Monthly Security Bulletin Briefing

Slides:



Advertisements
Similar presentations
Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) Chapter 2 Installing Windows Server 2008.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 14 Upgrading to Exchange Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Computer Security and Penetration Testing
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.
Module 16: Software Maintenance Using Windows Server Update Services.
Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
Microsoft ® Official Course Module 9 Configuring Applications.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Ch 11 Managing System Reliability and Availability 1.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
Dial In Number Pin: 3959 Information About Microsoft December 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Chapter 4: Security Baselines Security+ Guide to Network Security Fundamentals Second Edition.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Administering Windows 7 Lesson 11. Objectives Troubleshoot Windows 7 Use remote access technologies Troubleshoot installation and startup issues Understand.
2 New Security Bulletins and AdvisoriesNew Security Bulletins and Advisories –1 New Security Advisory –1 New Critical Bulletin –1 New Moderate Bulletin.
Module 4: Add Client Computers and Devices to the Network.
Dial In Number Pin: 3959 Information About Microsoft August 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number Pin: 3959 Information About Microsoft’s January 2013 Out-of-Band Security Bulletin Jonathan Ness Security Development Manager.
Week #7 Objectives: Secure Windows 7 Desktop
Dial In Number Pin: 3959 Information About Microsoft November 2012 Security Bulletins Jeremy Tinder Security Program Manager Microsoft Corporation.
Windows 2003 Overview Lecture 1. Windows Networking Evolution Windows for Workgroups – peer-to-peer networking built into the OS Windows NT – separate.
Managing and Monitoring Windows 7 Performance Lesson 8.
Troubleshooting Windows Vista Security Chapter 4.
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
Module 7: Fundamentals of Administering Windows Server 2008.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
1 © 2004, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Using Internet Explorer 7.0 to Access Cisco Unity 5.0(1) Web Interfaces Unity 5.0(1)
C HAPTER 2 Introduction to Windows XP Professional.
二月份資訊安全公告 Feb 16, 2007 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處.
Compatibility and Interoperability Requirements
1 Chapter Overview Preparing to Upgrade Performing a Version Upgrade from Microsoft SQL Server 7.0 Performing an Online Database Upgrade from SQL Server.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Information About Microsoft Out-of-Band Security Bulletins.
Internet Explorer 7 Updated Advice for the NHS 04 February 2008 Version 1.3.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
1 BCS 4 th Semester. Step 1: Download SQL Server 2005 Express Edition Version Feature SQL Server 2005 Express Edition SP1 SQL Server 2005 Express Edition.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Troubleshooting Windows Vista Lesson 11. Skills Matrix Technology SkillObjective DomainObjective # Troubleshooting Installation and Startup Issues Troubleshoot.
CACI Proprietary Information | Date 1 PD² SR13 Client Upgrade Name: Semarria Rosemond Title: Systems Analyst, Lead Date: December 8, 2011.
CACI Proprietary Information | Date 1 PD² v4.2 Increment 2 SR13 and FPDS Engine v3.5 Database Upgrade Name: Semarria Rosemond Title: Systems Analyst, Lead.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Maintaining Windows Server 2008 File Services
Introduction to SQL Server 2000 Security
Local Administrator Rights
Lesson 16-Windows NT Security Issues
Severity and Exploitability Index
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Monthly Security Bulletin Briefing July 2015

July 2015 Security Bulletin Release Security Bulletins Security Advisory Revision Other content Product Support Lifecycle Appendix Manageability Tools Reference Related Resources New 2 Bulletin Advisory New Critical Important 14 4 10 New Critical Important 10 4 6 Slide 2

July 2015 Security Bulletin Release Overview Impact Component Severity Exploit Index Disclosure Exploited? MS15-058 Remote Code Execution SQL Important 2 Private No MS15-065 IE Critical Public Yes MS15-066 VBScript 1 MS15-067 RDP 3 MS15-068 Hyper-V MS15-069 Windows MS15-070 Office MS15-071 Elevation of Privilege Netlogon MS15-072 Graphics Comp MS15-073 KMD MS15-074 Windows Installer MS15-075 OLE MS15-076 RPC MS15-077 ATM Font Driver Exploitability Index: 0 – Exploitation Detected | 1 - Exploitation more likely | 2 – Exploitation less likely | 3 – Exploitation unlikely | NA - Not Affected Slide 3

MS15-058 Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718) Severity IMPORTANT Impact RCE Exploitability Index 2 Disclosure NO This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database. The security update addresses the vulnerabilities by correcting how SQL Server handles internal function calls and pointer casting. Executive Summary Affected software Microsoft SQL Server 2008, SQL Server 2008 R2, SQL Server 2012. SQL Server 2014 Different update files exist depending on which servicing branch a particular system is on. Check the bulletin FAQ for a table of product versions. More Information Slide 4 4

