. Test well. Win32k Elevation of Privilege Vulnerability - CVE-2016-0048 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. 4.5.2 is only supported version of 4.5. https://support.microsoft.com/en-us/gp/framework_faq/en-us 1. What is the Microsoft Support Lifecycle policy for .NET Framework? (reading between the lines, pretty much like IE. If it is OS level it is supported until EOL of OS, but as separate product install you should upgrade) In March 2010, Microsoft announced that beginning with .NET Framework 3.5 Service Pack 1 (SP1), the .NET Framework is defined as a component instead of an independent product. As a component, .NET Framework version 3.5 Service Pack 1 (SP1) or later assumes the same Support Lifecycle policy as its underlying Windows operating system. On August 7, 2014, Microsoft announced that support will end for .NET Framework 4, 4.5, and 4.5.1 on January 12, 2016. Customers and developers need to have completed the in-place update to .NET Framework 4.5.2 by January 12, 2016 to continue receiving technical support and security updates. Support for .NET Framework 4.5.2, as well as all other .NET Framework versions such as 3.5 SP1, will continue to be supported for the duration of the operating system support lifecycle. Additional information on the history of .NET Framework support lifecycle is available below.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Microsoft Active Directory Federation Services Denial of Service Vulnerability - CVE- 2016-0037 A denial of service vulnerability exists when Active Directory Federation Services (ADFS) attempts to process certain input during forms-based authentication. An attacker who successfully exploits this vulnerability by sending certain input during forms-based authentication could cause the server to become nonresponsive. The update addresses the vulnerability by adding additional checks on input data during forms-based authentication.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Has a Core patch, but also failed to install. We will be watching for a rerelease on this one. Network Policy Server RADIUS Implementation Denial of Service Vulnerability – CVE-2016-0050 A denial of service vulnerability exists when a Network Policy Server (NPS) improperly handles a Remote Authentication Dial-In User Service (RADIUS) authentication request. An unauthenticated attacker who successfully exploited this vulnerability could send specially crafted username strings to a Network Policy Server (NPS) causing a denial of service condition for RADIUS authentication on the NPS. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights. To exploit the vulnerability, an attacker would need to have network access to the affected NPS and then create an application to send specially crafted RADIUS authentication requests to the NPS. The security update addresses the vulnerability by changing how the NPS parses username queries when implementing RADIUS.
- Sign up for Content Announcements: Email http://www.shavlik.com/support/xmlsubscribe/ RSS http://protect7.shavlik.com/feed/ Twitter @ShavlikXML Follow us on: Shavlik on LinkedIn Twitter @ShavlikProtect Shavlik blog -> www.shavlik.com/blog Chris Goettl on LinkedIn Twitter @ChrisGoettl Sign up for webinars or download presentations and watch playbacks: http://www.shavlik.com/webinars/