Vulnerability Expert Forum eEye Research February 10, 2010.

Slides:



Advertisements
Similar presentations
Patch Management Patch Management in a Windows based environment
Advertisements

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.
System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
PREVIOUS GNEWS. 11 Patches – 5 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS IE, Remote Execution.
PREVIOUS GNEWS. 13 Patches – 5 Critical Affecting Windows (pretty much all of them) Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.
Security Audit Tools Project. CT 395 IT Security I Professor Igbeare Summer Quarter 2009 August 25, 2009.
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.
UC Security with Microsoft Office Communication Server R1/R2 FRHACK Sept 8, 2009 Abhijeet Hatekar Vulnerability Research Engineer.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
1 GFI LANguard N.S.S VS NeWT Security Scanner Presented by:Li,Guorui.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
2 New Security Bulletins and AdvisoriesNew Security Bulletins and Advisories –1 New Security Advisory –1 New Critical Bulletin –1 New Moderate Bulletin.
Testing Tools. Categories of testing tools Black box testing, or functional testing Testing performed via GUI. The tool helps in emulating end-user actions.
Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
A Security Review Process for Existing Software Applications
W HAT DOES EXPLOIT MEAN ? A ND THE S ASSER WORM Seminar on Software Engineering, Short Presentation Christian Gruber.
EEye Digital Security    On the Frontline of the Threat Landscape: Simple configuration goes a long way.
BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.
The Microsoft Baseline Security Analyzer A practical look….
Software Security Testing Vinay Srinivasan cell:
Operating System Security. OS manages and controls access to hardware components Older OSs focused on ensuring data confidentiality Modern operating systems.
1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi.
FORESEC Academy FORESEC Academy Security Essentials (III)
Previous Gnews. 13 Patches – 8 Critical, Affects pretty much everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS SMBv2.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
CSCE 548 Secure Software Development Taxonomy of Coding Errors.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
Operating Systems Security
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer.
Bahasa Inggris 3 Arranged by Pikir Wisnu Wijayanto, M.Hum Aris Hermansyah, S.S. Prodi D3 Manajemen Informatika Fakultas Ilmu Terapan Universitas Telkom.
Writing Security Alerts tbird Last modified 2/25/2016 8:55 PM.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
Vulnerability Expert Forum eEye Research April 14, 2010.
Vulnerability / Cybersecurity Research Discussion Dwayne Melancon, CISA Chief Technology Officer and VP of Research & Development.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Application Communities
Nessus Vulnerability Scan
TMG Client Protection 6NPS – Session 7.
Critical Security Controls
Chapter 6 Application Hardening
Security Testing Methods
Penetration Test Debrief
Configuring Windows Firewall with Advanced Security
Secure Software Confidentiality Integrity Data Security Authentication
A Security Review Process for Existing Software Applications
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Severity and Exploitability Index
Presentation transcript:

Vulnerability Expert Forum eEye Research February 10, 2010

Title Agenda  About eEye’s Research and Development  eEye Preview Overview  Microsoft’s February Security Bulletins  Security Landscape – Other InfoSec News  Securing Your Networks  Q&A

Title “Having a great R&D team issuing advisories and being on the ‘front lines’ of discovering security issues is assuring and was a primary decision factor in choosing eEye when migrating from ISS”. Robert Timko, Information Security Director  eEye has discovered more high risk vulnerabilities than any other Research Team  eEye’s Research Team regularly consults with government agencies and congressional committees  R&D discoveries and innovation drives unrivaled capabilities of eEye products  eEye’s Research Team provides leading edge insight, tools and resources, defining the security industry Vulnerability Research Powerhouse

Title  eEye Preview Security Intelligence Advanced Vulnerability Information Full Zero-Day Analysis and Mitigation Custom Malware Analysis eEye Research Tool Access Includes Managed Perimeter Scanning  eEye AMP Any Means Possible Penetration Testing Gain true insight into network insecurities “Capture-The-Flag” Scenarios  eEye Custom Research Services Exploit Development Malware Analysis Forensics Support Compliance Review eEye Research Services

Title Microsoft February Security Bulletins  13 total bulletins; 26 Issues Fixed 5 Critical Severity Bulletins MS Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) MS Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713) MS Cumulative Security Update of ActiveX Kill Bits (978262) MS Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145) MS Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935) 7 Important Severity Bulletins MS Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) MS Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) MS Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894) MS Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037) MS Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468) MS Vulnerability in Kerberos Could Allow Denial of Service (977290) MS Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) 1 Moderate Severity Bulletin MS Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)

Title Microsoft’s Security Bulletin: MS Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)  A single vulnerability fixed in bulletin MSO.DLL Buffer Overflow - CVE  Criticality: Critical for Office XP SP3 and Office 2004 for Mac  What Does It Affect? How critical is it? Microsoft Word and Excel Vulnerability Details are public – attackers will likely attempt to use this in the wild  Mitigation Apply Patch ASAP Block Office File types at the (mail) gateway and firewall Use Blink Professional / Personal

Title Microsoft’s Security Bulletin: MS Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)  6 Vulnerabilities fixed in bulletin PowerPoint File Path Handling Buffer Overflow Vulnerability - CVE PowerPoint LinkedSlideAtom Heap Overflow Vulnerability - CVE PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability - CVE PowerPoint OEPlaceholderAtom Use After Free Vulnerability - CVE PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability - CVE Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability - CVE  Criticality: Critical for Office XP and Office 2003 and PowerPoint Viewer  Office Vulnerabilities Are High Profile Targets They make ideal drive-by exploits as well as and IM social engineering  Mitigation Apply Patch ASAP Block PPT files Use Blink Professional / Personal