Elevation of Privilege MS15-058 Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-1762 Important Remote Code Execution 3 NA No CVE-2015-1763 CVE-2015-1761 Elevation of Privilege 2 Exploitability Index: 0 – Exploitation Detected | 1 - Exploitation more likely | 2 – Exploitation less likely | 3 – Exploitation unlikely | NA - Not Affected CVE-2015-1761 — Attacker needs permissions to create or modify a database. CVE-2015-1762 — Attacker must have special permissions and transactional replication must be enabled. CVE-2015-1761/1763 — Limit permissions on server for database and schema creation. CVE-2015-1762 — no workarounds Mitigations Workarounds Authenticated attacker with special permissions accesses a database or runs a specially crafted query against an affected SQL server. Attack Vectors Slide 5

MS15-065 Security Update for Internet Explorer (3076321) Severity CRITICAL Impact RCE Exploitability Index Disclosure YES This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. The security update addresses the vulnerabilities by modifying the way that IE handles objects in memory, adding additional permission validations to IE, helping to ensure that affected versions of JScript and VBScript and IE properly implement the ASLR security feature, and helping to prevent information stored in a user’s clipboard from being accessed by a malicious site. Executive Summary Affected software All supported versions of Internet Explorer on all supported versions of Windows There are multiple update packages bundled with this update that get installed transparently under most deployment scenarios. When deploying updates manually, be sure to install in correct order. .. More Information Slide 6 6

MS15-065 Security Update for Internet Explorer (3076321) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2425 Critical Remote Code Execution NA Yes No Multiple 1 CVE-2015-2372 CVE-2015-2419 CVE-2015-2405 Important Elevation of Privilege Information Disclosure CVE-2015-2398 Security Feature Bypass 2 CVE-2015-2421 Exploitability Index: 0 – Exploitation Detected | 1 - Exploitation more likely | 2 – Exploitation less likely | 3 – Exploitation unlikely | NA - Not Affected Attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. All memory corruption CVE — Exploitation only gains the same user rights as the logged-on account. All memory corruption CVE — EMET helps mitigate the attacks. All memory corruption CVE — By default, IE runs in Enhanced Security Configuration mode for all Windows Servers. CVE-2015-2372 — restrict access to vbscript.dll. See bulletin for details. Mitigations Workarounds Attacker hosts a malicious website utilizing the vulnerability, then convinces users to visit the site. Attacker takes advantage of compromised websites and/or sites hosting ads from other providers. Attack Vectors Slide 7

MS15-066 Vulnerability in VBScript Scripting Engines Could Allow Remote Code Execution (3072604) Severity CRITICAL Impact RCE Exploitability Index 1 Disclosure NO This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The security update addresses the vulnerability by modifying how the VBScript scripting engine handles objects in memory. Executive Summary Affected software Windows Vista, Windows Server 2003, Windows Server 2008 The updates available in this bulletin are for systems without Internet Explorer installed or for systems with Internet Explorer 8 or earlier versions installed. For IE 9 and later, apply MS15-065. More Information Slide 8 8

MS15-066 Vulnerabilities in VBScript Scripting Engines Could Allow Remote Code Execution (3072604) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2372 Critical Remote Code Execution NA 1 No Exploitability Index: 0 – Exploitation Detected | 1 - Exploitation more likely | 2 – Exploitation less likely | 3 – Exploitation unlikely | NA - Not Affected Microsoft has not identified any mitigating factors for this vulnerability. CVE-2015-2372 — restrict access to VBScript.dll. See bulletin for details. Mitigations Workarounds Attacker hosts a malicious website utilizing the vulnerability, then convinces users to visit the site. Attacker takes advantage of compromised websites and/or sites hosting ads from other providers. Attacker could embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. Attack Vectors Slide 9

MS15-067 Vulnerability in RDP Could Allow Remote Code Execution (3073094) Severity CRITICAL Impact RCE Exploitability Index 3 Disclosure NO Executive Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with Remote Desktop Protocol (RDP) server service enabled. By default, the RDP server service is not enabled on any Windows operating system. Systems that do not have the RDP server service enabled are not at risk. The security update addresses the vulnerability by modifying how the terminal service handles packets. Affected software Windows 7, Windows 8, Windows Server 2012 Enterprise and Ultimate editions of Windows 7 are affected. All supported editions of Windows 7 are affected if RDP 8.0 is installed on the system. For customers running RDP 8.0 on local systems who do not need the new server-side features provided in RDP 8.0, Microsoft recommends upgrading to RDP 8.1 and not applying (or removing) the 3067904 update. More Information Slide 10 10

