SlideShare a Scribd company logo

Februar Patch Tuesday 2015 Webinar

Download as PPTX, PDF
Wolfgang Kandek
Wolfgang Kandek

Adobe and Microsoft Patches for February 2015. Plus data on the GHOST vulnerability, real impact or over-hyped.

Internet
1 of 42
Patch Overview February 2015 Wolfgang Kandek, Qualys, Inc February 12, 2014
February Patches • Adobe Flash under direct Attack in January/February • Normal = 1 update per month. Current = 4 • January 13 – APSB14-01 – 9 critical vulnerabilities
February Patches • Adobe Flash under direct Attack in January/February • Normal = 1 update per month. Current = 4 • January 13 – APSB14-01 – 9 critical vulnerabilities
February Patches • Adobe Flash under direct Attack in January/February • Normal = 1 update per month. Current = 4 • January 13 – APSB14-01 – 9 critical vulnerabilities • January 21 - @Kafeine detects 0-day CVE-2015-0311 • Angler Exploit Kit
February Patches • Adobe Flash under direct Attack in January/February • Normal = 1 update per month. Current = 4 • January 13 – APSB14-01 – 9 critical vulnerabilities • January 21 - @Kafeine detects 0-day CVE-2015-0311 • Angler Exploit Kit • January 22 – APSB14-02 for CVE-2015-0310 (no typo) • Under attack in the wild (0-day) • Mentions CVE-2015-0311 (sort of) • Credits 3 Researchers, including @Kafeine
February Patches • Adobe Flash under direct Attack in January/February • Normal = 1 update per month. Current = 4 • January 13 – APSB14-01 – 9 critical vulnerabilities • January 21 - @Kafeine detects 0-day CVE-2015-0311 • Angler Exploit Kit • January 22 – APSB14-02 for CVE-2015-0310 (no typo) • Under attack in the wild (0-day) • Mentions CVE-2015-0311 (sort of) • Credits 3 Researchers, including @Kafeine • January 27 – APSB14-03 for CVE-2015-0311/12 • Credits 3 different Researchers, including @Kafeine
February Patches - 2 • Flash Attack continues in February • February 2 - Trend Micro detects 0-day – CVE-2015-0313
February Patches - 3 • Flash Attack continues in February • February 2 - Trend Micro detects 0-day – CVE-2015-0313
February Patches - 3 • Flash Attack continues in February • February 2 - Trend Micro detects 0-day – CVE-2015-0313
February Patches - 2 • Flash Attack continues in February • February 2 - Trend Micro detects 0-day • February 5 – APSB14-04 – 18 critical vulnerabilities • Including 0-day CVE-2015-0313
February Patches - 2 • Flash Attack continues in February • February 2 - Trend Micro detects 0-day • February 5 – APSB14-04 – 18 critical vulnerabilities • Including 0-day CVE-2015-0313 • All versions of Windows attacked under IE and Firefox
February Patches - 2 • Flash Attack continues in February • February 2 - Trend Micro detects 0-day • February 5 – APSB14-04 – 18 critical vulnerabilities • Including 0-day CVE-2015-0313 • All versions of Windows attacked under IE and Firefox • Flash under Google Chrome not attacked • Malwarebytes Anti Exploit neutralizes CVE-2014-310 • EMET prevents CVE-2015-0311 • Trend Micro Browser Exploit Prevention: CVE-2015-0313
February Patches - 3 • Microsoft February, 10: 9 bulletins – MS15-009-MS15-017 • IE, Windows, Office – 4 x Remote Code Execution • 5 x Important, Privilege Escalation, DoS, SFP
February Patches - 3 • Microsoft February, 10: 9 bulletins – MS15-009-MS15-017 • IE, Windows, Office – 4 x Remote Code Execution • 5 x Important, Privilege Escalation, DoS, SFP • Priority 1: MS15-009 – Internet Explorer • 41 vulnerabilities – January Rollup • 1 publicly disclosed – ZDI 120 day limit
February Patches - 3 • Microsoft February, 10: 9 bulletins – MS15-009-MS15-017 • IE, Windows, Office – 4 x Remote Code Execution • 5 x Important, Privilege Escalation, DoS, SFP • Priority 1: MS15-009 – Internet Explorer • 41 vulnerabilities – January Rollup • 1 publicly disclosed – ZDI 120 day limit • Priority 2: MS15-012 – Office (Excel/Word)
February Patches - 3 • Microsoft February, 10: 9 bulletins – MS15-009-MS15-017 • IE, Windows, Office – 4 x Remote Code Execution • 5 x Important, Privilege Escalation, DoS, SFP • Priority 1: MS15-009 – Internet Explorer • 41 vulnerabilities – January Rollup • 1 publicly disclosed – ZDI 120 day limit • Priority 2: MS15-012 – Office (Excel/Word) • Priority 3: MS15-010 – Windows • 1 publicly disclosed - Google Project Zero 90 day limit
February Patches - 3 • Microsoft February, 10: 9 bulletins – MS15-009-MS15-017 • IE, Windows, Office – 4 x Remote Code Execution • 5 x Important, Privilege Escalation, DoS, SFP • Priority 1: MS15-009 – Internet Explorer • 41 vulnerabilities – January Rollup • 1 publicly disclosed – ZDI 120 day limit • Priority 2: MS15-012 – Office (Excel/Word) • Priority 3: MS15-010 – Windows • 1 publicly disclosed - Google Project Zero 90 day limit • Interesting: MS15-011 - GPO
