Upload
beyondtrust
View
907
Download
1
Embed Size (px)
DESCRIPTION
eEye’s monthly Vulnerability Expert Forum provides a complete analysis of recently announced critical vulnerabilities from Microsoft and other software vendors. Join us the second Wednesday of each month - the day after Patch Tuesday, when Microsoft discloses their monthly patches – to get: - A complete analysis on the latest critical vulnerabilities, vendor patches, and zero-day threats- Detailed assessment of the true criticality of each patch to best prioritize rolloutExpert guidance on the actions necessary to protect your systems
Citation preview
eEye Digital Security
1.866.339.3732
www.eEye.com
Vulnerability Expert Forum
June 15, 2011
Agenda
About eEye
Microsoft’s June Security Bulletins
Retina Community
Other Vendor Security Updates
Security Landscape: InfoSec News
Secure and Comply with eEye
Q&A
eEye Digital Security
1.866.339.3732
www.eEye.com
eEye at a Glance
Industry Pioneers
Leaders in IT security since 1998
Developed one of the first vulnerability scanners
Growing and profitable
Thought Leaders
World-renowned security research team
Trusted advisors to organizations across industries and sizes
eEye Digital Security
1.866.339.3732
www.eEye.com
Security Experts
Seasoned security professionals
Thousands of customers
Some of the largest VM installations in the world
Award-Winning Solutions
Recognized product leadership
Securing companies of all sizes
Unparalleled services and support
Why eEye
Making the Complex Simple
Unified
Efficient
Effective
eEye Digital Security
1.866.339.3732
www.eEye.com
“Retina provides a solid feature set with easy-to- use scanning controls. It’s an excellent vulnerability scanner at a good price. This one gets our Best Buy.”
“eEye Digital Security raises the standard in enterprise endpoint protection with a management console that could almost be called next generation.”
“eEye’s security research team continues to provide good Windows vulnerability coverage and mitigation advice for zero-day vulnerabilities.”
“Retina has many desirable features…and an extremely flexible reporting portal. The product is also attractively priced.”
The Industry Experts Say…
eEye Research Services
eEye Preview • Advanced Vulnerability Information• Full Zero-Day Analysis and Mitigation• Custom Malware Analysis• eEye Research Tool Access• Includes Managed Perimeter Scanning
eEye AMP• Any Means Possible Penetration Testing• Gain true insight into network insecurities• “Capture-The-Flag” Scenarios
eEye Custom Research• Exploit Development• Malware Analysis
Forensics Support• Compliance Review
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft June Security Bulletins
16 Total Bulletins; 34 Issues Fixed
Vulnerability in MHTML Could Allow Information Disclosure (2544893)
Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft June Security Bulletins
16 Total Bulletins; 34 Issues Fixed
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
Vulnerability in SMB Server Could Allow Denial of Service (2536275)
Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
Cumulative Security Update for Internet Explorer (2530548)
Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-037
1 Vulnerability Fixed in Bulletin
MHTML MIME-Formatted Request Vulnerability - CVE-2011- 1894
Severity: Important
My Magical Mime and Me
Allows Information Disclosure
Publicly Disclosed
Mitigations
Disable the MHTML Protocol
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-038
1 Vulnerability Fixed in Bulletin
OLE Automation Underflow Vulnerability - CVE-2011-0658
Severity: Critical
Ole! Ole ole ole!
Remote code execution under the context of the currently logged in user
Privately Reported
Likely attack vector is a webpage hosting a specially crafted Windows Metafile image.
Mitigations
Disable scripting, make use of trusted zones
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-039
1 Vulnerability Fixed in Bulletin
.NET Framework Array Offset Vulnerability - CVE-2011-0664
Severity: Critical
You wearing your Hair.NET?
Remote code execution under the context of the currently logged in user
Privately Reported
Mitigations
Disable the ability to run partially trusted .NET applications
Adjust settings to prompt before running XAML browser applications in Internet Explorer
Prevent the Microsoft Silverlight ActiveX control from running
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-040
1 Vulnerability Fixed in Bulletin
TMG Firewall Client Memory Corruption Vulnerability - CVE- 2011-1889
Severity: Critical
Fe Fi Fofront Fum
Requires that the client make specially crafted network requests
Privately Reported
Mitigations
Disable the TMG Client
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-041
1 Vulnerability Fixed in Bulletin
Win32k OTF Validation Vulnerability - CVE-2011-1873
Severity: Critical
Oh That OTF!!!
Remote code execution with Kernel level privileges
Privately Reported
Exploited when a user views a specially crafted OpenType font
Mitigations
Disable the WebClient service
Disable the Preview the Details Panes in Windows Explorer
Block TCP ports 139 and 445 at the firewall
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-042
2 Vulnerabilities Fixed in Bulletin
DFS Memory Corruption Vulnerability - CVE-2011-1868
DFS Referral Response Vulnerability - CVE-2011-1869
Severity: Critical
DFS = Dress For Success
Possible unauthenticated remote code execution with elevated privileges
Both Privately Reported
Mitigations
No mitigations have been identified with these vulnerabilities
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-043
1 Vulnerability Fixed in Bulletin
SMB Response Parsing Vulnerability - CVE-2011-1268
Severity: Critical
1-Up's and Koopa Shells
Vulnerability is in the processing of an SMB response sent to a client initiated request
Unauthenticated remote code execution with elevated privileges
Privately Reported
Mitigations
Block ports 139 and 445 at the firewall
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-044
1 Vulnerability Fixed in Bulletin
.NET Framework JIT Optimization Vulnerability - CVE-2011- 1271
Severity: Critical
Just In Time For Another .NET Vulnerability
Remote code execution with same privileges as the currently logged in user
Publicly Disclosed
Mitigations
Disable the ability to run partially trusted .NET applications
Adjust settings to prompt before running XAML browser applications in Internet Explorer
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-045
8 Vulnerabilities Fixed in Bulletin
Excel Insufficient Record Validation Vulnerability - CVE-2011-1272
Excel Improper Record Parsing Vulnerability - CVE-2011-1273
Excel Out of Bounds Array Access Vulnerability - CVE-2011-1274
Excel Memory Heap Overwrite Vulnerability - CVE-2011-1275
Excel Buffer Overrun Vulnerability - CVE-2011-1276
Excel Memory Corruption Vulnerability - CVE-2011-1277
Excel WriteAV Vulnerability- CVE-2011-1278
Excel Out of Bounds WriteAV Vulnerability - CVE-2011-1279
Severity: Important
Excel With a Chance of a Shell
Standard Microsoft Office file format vulnerabilities
Mitigations
Office file block policy
Prevent opening of files that fail Office File Validation
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-046
1 Vulnerability Fixed in Bulletin
Ancillary Function Driver Elevation of Privilege Vulnerability - CVE-2011-1249
Severity: Important
Kernel Privileges At An Ancillary Function Near You
Local elevation of privilege
Publicly Disclosed
Mitigations
No mitigations have been identified with these vulnerabilities
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-047
1 Vulnerability Fixed in Bulletin
VMBus Persistent DoS Vulnerability - CVE-2011-1872
Severity: Important
Wheels on the VMBus Go Round then Down
Privately Reported
Authenticated denial of service
Mitigations
No mitigations have been identified with these vulnerabilities
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-048
1 Vulnerability Fixed in Bulletin
SMB Request Parsing Vulnerability- CVE-2011-1267
Severity: Important
Watch Your Toadstool
Privately Reported
Remote, unauthenticated, denial of service via SMB requests
Mitigations
Block TCP ports 139 and 445 at the firewall
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-049
1 Vulnerability Fixed in Bulletin
XML External Entities Resolution Vulnerability - CVE-2011-1280
Severity: Important
Party at the Disco
Exploited via specially crafted .disco files
Privately Reported
Information disclosure
Mitigations
No mitigations have been identified with these vulnerabilities
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-050
11 Vulnerabilities Fixed in Bulletin
MIME Sniffing Information Disclosure Vulnerability - CVE-2011-1246
Link Properties Handling Memory Corruption Vulnerability - CVE-2011-1250
DOM Manipulation Memory Corruption Vulnerability - CVE-2011-1251
toStaticHTML Information Disclosure Vulnerability - CVE-2011-1252
Drag and Drop Memory Corruption Vulnerability - CVE-2011-1254
Time Element Memory Corruption Vulnerability - CVE-2011-1255
DOM Modification Memory Corruption Vulnerability - CVE-2011-1256
Drag and Drop Information Disclosure Vulnerability - CVE-2011-1258
Layout Memory Corruption Vulnerability - CVE-2011-1260
Selection Object Memory Corruption Vulnerability - CVE-2011-1261
HTTP Redirect Memory Corruption Vulnerability - CVE-2011-1262
Severity: Critical
I before E right after Vulnerability
All Privately Reported
Remote code execution
Mitigations
Disable scripting, make use of trusted zones
Read emails in plain text
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-051
1 Vulnerability Fixed in Bulletin
Active Directory Certificate Services Vulnerability - CVE-2011-1264
Severity: Important
Cross Your T’s and Sign Your Certificates
Cross-Site Scripting (XSS)
Privately Reported
Requires that the user browse to an attacker controlled web site
Mitigations
Enable XSS filter for Intranet Zone in Internet Explorer
eEye Digital Security
1.866.339.3732
www.eEye.com
Microsoft Security Bulletin: MS11-052
1 Vulnerability Fixed in Bulletin
VML Memory Corruption Vulnerability - CVE-2011-1266
Severity: Critical
What's Our Vector, Victor?
Privately Reported
Remote code execution with the same rights as the user
Requires that the user view an attacker controlled web site
Mitigations
Disable scripting, make use of trusted zones
Read emails in plain text
eEye Digital Security
1.866.339.3732
www.eEye.com
Retina Community
Powered by the renowned Retina Network Security Scanner technology, Retina Community is a completely FREE vulnerability assessment solution.
Scan up to 32 Unique IP Addresses
Assessment Audits for Operating Systems, Applications, Network Devices, and Virtualized Environments
SCAP Configuration Scanning
Vulnerability and Executive Reporting
Data Export to XML, CSV, PDF
Auto Update for Vulnerability Audits
eEye Digital Security
1.866.339.3732
www.eEye.com
Download Now: http://community.eeye.com
Oracle Java CPU – June 2011
18 Vulnerabilities Addressed
Affecting JDK and JRE versions 6, 5, and 1.4.2
13 Vulnerabilities affect confidentiality, integrity, and availability
10 Vulnerabilities Scoring 10.0 CVSS v2 Base Score
All Vulnerabilities Remotely Exploitable
Cup o’ Java
Vulnerabilities may be in an extremely common component (e.g. Sound)
Watch out for old versions not supported or those only supported by a contract
Applications package JRE as a component• “Shared” sense where Java is installed as a separate but required component• “Static” sense where Java is installed and buried within the application directory
Remove older versions of JRE/JDK if not needed
eEye Digital Security
1.866.339.3732
www.eEye.com
Adobe Security Updates – June 2011
Flash Player (APSB11-18)
Affecting 10.x on Windows, Mac OS X, UNIX/Linux, Android, Google Chrome
Exploitation seen in-the-wild; leading to execution of arbitrary code
Fixed in 10.3.181.26 for Windows, Mac, Unix, and Chrome
Android update not yet available
Shockwave Player (APSB11-17)
24 Vulnerabilities Fixed Affecting Windows and Mac OS X
All Vulnerabilities could lead to code execution.
Fixed in 11.6.0.626 or newer
Reader and Acrobat (APSB11-16)
13 Vulnerabilities Fixed Affecting Windows and Mac OS X
Code execution, Cross-document script execution, Security bypass
Incorporates APSB11-12 and APSB11-13 updates
Fixed in 10.1, 9.4.5, 8.3, or newer
eEye Digital Security
1.866.339.3732
www.eEye.com
Security Landscape - More than a Microsoft World
CTO/CSO/CxO News
Computer Sabotage Between Nations is an Act of War
Back to the Wild West days of the Internet, oh 90s, how I missed you...
Android Wallet
IT Admin News
Google Apps - What do you mean I have to update my browser now...
RSA Hacks
Apple Malware Outbreak - Because nobody predicted this would ever happen...
Researcher News
Windows PatchGuard Protection
Android Trojans, Easy as 1, 2, 3... 4... 5!
eEye Digital Security
1.866.339.3732
www.eEye.com
eEye Digital Security
1.866.339.3732
www.eEye.com
VEF Contest
You must post a comment on the “What Do You Think About eEye’s Zero- Day Tracker” blog post on the eEye blog found at http://blog.eeye.com
• http://blog.eeye.com• We will pick someone at random from the responses posted• Give us your Questions, Comments, and Suggestions
You must post your comment on the eEye Blog by Friday 6/17 at noon PST
Prize: Amazon Kindle + $25 Amazon gift card
eEye Unified Vulnerability Management
eEye Digital Security
1.866.339.3732
www.eEye.com
SECURITY RESEARCH
Automation and Efficiency = Minimized Risk and Lower TCO
MANAGE AND REPORT
• End-to-end vulnerability and compliance management• Centralized management, reporting, and controls
• Assess, mitigate, and protect from one console• Advanced trending and analytics
Vulnerability Scanning
Configuration Auditing
Asset Discovery & Inventory
Zero-Day Vulnerability Identification
Vulnerability Reporting
Compliance Auditing
ASSESS
Integrated Patch Management
Prioritized Mitigation
Risk Scoring
Security Alerts
Prescriptive Remediation Reporting
MITIGATE
Zero-Day Protection
Intrusion Prevention
Web Protection
Application Protection
System Protection
PROTECT
Connect with eEye
http://blog.eeye.com
http://www.facebook.com/eEyeDigitalSecurity
http://www.twitter.com/eEye
http://www.YouTube.com/eEyeDigitalSecurity
eEye Digital Security
1.866.339.3732
www.eEye.com
Start Today
Visit eEye http://www.eEye.com
About Us, Solutions, Awards, Resources, Downloads
Visit the eEye Security Resource Center http://www.eEye.com/Resources
Demos, Guides, Whitepapers, Videos, Webinars, Events
Contact Us 1.866.339.3732 or [email protected]
eEye Digital Security
1.866.339.3732
www.eEye.com