Title Microsoft’s Security Bulletin: MS Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)  1 Vulnerability fixed in bulletin MS Paint Integer Overflow Vulnerability - CVE  Criticality: Moderate  Just Paint?! Microsoft Claims vulnerability only within MSPaint Low threat  Mitigation Disable Microsoft Paint Use Blink Professional / Personal

Title Microsoft’s Security Bulletin: MS Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)  2 Vulnerabilities fixed in bulletin SMB Client Race Condition Vulnerability - CVE SMB Client Pool Corruption Vulnerability - CVE  Criticality: Critical  Windows 7 SMB Redux Remote Unauthenticated Remote Code execution but….. Worm implications  Mitigation Firewall rules Use Blink Professional / Personal

Title Microsoft’s Security Bulletin: MS Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)  1 Vulnerability fixed in bulletin URL Validation Vulnerability - CVE  Criticality: Moderate  Why is this Moderate? This vulnerability was actually addressed partially by MS API Abuse issue – allows potential File Execution – not a memory corruption  Mitigation Apply BOTH Patches ASAP – MS and MS Use Blink Professional / Personal

Title Microsoft’s Security Bulletin: MS Cumulative Security Update of ActiveX Kill Bits (978262)  1 Vulnerability fixed in bulletin Microsoft Data Analyzer ActiveX Control Vulnerability - CVE  Criticality: Moderate  Good ‘ol ActiveX Will give attacker RCE on all versions of Windows/IE Requires user to have previously installed  Mitigation Set kill-bits Use Blink Professional / Personal

Title Microsoft’s Security Bulletin: MS Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)  4 Vulnerabilities fixed in bulletin TCP/IP Selective Acknowledgement Vulnerability - CVE ICMPv6 Route Information Vulnerability - CVE Header MDL Fragmentation Vulnerability - CVE ICMPv6 Router Advertisement Vulnerability - CVE  Criticality: Critical  IPv6!!! IPv6 vulnerabilities becoming “mainstream” – adjust firewalls accordingly! Double check for IPv6 machines on networks!  Mitigation Apply firewall rules Use Blink Professional / Personal

Title Microsoft’s Security Bulletin: MS Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)  1 Vulnerability fixed in bulletin Hyper-V Instruction Set Validation Vulnerability - CVE  Criticality: Important for 2008 and 2008 R2 only  Researchers Beware! Limited Environments Bad Instruction Set calls result in double BSOD – both Host and Guest  Mitigation Apply patch where applicable Use Blink Professional / Personal

Title Microsoft’s Security Bulletin: MS Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)  1 Vulnerability fixed in bulletin CSRSS Local Privilege Elevation Vulnerability - CVE  Criticality: Important  Malware Authors’ Dream Ideal for pairing with malware Ideal target would be public computers or machines with multiple user logins.  Mitigation Apply Patch ASAP Use Blink Professional / Personal

Title Microsoft’s Security Bulletin: MS Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)  4 Vulnerabilities fixed in bulletin SMB Pathname Overflow Vulnerability - CVE SMB Memory Corruption Vulnerability - CVE SMB Null Pointer Vulnerability - CVE SMB NTLM Authentication Lack of Entropy Vulnerability - CVE  Criticality: Critical  How critical are these? A security bypass, an authenticated RCE, and 2 DoS – these are ideal for attackers to cause havoc on LANs – potential malware wormable.  Mitigation Apply Patch ASAP Use Blink Professional / Personal

Title Microsoft’s Security Bulletin: MS Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)  1 Vulnerability fixed in bulletin DirectShow Heap Overflow Vulnerability - CVE  Criticality: Critical – All Windows versions  What is affected? Any media player that uses DirectX to render AVI files Drive-by exploitable as well as and IM Client machines should be patched immediately  Mitigation Apply Patch ASAP Remember media files extensions can be ‘incorrect’ Use Blink Professional / Personal

Title Microsoft’s Security Bulletin: MS Vulnerability in Kerberos Could Allow Denial of Service (977290)  1Vulnerability fixed in bulletin Kerberos Null Pointer Dereference Vulnerability - CVE  Criticality: Important – Only if you run Kerberos Auth  How is this triggered? What does it cause Requires a valid login session through Kerberos Malicious user sends a malformed TGT request DoS can last until the server is restarted - not a bugcheck / BSOD Attackers could use this to cause administrators to focus on issues while they silently attack other systems  Mitigation Apply Patch ASAP Use Blink Professional / Personal

Title Microsoft’s Security Bulletin: MS Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)  2 Vulnerabilities fixed in bulletin Windows Kernel Exception Handler Vulnerability - CVE Windows Kernel Double Free Vulnerability - CVE  Criticality: Critical – Affects every version of Windows since 3.1 AND its being used by malware in the wild.  How critical are these? Attackers already using them in malware – they could start using them with exploits as well. The exploit is very reliable and publicly available  Mitigation Apply Patch ASAP Use Blink Professional / Personal

Title Security Landscape - More Than A Microsoft World  CTO/CSO/CxO News US Navy Cyber Command PGP buys Chose Security China  IT Admin News iPhone Holes Patched BIND Flaws Patched BlackBerry Spyware Source Unleashed  Researcher News Black Hawk Safety Net BackTrack Final 4 Echo Mirage

Title eEye Digital Security – Award Winning Products Retina® Network Security Scanner Unsurpassed vulnerability assessment & remediation Blink® Unified Client Security with Anti-virus Multi-layer threat mitigation & system protection Iris® Network Traffic Analyzer Visual data monitoring & reassembly SecureIIS ™ Web Server Protection Proactive web server security

eEye Research - eEye Research Service Inquiries – CONTACT