GHOST • January 27 - Qualys disclosed CVE-2015-0235 in Linux/glibc • January 13 (first contact), January 18 (CVE) • Critical vulnerability, about 2 months to find and exploit
GHOST • January 27 - Qualys disclosed CVE-2015-0235 in Linux/glibc • January 13 (first contact), January 18 (CVE) • Critical vulnerability, about 2 months to find and exploit • GHOST similar to Heartbleed and Shellshock • GHOST = GetHOSTbyname (vulnerable function) • Newest glibc (2.18) not vulnerable, but not very common • Ubuntu 14.04, Fedora 20/21, SUSE 12/13, Gentoo • glibc 2.2-2.17 vulnerable in use in many distros • RedHat 6/7 (CentOS 6/7), SUSE Enterprise, Ubuntu 12.04
GHOST • January 27 - Qualys disclosed CVE-2015-0235 in Linux/glibc • January 13 (first contact), January 18 (CVE) • Critical vulnerability, about 2 months to find and exploit • GHOST similar to Heartbleed and Shellshock • GHOST = GetHOSTbyname (vulnerable function) • Newest glibc (2.18) not vulnerable, but not very common • Ubuntu 14.04, Fedora 20/21, SUSE 12/13, Gentoo • glibc 2.2-2.17 vulnerable in use in many distros • RedHat 6/7 (CentOS 6/7), SUSE Enterprise, Ubuntu 12.04 • Verification program, source in the advisory • Vulnerability scanner
GHOST - Exploitablity • Buffer Overflow in gethostbyname() • Hostname • Needs to be digits and dots • Longer than 1 KB
GHOST - Exploitablity • Buffer Overflow in gethostbyname() • Hostname • Needs to be digits and dots • Longer than 1 KB • Mitigations • Hostname can only be 255 characters long (RFC1123) • Gethostname deprecated
GHOST - Exploitablity • Buffer Overflow in gethostbyname() • Hostname • Needs to be digits and dots • Longer than 1 KB • Mitigations • Hostname can only be 255 characters long (RFC1123) • Gethostname deprecated • Examples: • ping, arping, mtr, mount.nfs – not vulnerable • clockdiff, procmail, pppd, exim – vulnerable • exim – (remote!) exploit POC exists
GHOST - Reality • How exploitable is it really?
GHOST - Reality • How exploitable is it really? • Opinions vary
GHOST - Reality • How exploitable is it really? • Opinions vary
GHOST - Reality • How exploitable is it really? • Opinions vary • Michael Zalewski – Yup, that is the real thing, nothing to add
GHOST - Reality • How exploitable is it really? • Opinions vary • Michael Zalewski – Yup, that is the real thing, nothing to add
GHOST - Reality • How exploitable is it really? • Opinions vary • Michael Zalewski – Yup, that is the real thing, nothing to add • Robert Graham – Yes, but…
GHOST - Reality • How exploitable is it really? • Opinions vary • Michael Zalewski – Yup, that is the real thing, nothing to add • Robert Graham – Yes, but… • Many – PR Stunt
GHOST - Reality • How exploitable is it really? • Opinions vary • Michael Zalewski – Yup, that is the real thing, nothing to add • Robert Graham – Yes, but… • Many – PR Stunt
GHOST - Reality • How exploitable is it really? • Opinions vary • Michael Zalewski – Yup, that is the real thing, nothing to add • Robert Graham – Yes, but… • Many – PR Stunt • Sucuri – there is a problem in Wordpress/PHP - pingback
GHOST - Reality • How exploitable is it really? • Opinions vary • Michael Zalewski – Yup, that is the real thing, nothing to add • Robert Graham – Yes, but… • Many – PR Stunt • Sucuri – there is a problem in Wordpress/PHP – pingback • Now a Metasploit check • Veracode – there are problems in many enterprise apps • 202 enterprise apps – 25% use gethostbyname • 72% C/C++, 28% Java, .NET, PHP • 64/32 bit are vulnerable – our exploit works against both 64 and 32 bit exim for example
GHOST – beyond Linux • Juniper
GHOST – beyond Linux • Juniper
GHOST – beyond Linux • Juniper • Cisco
GHOST – beyond Linux • Juniper • Cisco
GHOST – beyond Linux • Juniper • Cisco
GHOST – beyond Linux • Juniper • Cisco • NetApp • McAfee • F-Secure • BlueCoat • RiverBed • …..
Resources • Microsoft - https://technet.microsoft.com/library/security/ms15-feb • Adobe - http://blogs.adobe.com/psirt • GHOST - http://www.openwall.com/lists/oss-security/2015/01/27/9 • Sucuri - http://blog.sucuri.net/2015/01/critical-ghost-vulnerability- released.html • VERACODE - https://www.sans.org/webcasts/99642?ref=174212 • Metasploit - https://github.com/rapid7/metasploit- framework/blob/master/modules/auxiliary/scanner/http/wordpress_gh ost_scanner.rb • Juniper - http://kb.juniper.net/InfoCenter/indexid=JSA10671&page=content
Resources 2 • Cisco – http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci sco-sa-20150128-ghost • McAfee- https://kc.mcafee.com/corporate/index?page=content&id=SB10100 • NetApp - https://kb.netapp.com/support/index?page=content&id=9010027 • F-Secure - https://www.f-secure.com/en/web/labs_global/fsc-2015-1 • Blue Coat - https://bto.bluecoat.com/security-advisory/sa90 • Riverbed - https://supportkb.riverbed.com/support/index?page=content&id=S258 33
Thank You Wolfgang Kandek wkandek@qualys.com http://laws.qualys.com

Recommended

WordPress Security for Beginners
WordPress Security for BeginnersWordPress Security for Beginners
WordPress Security for BeginnersAdam W. Warner
 
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP
 
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web TechnologiesOWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web TechnologiesFrans Rosén
 
A story of the passive aggressive sysadmin of AEM
A story of the passive aggressive sysadmin of AEMA story of the passive aggressive sysadmin of AEM
A story of the passive aggressive sysadmin of AEMFrans Rosén
 
Twitter training presentation
Twitter training presentationTwitter training presentation
Twitter training presentationNovell
 
(java2days) The Anatomy of Java Vulnerabilities
(java2days) The Anatomy of Java Vulnerabilities(java2days) The Anatomy of Java Vulnerabilities
(java2days) The Anatomy of Java VulnerabilitiesSteve Poole
 
WordPress Under Control
WordPress Under ControlWordPress Under Control
WordPress Under ControlMatt Bernhardt
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspectiveSecuRing
 

Recommended

WordPress Security for Beginners
WordPress Security for BeginnersWordPress Security for Beginners
WordPress Security for BeginnersAdam W. Warner
 
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP
 
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web TechnologiesOWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web TechnologiesFrans Rosén
 
A story of the passive aggressive sysadmin of AEM
A story of the passive aggressive sysadmin of AEMA story of the passive aggressive sysadmin of AEM
A story of the passive aggressive sysadmin of AEMFrans Rosén
 
Twitter training presentation
Twitter training presentationTwitter training presentation
Twitter training presentationNovell
 
(java2days) The Anatomy of Java Vulnerabilities
(java2days) The Anatomy of Java Vulnerabilities(java2days) The Anatomy of Java Vulnerabilities
(java2days) The Anatomy of Java VulnerabilitiesSteve Poole
 
WordPress Under Control
WordPress Under ControlWordPress Under Control
WordPress Under ControlMatt Bernhardt
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspectiveSecuRing
 
Gartner UK 2015 Anatomy of An Attack
Gartner UK 2015 Anatomy of An AttackGartner UK 2015 Anatomy of An Attack
Gartner UK 2015 Anatomy of An AttackWolfgang Kandek
 
Hybride Cloud Strategy
Hybride Cloud StrategyHybride Cloud Strategy
Hybride Cloud StrategyDekkinga, Ewout
 
Get your house on order
Get your house on orderGet your house on order
Get your house on orderDekkinga, Ewout
 
Patch Summary Webinar February 14
Patch Summary Webinar February 14Patch Summary Webinar February 14
Patch Summary Webinar February 14Wolfgang Kandek
 
20 Critical Security Controls and QualysGuard
20 Critical Security Controls and QualysGuard20 Critical Security Controls and QualysGuard
20 Critical Security Controls and QualysGuardWolfgang Kandek
 
Estadística i pensament crític a la vida diària
Estadística i pensament crític a la vida diàriaEstadística i pensament crític a la vida diària
Estadística i pensament crític a la vida diàriaUniversitat de Barcelona
 
Opslag bepaalt het systeemprestatieniveau
Opslag bepaalt het systeemprestatieniveauOpslag bepaalt het systeemprestatieniveau
Opslag bepaalt het systeemprestatieniveauDekkinga, Ewout
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things Wolfgang Kandek
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 
Data veiligstellen is nog een hele klus
Data veiligstellen is nog een hele klusData veiligstellen is nog een hele klus
Data veiligstellen is nog een hele klusDekkinga, Ewout
 
MindTheSec Anatomia de um Ataque
MindTheSec Anatomia de um AtaqueMindTheSec Anatomia de um Ataque
MindTheSec Anatomia de um AtaqueWolfgang Kandek
 
Forward unisys
Forward unisysForward unisys
Forward unisysDekkinga, Ewout
 
Data breach at Target, demystified.
Data breach at Target, demystified.Data breach at Target, demystified.
Data breach at Target, demystified.Cyphort
 
Anatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachAnatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachIBM Security
 
Building a service knowledge dashboard
Building a service knowledge dashboardBuilding a service knowledge dashboard
Building a service knowledge dashboardDekkinga, Ewout
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersWolfgang Kandek
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Patch Summary Webinar April 11
Patch Summary Webinar April 11 Patch Summary Webinar April 11
Patch Summary Webinar April 11 Wolfgang Kandek
 
Scaling a Web Site - OSCON Tutorial
Scaling a Web Site - OSCON TutorialScaling a Web Site - OSCON Tutorial
Scaling a Web Site - OSCON Tutorialduleepa
 
Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)
Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)
Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)Andrew Carr
 
It Takes a Village to Make WordPress
It Takes a Village to Make WordPressIt Takes a Village to Make WordPress
It Takes a Village to Make WordPressDrewAPicture
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress TroubleshootingTiffany Bridge
 

More Related Content

Viewers also liked

Gartner UK 2015 Anatomy of An Attack
Gartner UK 2015 Anatomy of An AttackGartner UK 2015 Anatomy of An Attack
Gartner UK 2015 Anatomy of An AttackWolfgang Kandek
 
Patch Summary Webinar February 14
Patch Summary Webinar February 14Patch Summary Webinar February 14
Patch Summary Webinar February 14Wolfgang Kandek
 
20 Critical Security Controls and QualysGuard
20 Critical Security Controls and QualysGuard20 Critical Security Controls and QualysGuard
20 Critical Security Controls and QualysGuardWolfgang Kandek
 
Estadística i pensament crític a la vida diària
Estadística i pensament crític a la vida diàriaEstadística i pensament crític a la vida diària
Estadística i pensament crític a la vida diàriaUniversitat de Barcelona
 
Opslag bepaalt het systeemprestatieniveau
Opslag bepaalt het systeemprestatieniveauOpslag bepaalt het systeemprestatieniveau
Opslag bepaalt het systeemprestatieniveauDekkinga, Ewout
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things Wolfgang Kandek
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 
Data veiligstellen is nog een hele klus
Data veiligstellen is nog een hele klusData veiligstellen is nog een hele klus
Data veiligstellen is nog een hele klusDekkinga, Ewout
 
MindTheSec Anatomia de um Ataque
MindTheSec Anatomia de um AtaqueMindTheSec Anatomia de um Ataque
MindTheSec Anatomia de um AtaqueWolfgang Kandek
 
Data breach at Target, demystified.
Data breach at Target, demystified.Data breach at Target, demystified.
Data breach at Target, demystified.Cyphort
 
Anatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachAnatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachIBM Security
 
Building a service knowledge dashboard
Building a service knowledge dashboardBuilding a service knowledge dashboard
Building a service knowledge dashboardDekkinga, Ewout
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersWolfgang Kandek
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 

Viewers also liked (17)

Gartner UK 2015 Anatomy of An Attack
Gartner UK 2015 Anatomy of An AttackGartner UK 2015 Anatomy of An Attack
Gartner UK 2015 Anatomy of An Attack
 
Hybride Cloud Strategy
Hybride Cloud StrategyHybride Cloud Strategy
Hybride Cloud Strategy
 
Get your house on order
Get your house on orderGet your house on order
Get your house on order
 
Patch Summary Webinar February 14
Patch Summary Webinar February 14Patch Summary Webinar February 14
Patch Summary Webinar February 14
 
20 Critical Security Controls and QualysGuard
20 Critical Security Controls and QualysGuard20 Critical Security Controls and QualysGuard
20 Critical Security Controls and QualysGuard
 
Estadística i pensament crític a la vida diària
Estadística i pensament crític a la vida diàriaEstadística i pensament crític a la vida diària
Estadística i pensament crític a la vida diària
 
Opslag bepaalt het systeemprestatieniveau
Opslag bepaalt het systeemprestatieniveauOpslag bepaalt het systeemprestatieniveau
Opslag bepaalt het systeemprestatieniveau
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
 
Data veiligstellen is nog een hele klus
Data veiligstellen is nog een hele klusData veiligstellen is nog een hele klus
Data veiligstellen is nog een hele klus
 
MindTheSec Anatomia de um Ataque
MindTheSec Anatomia de um AtaqueMindTheSec Anatomia de um Ataque
MindTheSec Anatomia de um Ataque
 
Forward unisys
Forward unisysForward unisys
Forward unisys
 
Data breach at Target, demystified.
Data breach at Target, demystified.Data breach at Target, demystified.
Data breach at Target, demystified.
 
Anatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachAnatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail Breach
 
Building a service knowledge dashboard
Building a service knowledge dashboardBuilding a service knowledge dashboard
Building a service knowledge dashboard
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on Hackers
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 

Similar to Februar Patch Tuesday 2015 Webinar

Patch Summary Webinar April 11
Patch Summary Webinar April 11 Patch Summary Webinar April 11
Patch Summary Webinar April 11 Wolfgang Kandek
 
Scaling a Web Site - OSCON Tutorial
Scaling a Web Site - OSCON TutorialScaling a Web Site - OSCON Tutorial
Scaling a Web Site - OSCON Tutorialduleepa
 
Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)
Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)
Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)Andrew Carr
 
It Takes a Village to Make WordPress
It Takes a Village to Make WordPressIt Takes a Village to Make WordPress
It Takes a Village to Make WordPressDrewAPicture
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress TroubleshootingTiffany Bridge
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode reviewAnant Shrivastava
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best PracticesRobert Vidal
 
Building Pistachio with Sencha Touch 2 (introductory)
Building Pistachio with Sencha Touch 2 (introductory)Building Pistachio with Sencha Touch 2 (introductory)
Building Pistachio with Sencha Touch 2 (introductory)Luis Merino
 
Five Cliches of Online Game Development
Five Cliches of Online Game DevelopmentFive Cliches of Online Game Development
Five Cliches of Online Game Developmentiandundore
 
Automate_Android_development_brief_20161015
Automate_Android_development_brief_20161015Automate_Android_development_brief_20161015
Automate_Android_development_brief_20161015Elvis Lin
 
2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hostingshendison
 
CI doesn’t start with Jenkins
CI doesn’t start with JenkinsCI doesn’t start with Jenkins
CI doesn’t start with JenkinsYuriy Rochnyak
 
Kanban as code: the Continuous Delivery at LesFurets.com by Dimitri Baeli
Kanban as code: the Continuous Delivery at LesFurets.com by Dimitri BaeliKanban as code: the Continuous Delivery at LesFurets.com by Dimitri Baeli
Kanban as code: the Continuous Delivery at LesFurets.com by Dimitri BaeliInstitut Lean France
 
How Appboy’s Marketing Automation for Apps Platform Grew 40x on the ObjectRoc...
How Appboy’s Marketing Automation for Apps Platform Grew 40x on the ObjectRoc...How Appboy’s Marketing Automation for Apps Platform Grew 40x on the ObjectRoc...
How Appboy’s Marketing Automation for Apps Platform Grew 40x on the ObjectRoc...MongoDB
 
NDC London 2020 - Challenges of Managing CoreFx Repo -- Karel Zikmund
NDC London 2020 - Challenges of Managing CoreFx Repo -- Karel ZikmundNDC London 2020 - Challenges of Managing CoreFx Repo -- Karel Zikmund
NDC London 2020 - Challenges of Managing CoreFx Repo -- Karel ZikmundKarel Zikmund
 
Releasing To Production Every Week India
Releasing To Production Every Week IndiaReleasing To Production Every Week India
Releasing To Production Every Week Indiaexortech
 
Spring Tooling: What's new and what's coming
Spring Tooling: What's new and what's comingSpring Tooling: What's new and what's coming
Spring Tooling: What's new and what's comingmartinlippert
 
BSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersBSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersAndrew McNicol
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupOyster Bay Marauders LLC
 

Similar to Februar Patch Tuesday 2015 Webinar (20)

Patch Summary Webinar April 11
Patch Summary Webinar April 11 Patch Summary Webinar April 11
Patch Summary Webinar April 11
 
Scaling a Web Site - OSCON Tutorial
Scaling a Web Site - OSCON TutorialScaling a Web Site - OSCON Tutorial
Scaling a Web Site - OSCON Tutorial
 
Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)
Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)
Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)
 
It Takes a Village to Make WordPress
It Takes a Village to Make WordPressIt Takes a Village to Make WordPress
It Takes a Village to Make WordPress
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress Troubleshooting
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
Building Pistachio with Sencha Touch 2 (introductory)
Building Pistachio with Sencha Touch 2 (introductory)Building Pistachio with Sencha Touch 2 (introductory)
Building Pistachio with Sencha Touch 2 (introductory)
 
Five Cliches of Online Game Development
Five Cliches of Online Game DevelopmentFive Cliches of Online Game Development
Five Cliches of Online Game Development
 
Automate_Android_development_brief_20161015
Automate_Android_development_brief_20161015Automate_Android_development_brief_20161015
Automate_Android_development_brief_20161015
 
2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting
 
MWUG wp-myths
MWUG wp-mythsMWUG wp-myths
MWUG wp-myths
 
CI doesn’t start with Jenkins
CI doesn’t start with JenkinsCI doesn’t start with Jenkins
CI doesn’t start with Jenkins
 
Kanban as code: the Continuous Delivery at LesFurets.com by Dimitri Baeli
Kanban as code: the Continuous Delivery at LesFurets.com by Dimitri BaeliKanban as code: the Continuous Delivery at LesFurets.com by Dimitri Baeli
Kanban as code: the Continuous Delivery at LesFurets.com by Dimitri Baeli
 
How Appboy’s Marketing Automation for Apps Platform Grew 40x on the ObjectRoc...
How Appboy’s Marketing Automation for Apps Platform Grew 40x on the ObjectRoc...How Appboy’s Marketing Automation for Apps Platform Grew 40x on the ObjectRoc...
How Appboy’s Marketing Automation for Apps Platform Grew 40x on the ObjectRoc...
 
NDC London 2020 - Challenges of Managing CoreFx Repo -- Karel Zikmund
NDC London 2020 - Challenges of Managing CoreFx Repo -- Karel ZikmundNDC London 2020 - Challenges of Managing CoreFx Repo -- Karel Zikmund
NDC London 2020 - Challenges of Managing CoreFx Repo -- Karel Zikmund
 
Releasing To Production Every Week India
Releasing To Production Every Week IndiaReleasing To Production Every Week India
Releasing To Production Every Week India
 
Spring Tooling: What's new and what's coming
Spring Tooling: What's new and what's comingSpring Tooling: What's new and what's coming
Spring Tooling: What's new and what's coming
 
BSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersBSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathers
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP Meetup
 

Recently uploaded

VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...akbard9823
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 

Recently uploaded (20)

VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 

Februar Patch Tuesday 2015 Webinar

  • 1. Patch Overview February 2015 Wolfgang Kandek, Qualys, Inc February 12, 2014
  • 2. February Patches • Adobe Flash under direct Attack in January/February • Normal = 1 update per month. Current = 4 • January 13 – APSB14-01 – 9 critical vulnerabilities
  • 3. February Patches • Adobe Flash under direct Attack in January/February • Normal = 1 update per month. Current = 4 • January 13 – APSB14-01 – 9 critical vulnerabilities
  • 4. February Patches • Adobe Flash under direct Attack in January/February • Normal = 1 update per month. Current = 4 • January 13 – APSB14-01 – 9 critical vulnerabilities • January 21 - @Kafeine detects 0-day CVE-2015-0311 • Angler Exploit Kit
  • 5. February Patches • Adobe Flash under direct Attack in January/February • Normal = 1 update per month. Current = 4 • January 13 – APSB14-01 – 9 critical vulnerabilities • January 21 - @Kafeine detects 0-day CVE-2015-0311 • Angler Exploit Kit • January 22 – APSB14-02 for CVE-2015-0310 (no typo) • Under attack in the wild (0-day) • Mentions CVE-2015-0311 (sort of) • Credits 3 Researchers, including @Kafeine
  • 6. February Patches • Adobe Flash under direct Attack in January/February • Normal = 1 update per month. Current = 4 • January 13 – APSB14-01 – 9 critical vulnerabilities • January 21 - @Kafeine detects 0-day CVE-2015-0311 • Angler Exploit Kit • January 22 – APSB14-02 for CVE-2015-0310 (no typo) • Under attack in the wild (0-day) • Mentions CVE-2015-0311 (sort of) • Credits 3 Researchers, including @Kafeine • January 27 – APSB14-03 for CVE-2015-0311/12 • Credits 3 different Researchers, including @Kafeine
  • 7. February Patches - 2 • Flash Attack continues in February • February 2 - Trend Micro detects 0-day – CVE-2015-0313
  • 8. February Patches - 3 • Flash Attack continues in February • February 2 - Trend Micro detects 0-day – CVE-2015-0313
  • 9. February Patches - 3 • Flash Attack continues in February • February 2 - Trend Micro detects 0-day – CVE-2015-0313
  • 10. February Patches - 2 • Flash Attack continues in February • February 2 - Trend Micro detects 0-day • February 5 – APSB14-04 – 18 critical vulnerabilities • Including 0-day CVE-2015-0313
  • 11. February Patches - 2 • Flash Attack continues in February • February 2 - Trend Micro detects 0-day • February 5 – APSB14-04 – 18 critical vulnerabilities • Including 0-day CVE-2015-0313 • All versions of Windows attacked under IE and Firefox
  • 12. February Patches - 2 • Flash Attack continues in February • February 2 - Trend Micro detects 0-day • February 5 – APSB14-04 – 18 critical vulnerabilities • Including 0-day CVE-2015-0313 • All versions of Windows attacked under IE and Firefox • Flash under Google Chrome not attacked • Malwarebytes Anti Exploit neutralizes CVE-2014-310 • EMET prevents CVE-2015-0311 • Trend Micro Browser Exploit Prevention: CVE-2015-0313
  • 13. February Patches - 3 • Microsoft February, 10: 9 bulletins – MS15-009-MS15-017 • IE, Windows, Office – 4 x Remote Code Execution • 5 x Important, Privilege Escalation, DoS, SFP
  • 14. February Patches - 3 • Microsoft February, 10: 9 bulletins – MS15-009-MS15-017 • IE, Windows, Office – 4 x Remote Code Execution • 5 x Important, Privilege Escalation, DoS, SFP • Priority 1: MS15-009 – Internet Explorer • 41 vulnerabilities – January Rollup • 1 publicly disclosed – ZDI 120 day limit
  • 15. February Patches - 3 • Microsoft February, 10: 9 bulletins – MS15-009-MS15-017 • IE, Windows, Office – 4 x Remote Code Execution • 5 x Important, Privilege Escalation, DoS, SFP • Priority 1: MS15-009 – Internet Explorer • 41 vulnerabilities – January Rollup • 1 publicly disclosed – ZDI 120 day limit • Priority 2: MS15-012 – Office (Excel/Word)
  • 16. February Patches - 3 • Microsoft February, 10: 9 bulletins – MS15-009-MS15-017 • IE, Windows, Office – 4 x Remote Code Execution • 5 x Important, Privilege Escalation, DoS, SFP • Priority 1: MS15-009 – Internet Explorer • 41 vulnerabilities – January Rollup • 1 publicly disclosed – ZDI 120 day limit • Priority 2: MS15-012 – Office (Excel/Word) • Priority 3: MS15-010 – Windows • 1 publicly disclosed - Google Project Zero 90 day limit
  • 17. February Patches - 3 • Microsoft February, 10: 9 bulletins – MS15-009-MS15-017 • IE, Windows, Office – 4 x Remote Code Execution • 5 x Important, Privilege Escalation, DoS, SFP • Priority 1: MS15-009 – Internet Explorer • 41 vulnerabilities – January Rollup • 1 publicly disclosed – ZDI 120 day limit • Priority 2: MS15-012 – Office (Excel/Word) • Priority 3: MS15-010 – Windows • 1 publicly disclosed - Google Project Zero 90 day limit • Interesting: MS15-011 - GPO
  • 18. GHOST • January 27 - Qualys disclosed CVE-2015-0235 in Linux/glibc • January 13 (first contact), January 18 (CVE) • Critical vulnerability, about 2 months to find and exploit
  • 19. GHOST • January 27 - Qualys disclosed CVE-2015-0235 in Linux/glibc • January 13 (first contact), January 18 (CVE) • Critical vulnerability, about 2 months to find and exploit • GHOST similar to Heartbleed and Shellshock • GHOST = GetHOSTbyname (vulnerable function) • Newest glibc (2.18) not vulnerable, but not very common • Ubuntu 14.04, Fedora 20/21, SUSE 12/13, Gentoo • glibc 2.2-2.17 vulnerable in use in many distros • RedHat 6/7 (CentOS 6/7), SUSE Enterprise, Ubuntu 12.04
  • 20. GHOST • January 27 - Qualys disclosed CVE-2015-0235 in Linux/glibc • January 13 (first contact), January 18 (CVE) • Critical vulnerability, about 2 months to find and exploit • GHOST similar to Heartbleed and Shellshock • GHOST = GetHOSTbyname (vulnerable function) • Newest glibc (2.18) not vulnerable, but not very common • Ubuntu 14.04, Fedora 20/21, SUSE 12/13, Gentoo • glibc 2.2-2.17 vulnerable in use in many distros • RedHat 6/7 (CentOS 6/7), SUSE Enterprise, Ubuntu 12.04 • Verification program, source in the advisory • Vulnerability scanner
  • 21. GHOST - Exploitablity • Buffer Overflow in gethostbyname() • Hostname • Needs to be digits and dots • Longer than 1 KB
  • 22. GHOST - Exploitablity • Buffer Overflow in gethostbyname() • Hostname • Needs to be digits and dots • Longer than 1 KB • Mitigations • Hostname can only be 255 characters long (RFC1123) • Gethostname deprecated
  • 23. GHOST - Exploitablity • Buffer Overflow in gethostbyname() • Hostname • Needs to be digits and dots • Longer than 1 KB • Mitigations • Hostname can only be 255 characters long (RFC1123) • Gethostname deprecated • Examples: • ping, arping, mtr, mount.nfs – not vulnerable • clockdiff, procmail, pppd, exim – vulnerable • exim – (remote!) exploit POC exists
  • 24. GHOST - Reality • How exploitable is it really?
  • 25. GHOST - Reality • How exploitable is it really? • Opinions vary
  • 26. GHOST - Reality • How exploitable is it really? • Opinions vary
  • 27. GHOST - Reality • How exploitable is it really? • Opinions vary • Michael Zalewski – Yup, that is the real thing, nothing to add
  • 28. GHOST - Reality • How exploitable is it really? • Opinions vary • Michael Zalewski – Yup, that is the real thing, nothing to add
  • 29. GHOST - Reality • How exploitable is it really? • Opinions vary • Michael Zalewski – Yup, that is the real thing, nothing to add • Robert Graham – Yes, but…
  • 30. GHOST - Reality • How exploitable is it really? • Opinions vary • Michael Zalewski – Yup, that is the real thing, nothing to add • Robert Graham – Yes, but… • Many – PR Stunt
  • 31. GHOST - Reality • How exploitable is it really? • Opinions vary • Michael Zalewski – Yup, that is the real thing, nothing to add • Robert Graham – Yes, but… • Many – PR Stunt
  • 32. GHOST - Reality • How exploitable is it really? • Opinions vary • Michael Zalewski – Yup, that is the real thing, nothing to add • Robert Graham – Yes, but… • Many – PR Stunt • Sucuri – there is a problem in Wordpress/PHP - pingback
  • 33. GHOST - Reality • How exploitable is it really? • Opinions vary • Michael Zalewski – Yup, that is the real thing, nothing to add • Robert Graham – Yes, but… • Many – PR Stunt • Sucuri – there is a problem in Wordpress/PHP – pingback • Now a Metasploit check • Veracode – there are problems in many enterprise apps • 202 enterprise apps – 25% use gethostbyname • 72% C/C++, 28% Java, .NET, PHP • 64/32 bit are vulnerable – our exploit works against both 64 and 32 bit exim for example
  • 34. GHOST – beyond Linux • Juniper
  • 35. GHOST – beyond Linux • Juniper
  • 36. GHOST – beyond Linux • Juniper • Cisco
  • 37. GHOST – beyond Linux • Juniper • Cisco
  • 38. GHOST – beyond Linux • Juniper • Cisco
  • 39. GHOST – beyond Linux • Juniper • Cisco • NetApp • McAfee • F-Secure • BlueCoat • RiverBed • …..
  • 40. Resources • Microsoft - https://technet.microsoft.com/library/security/ms15-feb • Adobe - http://blogs.adobe.com/psirt • GHOST - http://www.openwall.com/lists/oss-security/2015/01/27/9 • Sucuri - http://blog.sucuri.net/2015/01/critical-ghost-vulnerability- released.html • VERACODE - https://www.sans.org/webcasts/99642?ref=174212 • Metasploit - https://github.com/rapid7/metasploit- framework/blob/master/modules/auxiliary/scanner/http/wordpress_gh ost_scanner.rb • Juniper - http://kb.juniper.net/InfoCenter/indexid=JSA10671&page=content
  • 41. Resources 2 • Cisco – http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci sco-sa-20150128-ghost • McAfee- https://kc.mcafee.com/corporate/index?page=content&id=SB10100 • NetApp - https://kb.netapp.com/support/index?page=content&id=9010027 • F-Secure - https://www.f-secure.com/en/web/labs_global/fsc-2015-1 • Blue Coat - https://bto.bluecoat.com/security-advisory/sa90 • Riverbed - https://supportkb.riverbed.com/support/index?page=content&id=S258 33