MS15-067 Vulnerability in RDP Could Allow Remote Code Execution (3073094) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2373 Critical Remote Code Execution NA 3 P No Exploitability Index: 0 – Exploitation Detected | 1 - Exploitation more likely | 2 – Exploitation less likely | 3 – Exploitation unlikely | NA - Not Affected Microsoft has not identified any mitigating factors for this vulnerability. Microsoft has not identified any workarounds for this vulnerability. Mitigations Workarounds Attacker sends a specially crafted sequence of packets to a system running RDP server service. Attack Vectors Slide 11

MS15-068 Vulnerabilities in Windows Server Hyper-V Could Allow Remote Code Execution (3072000) Severity CRITICAL Impact RCE Exploitability Index 2 Disclosure NO Executive Summary This security update resolves vulnerabilities in Windows Server Hyper-V. The vulnerabilities could allow remote code execution in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability. The security update addresses the vulnerabilities by correcting how Hyper-V initializes system data structures in guest virtual machines. Windows 8 x64, Windows 8.1 x64, Windows Server 2008 x64, Windows Server 2008 R2 x64, Windows Server 2012 Affected software More Information None. Slide 12 12

MS15-068 Vulnerabilities in Windows Server Hyper-V Could Allow Remote Code Execution (3072000) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2361 Critical Remote Code Execution 2 P No CVE-2015-2362 NA Exploitability Index: 0 – Exploitation Detected | 1 - Exploitation more likely | 2 – Exploitation less likely | 3 – Exploitation unlikely | NA - Not Affected Attacker must have valid logon credentials on a guest virtual machine. Microsoft has not identified any workarounds for these vulnerabilities. Mitigations Workarounds A specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. Attack Vectors Slide 13

MS15-069 Vulnerabilities in Windows Could Allow Remote Code Execution (3072631) Severity IMPORTANT Impact RCE Exploitability Index 1 Disclosure NO Executive Summary This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow Remote Code Execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open an RTF file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. Windows Vista, Windows 7, Windows 8.1, Windows RT 8.1, Windows Server 2003 x86 and x64, Windows Server 2008 x86 and x64, Windows Server 2008 R2 x86 and x64, Windows Server 2012 R2 Affected software More Information Windows Server 2008 R2 systems are affected only if Desktop Experience is installed. Slide 14 14

MS15-069 Vulnerabilities in Windows Could Allow Remote Code Execution (3072631) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2368 Important Remote Code Execution 1 NA No CVE-2015-2369 2 Exploitability Index: 0 – Exploitation Detected | 1 - Exploitation more likely | 2 – Exploitation less likely | 3 – Exploitation unlikely | NA - Not Affected Microsoft has not identified any mitigating factors for these vulnerabilities. CVE-2015-2369 — Modify the registry to prevent Office documents from loading the WMDMCESP. WMDMCESP ActiveX control. See bulletin for details. Mitigations Workarounds Attacker places a specially crafted DLL file in the target user’s current working directory and then convinces the user to open a specially crafted .RTF file or launch a program that loads a trusted DLL file but instead loads the attacker’s specially crafted DLL file. Attack Vectors Slide 15

MS15-070 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620) Severity IMPORTANT Impact RCE Exploitability Index Disclosure NO Executive Summary This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. The security update addresses the vulnerabilities by correcting how correcting how Office parses specially crafted files, handles files in memory, and by helping to ensure the SharePoint Server properly sanitizes user input. Office 2007, Office 2010, Office 2013, Office 2013 RT, Office for Mac, Excel Viewer 2007, Office Compatibility Pack, Word Viewer, Excel Services on SharePoint Server 2007, 2010, 2013 Affected software There are many different updates associated with this bulletin due to the number of affected Office products. Depending on configuration, more than one update may be applicable to your environment. More Information Slide 16 16

Security Feature Bypass MS15-070 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2424 Important Remote Code Execution NA No Yes CVE-2015-2378 2 Multiple 1 CVE-2015-2375 Security Feature Bypass Exploitability Index: 0 – Exploitation Detected | 1 - Exploitation more likely | 2 – Exploitation less likely | 3 – Exploitation unlikely | NA - Not Affected All CVE except CVE-2015-2378 — Attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. Exploitation only gains the same user rights as the logged-on account. Microsoft has not identified any workarounds for these vulnerabilities. Mitigations Workarounds Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. Web Scenario - Attacker hosts a malicious website utilizing the vulnerability, then convinces users to visit the site or attacker takes advantage of compromised websites and/or sites hosting ads from other providers. Email scenario - Attacker sends specially–crafted file and persuades user to open file. CVE-2015-2378 — Attacker places a specially crafted DLL file in the target user’s current working directory and then convinces the user to launch a program that loads a trusted DLL file but instead loads the attacker’s specially crafted DLL file. Attack Vectors Slide 17

MS15-071 Vulnerability in NETLOGON Could Allow Elevation of Privilege (3068457) Severity IMPORTANT Impact EOP Exploitability Index 3 Disclosure NO Executive Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with access to a primary domain controller (PDC) on a target network runs a specially crafted application to establish a secure channel to the PDC as a backup domain controller (BDC). The update addresses the vulnerability by modifying how Netlogon handles establishing secure channels. Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 , Windows Server 2012 R2 Affected software More Information None. Slide 18 18

Elevation of Privilege MS15-071 Vulnerability in NETLOGON Could Allow Elevation of Privilege (3068457) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2374 Important Elevation of Privilege 3 NA No Exploitability Index: 0 – Exploitation Detected | 1 - Exploitation more likely | 2 – Exploitation less likely | 3 – Exploitation unlikely | NA - Not Affected Microsoft has not identified any mitigating factors for this vulnerability. Microsoft has not identified any workarounds for this vulnerability. Mitigations Workarounds An elevation of privilege vulnerability exists in Netlogon that is caused when the service improperly establishes a secure communications channel to a primary domain controller (PDC). An attacker would first need to have access to a PDC on a target network. An attacker could then run a specially crafted application that could establish a secure channel to the PDC as a backup domain controller (BDC) and may be able to disclose credentials. Attack Vectors Slide 19

MS15-072 Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392) Severity IMPORTANT Impact EOP Exploitability Index 1 Disclosure NO Executive Summary The vulnerability could allow elevation of privilege if Windows Graphics component fails to properly process bitmap conversions. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. The security update addresses the vulnerability by correcting how Windows processes bitmap conversions. Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 , Windows Server 2012 R2 Affected software More Information None. Slide 20 20

Elevation of Privilege MS15-072 Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2364 Important Elevation of Privilege 1 NA No Exploitability Index: 0 – Exploitation Detected | 1 - Exploitation more likely | 2 – Exploitation less likely | 3 – Exploitation unlikely | NA - Not Affected Attacker must be able to log on to system to exploit. Microsoft has not identified any workarounds for this vulnerability. Mitigations Workarounds To exploit the vulnerability, an attacker must first log on to the system. An attacker could then run a specially crafted application designed to increase privileges. Attack Vectors Slide 21

MS15-073 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102) Severity IMPORTANT Impact EOP Exploitability Index 1 Disclosure NO Executive Summary The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory. Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 , Windows Server 2012 R2 Affected software More Information None. Slide 22 22

MS15-073 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2363 Important Elevation of Privilege 1 P No CVE-2015-2365 CVE-2015-2366 2 NA CVE-2015-2367 Information Disclosure CVE-2015-2381 CVE-2015-2382 Exploitability Index: 0 – Exploitation Detected | 1 - Exploitation more likely | 2 – Exploitation less likely | 3 – Exploitation unlikely | NA - Not Affected An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. Microsoft has not identified any workarounds for these vulnerabilities. Mitigations Workarounds Attacker logs on to system and runs a specially crafted application. Attack Vectors Slide 23

MS15-074 Vulnerability in Windows Installer Component Could Allow Elevation of Privilege (3072630) Severity IMPORTANT Impact EOP Exploitability Index 1 Disclosure NO Executive Summary The vulnerability could allow elevation of privilege if the Windows Installer component improperly runs custom action scripts. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. The security update addresses the vulnerability by correcting how custom action scripts are executed. Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 , Windows Server 2012 R2 Affected software More Information None. Slide 24 24

Elevation of Privilege MS15-074 Vulnerability in Windows Installer Component Could Allow Elevation of Privilege (3072630) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2371 Important Elevation of Privilege 1 NA No Exploitability Index: 0 – Exploitation Detected | 1 - Exploitation more likely | 2 – Exploitation less likely | 3 – Exploitation unlikely | NA - Not Affected Microsoft has not identified any mitigating factors for this vulnerability. Microsoft has not identified any workarounds for this vulnerability. Mitigations Workarounds To exploit the vulnerability, an attacker must first compromise a user who is logged on to the target system, then find a vulnerable .msi package that is installed on the target system and, finally, place specially crafted code on the target system that the vulnerable .msi package can execute. Attack Vectors Slide 25

MS15-075 Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633) Severity IMPORTANT Impact EOP Exploitability Index 1 Disclosure NO Executive Summary The vulnerabilities could allow elevation of privilege if an attacker convinces a user to open a file that contains a specially crafted OLE component. The security update addresses the vulnerability by modifying how OLE objects are handled in memory. