SlideShare a Scribd company logo

Patch Summary Webinar April 11

Download as PPTX, PDF
Wolfgang Kandek
Wolfgang Kandek
TechnologyBusiness
1 of 15
Patch Overview March/April Wolfgang Kandek, Qualys, Inc April 11, 2012
March Patches • Microsoft March, 12: 7 bulletins – MS13-021-MS13-027 • 4 critical, 3 important • Internet Explorer MS13-0021 – Metasploit available • USB MS13-027 – “Evil Maid” attack
March Patches • Microsoft March, 12: 7 bulletins – MS13-021-MS13-027 • 4 critical, 3 important • Internet Explorer MS13-0021 – Metasploit available • USB MS13-027 – “Evil Maid” attack • Adobe Flash – 4 critical
March Patches • Microsoft March, 12: 7 bulletins – MS13-021-MS13-027 • 4 critical, 3 important • Internet Explorer MS13-0021 – Metasploit available • USB MS13-027 – “Evil Maid” attack • Adobe Flash – 4 critical • Oracle Java 0-day – March, 4: Java v7u17
March Patches • Microsoft March, 12: 7 bulletins – MS13-021-MS13-027 • 4 critical, 3 important • Internet Explorer MS13-0021 – Metasploit available • USB MS13-027 – “Evil Maid” attack • Adobe Flash – 4 critical • Oracle Java 0-day – March, 4: Java v7u17 • CanSecWest – Pwn2Own Competition • Oracle Java 4x US$20,000 • Chrome, Firefox, Internet Explorer – each US$ 100,000 • Adobe Flash and Reader – each US$70,000
April Patches • Microsoft April, 9: 9 bulletins – MS13-028-MS13-036 • 2 critical, 7 important • Internet Explorer MS13-0028 • RDP ActiveX MS13-029 • No PWN2OWN
April Patches • Microsoft April, 9: 9 bulletins – MS13-028-MS13-036 • 2 critical, 7 important • Internet Explorer MS13-0028 • RDP ActiveX MS13-029 • No PWN2OWN • Adobe Flash – 4 critical • PWN2OWN – but not Adobe Reader
April Patches • Microsoft April, 9: 9 bulletins – MS13-028-MS13-036 • 2 critical, 7 important • Internet Explorer MS13-0028 • RDP ActiveX MS13-029 • No PWN2OWN • Adobe Flash – 4 critical • PWN2OWN – but not Adobe Reader • Oracle Java Scheduled Patch Day – April, 16 • Out-of-band scheduled • Java 6 now end of life • PWN2OWN unlikely
Patch Monitoring • Microsoft • Apple • Adobe • Flash • Reader • Oracle Java
Patch Monitoring • Microsoft • Apple • Adobe • Flash • Reader • Oracle Java What really gets attacked ?
March/April Patch related
March/April Patch related
March/April Patch related
March/April Patch related EMET - Enhanced Mitigation Experience Toolkit • Straight jacket for Windows programs • Checks for often abused attack vectors • DEP, ASLR bypass, Headspray, StackPivot, ROP • Often cited by Microsoft as a valid mitigation technique • V3.5 • manageable via GPO • Integration of BlueHat Prize Mitigation Technologies
Patch Summary Webinar April 11

Recommended

Técnica de Salinger
Técnica de SalingerTécnica de Salinger
Técnica de SalingerOswaldo A. Garibay
 
Maths for school(fake)
Maths for school(fake)Maths for school(fake)
Maths for school(fake)sabinekreismane
 
Krish group project
Krish group projectKrish group project
Krish group projectKrishgroup
 
Choosing the right teeth whitening procedure
Choosing the right teeth whitening procedureChoosing the right teeth whitening procedure
Choosing the right teeth whitening procedureridersjony
 
Buy 1 000 keek followers
Buy 1 000 keek followersBuy 1 000 keek followers
Buy 1 000 keek followerszordan897
 
But keek followers
But keek followersBut keek followers
But keek followerszordan897
 
Preghiera di fran_
Preghiera di fran_Preghiera di fran_
Preghiera di fran_Jose Pinto Cardoso
 
презентация
презентацияпрезентация
презентацияRaPLeX
 

Recommended

Técnica de Salinger
Técnica de SalingerTécnica de Salinger
Técnica de SalingerOswaldo A. Garibay
 
Maths for school(fake)
Maths for school(fake)Maths for school(fake)
Maths for school(fake)sabinekreismane
 
Krish group project
Krish group projectKrish group project
Krish group projectKrishgroup
 
Choosing the right teeth whitening procedure
Choosing the right teeth whitening procedureChoosing the right teeth whitening procedure
Choosing the right teeth whitening procedureridersjony
 
Buy 1 000 keek followers
Buy 1 000 keek followersBuy 1 000 keek followers
Buy 1 000 keek followerszordan897
 
But keek followers
But keek followersBut keek followers
But keek followerszordan897
 
Preghiera di fran_
Preghiera di fran_Preghiera di fran_
Preghiera di fran_Jose Pinto Cardoso
 
презентация
презентацияпрезентация
презентацияRaPLeX
 
Mapa de creatividad marlon 1
Mapa de creatividad marlon 1Mapa de creatividad marlon 1
Mapa de creatividad marlon 1Darlys de la Hoz
 
Part 5: Preparing to Go (Semester)
Part 5: Preparing to Go (Semester)Part 5: Preparing to Go (Semester)
Part 5: Preparing to Go (Semester)stjglobal
 
Bulk keek followers
Bulk keek followersBulk keek followers
Bulk keek followerszordan897
 
Un poco acerca de mí
Un poco acerca de míUn poco acerca de mí
Un poco acerca de míSep-Dgeti-Cbtis No. 140
 
Report Accuses Track Coach Salazar Of Promoting Doping
Report Accuses Track Coach Salazar Of Promoting DopingReport Accuses Track Coach Salazar Of Promoting Doping
Report Accuses Track Coach Salazar Of Promoting Dopingisteroidscom
 
Marca da promessa (Betelinos)
Marca da promessa (Betelinos)Marca da promessa (Betelinos)
Marca da promessa (Betelinos)Betelinos JovensBetel
 
Slides aula 1
Slides aula 1Slides aula 1
Slides aula 1Iuri Lammel
 
Interchange 1. Unit 9: What Does She Look Like?
Interchange 1. Unit 9: What Does She Look Like?Interchange 1. Unit 9: What Does She Look Like?
Interchange 1. Unit 9: What Does She Look Like?Brittany Reed
 
Tarefa2 informáticaeducativa1
Tarefa2 informáticaeducativa1Tarefa2 informáticaeducativa1
Tarefa2 informáticaeducativa1Bruno Lima
 
Patch Summary Webinar February 14
Patch Summary Webinar February 14Patch Summary Webinar February 14
Patch Summary Webinar February 14Wolfgang Kandek
 
Februar Patch Tuesday 2015 Webinar
Februar Patch Tuesday 2015 WebinarFebruar Patch Tuesday 2015 Webinar
Februar Patch Tuesday 2015 WebinarWolfgang Kandek
 
Getting Started with Meteor (TCF ITPC 2014)
Getting Started with Meteor (TCF ITPC 2014)Getting Started with Meteor (TCF ITPC 2014)
Getting Started with Meteor (TCF ITPC 2014)Michael Redlich
 
Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...
Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...
Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...RootedCON
 
Who Watches the Smart Watches
Who Watches the Smart WatchesWho Watches the Smart Watches
Who Watches the Smart WatchesBriMorLabs
 
Getting Started with Meteor
Getting Started with MeteorGetting Started with Meteor
Getting Started with MeteorMichael Redlich
 
iOS 6 Exploitation 280 days later
iOS 6 Exploitation 280 days lateriOS 6 Exploitation 280 days later
iOS 6 Exploitation 280 days laterWang Hao Lee
 
Troubleshooting Windows Boot Performance in the Windows Client
Troubleshooting Windows Boot Performance in the Windows ClientTroubleshooting Windows Boot Performance in the Windows Client
Troubleshooting Windows Boot Performance in the Windows ClientJoe Dissmeyer
 
Viticulture Software - VineSense
Viticulture Software - VineSenseViticulture Software - VineSense
Viticulture Software - VineSenseDoo Sung Eom
 
Mysql Repair Software:-Repairs Corrupted MySQL database
Mysql Repair Software:-Repairs Corrupted MySQL databaseMysql Repair Software:-Repairs Corrupted MySQL database
Mysql Repair Software:-Repairs Corrupted MySQL databaseSimona Ben
 
Silicon Valley Code Camp 2015 - Advanced MongoDB - The Sequel
Silicon Valley Code Camp 2015 - Advanced MongoDB - The SequelSilicon Valley Code Camp 2015 - Advanced MongoDB - The Sequel
Silicon Valley Code Camp 2015 - Advanced MongoDB - The SequelDaniel Coupal
 
Anatomie eines Angriffs
Anatomie eines AngriffsAnatomie eines Angriffs
Anatomie eines AngriffsWolfgang Kandek
 
Gartner UK 2015 Anatomy of An Attack
Gartner UK 2015 Anatomy of An AttackGartner UK 2015 Anatomy of An Attack
Gartner UK 2015 Anatomy of An AttackWolfgang Kandek
 

More Related Content

Viewers also liked

Mapa de creatividad marlon 1
Mapa de creatividad marlon 1Mapa de creatividad marlon 1
Mapa de creatividad marlon 1Darlys de la Hoz
 
Part 5: Preparing to Go (Semester)
Part 5: Preparing to Go (Semester)Part 5: Preparing to Go (Semester)
Part 5: Preparing to Go (Semester)stjglobal
 
Bulk keek followers
Bulk keek followersBulk keek followers
Bulk keek followerszordan897
 
Report Accuses Track Coach Salazar Of Promoting Doping
Report Accuses Track Coach Salazar Of Promoting DopingReport Accuses Track Coach Salazar Of Promoting Doping
Report Accuses Track Coach Salazar Of Promoting Dopingisteroidscom
 
Interchange 1. Unit 9: What Does She Look Like?
Interchange 1. Unit 9: What Does She Look Like?Interchange 1. Unit 9: What Does She Look Like?
Interchange 1. Unit 9: What Does She Look Like?Brittany Reed
 
Tarefa2 informáticaeducativa1
Tarefa2 informáticaeducativa1Tarefa2 informáticaeducativa1
Tarefa2 informáticaeducativa1Bruno Lima
 

Viewers also liked (9)

Mapa de creatividad marlon 1
Mapa de creatividad marlon 1Mapa de creatividad marlon 1
Mapa de creatividad marlon 1
 
Part 5: Preparing to Go (Semester)
Part 5: Preparing to Go (Semester)Part 5: Preparing to Go (Semester)
Part 5: Preparing to Go (Semester)
 
Bulk keek followers
Bulk keek followersBulk keek followers
Bulk keek followers
 
Un poco acerca de mí
Un poco acerca de míUn poco acerca de mí
Un poco acerca de mí
 
Report Accuses Track Coach Salazar Of Promoting Doping
Report Accuses Track Coach Salazar Of Promoting DopingReport Accuses Track Coach Salazar Of Promoting Doping
Report Accuses Track Coach Salazar Of Promoting Doping
 
Marca da promessa (Betelinos)
Marca da promessa (Betelinos)Marca da promessa (Betelinos)
Marca da promessa (Betelinos)
 
Slides aula 1
Slides aula 1Slides aula 1
Slides aula 1
 
Interchange 1. Unit 9: What Does She Look Like?
Interchange 1. Unit 9: What Does She Look Like?Interchange 1. Unit 9: What Does She Look Like?
Interchange 1. Unit 9: What Does She Look Like?
 
Tarefa2 informáticaeducativa1
Tarefa2 informáticaeducativa1Tarefa2 informáticaeducativa1
Tarefa2 informáticaeducativa1
 

Similar to Patch Summary Webinar April 11

Patch Summary Webinar February 14
Patch Summary Webinar February 14Patch Summary Webinar February 14
Patch Summary Webinar February 14Wolfgang Kandek
 
Februar Patch Tuesday 2015 Webinar
Februar Patch Tuesday 2015 WebinarFebruar Patch Tuesday 2015 Webinar
Februar Patch Tuesday 2015 WebinarWolfgang Kandek
 
Getting Started with Meteor (TCF ITPC 2014)
Getting Started with Meteor (TCF ITPC 2014)Getting Started with Meteor (TCF ITPC 2014)
Getting Started with Meteor (TCF ITPC 2014)Michael Redlich
 
Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...
Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...
Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...RootedCON
 
Who Watches the Smart Watches
Who Watches the Smart WatchesWho Watches the Smart Watches
Who Watches the Smart WatchesBriMorLabs
 
Getting Started with Meteor
Getting Started with MeteorGetting Started with Meteor
Getting Started with MeteorMichael Redlich
 
iOS 6 Exploitation 280 days later
iOS 6 Exploitation 280 days lateriOS 6 Exploitation 280 days later
iOS 6 Exploitation 280 days laterWang Hao Lee
 
Troubleshooting Windows Boot Performance in the Windows Client
Troubleshooting Windows Boot Performance in the Windows ClientTroubleshooting Windows Boot Performance in the Windows Client
Troubleshooting Windows Boot Performance in the Windows ClientJoe Dissmeyer
 
Viticulture Software - VineSense
Viticulture Software - VineSenseViticulture Software - VineSense
Viticulture Software - VineSenseDoo Sung Eom
 
Mysql Repair Software:-Repairs Corrupted MySQL database
Mysql Repair Software:-Repairs Corrupted MySQL databaseMysql Repair Software:-Repairs Corrupted MySQL database
Mysql Repair Software:-Repairs Corrupted MySQL databaseSimona Ben
 
Silicon Valley Code Camp 2015 - Advanced MongoDB - The Sequel
Silicon Valley Code Camp 2015 - Advanced MongoDB - The SequelSilicon Valley Code Camp 2015 - Advanced MongoDB - The Sequel
Silicon Valley Code Camp 2015 - Advanced MongoDB - The SequelDaniel Coupal
 

Similar to Patch Summary Webinar April 11 (11)

Patch Summary Webinar February 14
Patch Summary Webinar February 14Patch Summary Webinar February 14
Patch Summary Webinar February 14
 
Februar Patch Tuesday 2015 Webinar
Februar Patch Tuesday 2015 WebinarFebruar Patch Tuesday 2015 Webinar
Februar Patch Tuesday 2015 Webinar
 
Getting Started with Meteor (TCF ITPC 2014)
Getting Started with Meteor (TCF ITPC 2014)Getting Started with Meteor (TCF ITPC 2014)
Getting Started with Meteor (TCF ITPC 2014)
 
Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...
Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...
Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...
 
Who Watches the Smart Watches
Who Watches the Smart WatchesWho Watches the Smart Watches
Who Watches the Smart Watches
 
Getting Started with Meteor
Getting Started with MeteorGetting Started with Meteor
Getting Started with Meteor
 
iOS 6 Exploitation 280 days later
iOS 6 Exploitation 280 days lateriOS 6 Exploitation 280 days later
iOS 6 Exploitation 280 days later
 
Troubleshooting Windows Boot Performance in the Windows Client
Troubleshooting Windows Boot Performance in the Windows ClientTroubleshooting Windows Boot Performance in the Windows Client
Troubleshooting Windows Boot Performance in the Windows Client
 
Viticulture Software - VineSense
Viticulture Software - VineSenseViticulture Software - VineSense
Viticulture Software - VineSense
 
Mysql Repair Software:-Repairs Corrupted MySQL database
Mysql Repair Software:-Repairs Corrupted MySQL databaseMysql Repair Software:-Repairs Corrupted MySQL database
Mysql Repair Software:-Repairs Corrupted MySQL database
 
Silicon Valley Code Camp 2015 - Advanced MongoDB - The Sequel
Silicon Valley Code Camp 2015 - Advanced MongoDB - The SequelSilicon Valley Code Camp 2015 - Advanced MongoDB - The Sequel
Silicon Valley Code Camp 2015 - Advanced MongoDB - The Sequel
 

More from Wolfgang Kandek

Gartner UK 2015 Anatomy of An Attack
Gartner UK 2015 Anatomy of An AttackGartner UK 2015 Anatomy of An Attack
Gartner UK 2015 Anatomy of An AttackWolfgang Kandek
 
MindTheSec Anatomia de um Ataque
MindTheSec Anatomia de um AtaqueMindTheSec Anatomia de um Ataque
MindTheSec Anatomia de um AtaqueWolfgang Kandek
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersWolfgang Kandek
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things Wolfgang Kandek
 
20 Critical Security Controls and QualysGuard
20 Critical Security Controls and QualysGuard20 Critical Security Controls and QualysGuard
20 Critical Security Controls and QualysGuardWolfgang Kandek
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 

More from Wolfgang Kandek (9)

Anatomie eines Angriffs
Anatomie eines AngriffsAnatomie eines Angriffs
Anatomie eines Angriffs
 
Gartner UK 2015 Anatomy of An Attack
Gartner UK 2015 Anatomy of An AttackGartner UK 2015 Anatomy of An Attack
Gartner UK 2015 Anatomy of An Attack
 
MindTheSec Anatomia de um Ataque
MindTheSec Anatomia de um AtaqueMindTheSec Anatomia de um Ataque
MindTheSec Anatomia de um Ataque
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on Hackers
 
Unsafe SSL webinar
Unsafe SSL webinarUnsafe SSL webinar
Unsafe SSL webinar
 
BSI Lagebericht 2014
BSI Lagebericht 2014BSI Lagebericht 2014
BSI Lagebericht 2014
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things
 
20 Critical Security Controls and QualysGuard
20 Critical Security Controls and QualysGuard20 Critical Security Controls and QualysGuard
20 Critical Security Controls and QualysGuard
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
 

Recently uploaded

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Recently uploaded (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

Patch Summary Webinar April 11

  • 1. Patch Overview March/April Wolfgang Kandek, Qualys, Inc April 11, 2012
  • 2. March Patches • Microsoft March, 12: 7 bulletins – MS13-021-MS13-027 • 4 critical, 3 important • Internet Explorer MS13-0021 – Metasploit available • USB MS13-027 – “Evil Maid” attack
  • 3. March Patches • Microsoft March, 12: 7 bulletins – MS13-021-MS13-027 • 4 critical, 3 important • Internet Explorer MS13-0021 – Metasploit available • USB MS13-027 – “Evil Maid” attack • Adobe Flash – 4 critical
  • 4. March Patches • Microsoft March, 12: 7 bulletins – MS13-021-MS13-027 • 4 critical, 3 important • Internet Explorer MS13-0021 – Metasploit available • USB MS13-027 – “Evil Maid” attack • Adobe Flash – 4 critical • Oracle Java 0-day – March, 4: Java v7u17
  • 5. March Patches • Microsoft March, 12: 7 bulletins – MS13-021-MS13-027 • 4 critical, 3 important • Internet Explorer MS13-0021 – Metasploit available • USB MS13-027 – “Evil Maid” attack • Adobe Flash – 4 critical • Oracle Java 0-day – March, 4: Java v7u17 • CanSecWest – Pwn2Own Competition • Oracle Java 4x US$20,000 • Chrome, Firefox, Internet Explorer – each US$ 100,000 • Adobe Flash and Reader – each US$70,000
  • 6. April Patches • Microsoft April, 9: 9 bulletins – MS13-028-MS13-036 • 2 critical, 7 important • Internet Explorer MS13-0028 • RDP ActiveX MS13-029 • No PWN2OWN
  • 7. April Patches • Microsoft April, 9: 9 bulletins – MS13-028-MS13-036 • 2 critical, 7 important • Internet Explorer MS13-0028 • RDP ActiveX MS13-029 • No PWN2OWN • Adobe Flash – 4 critical • PWN2OWN – but not Adobe Reader
  • 8. April Patches • Microsoft April, 9: 9 bulletins – MS13-028-MS13-036 • 2 critical, 7 important • Internet Explorer MS13-0028 • RDP ActiveX MS13-029 • No PWN2OWN • Adobe Flash – 4 critical • PWN2OWN – but not Adobe Reader • Oracle Java Scheduled Patch Day – April, 16 • Out-of-band scheduled • Java 6 now end of life • PWN2OWN unlikely
  • 9. Patch Monitoring • Microsoft • Apple • Adobe • Flash • Reader • Oracle Java
  • 10. Patch Monitoring • Microsoft • Apple • Adobe • Flash • Reader • Oracle Java What really gets attacked ?
  • 14. March/April Patch related EMET - Enhanced Mitigation Experience Toolkit • Straight jacket for Windows programs • Checks for often abused attack vectors • DEP, ASLR bypass, Headspray, StackPivot, ROP • Often cited by Microsoft as a valid mitigation technique • V3.5 • manageable via GPO • Integration of BlueHat Prize Mitigation Technologies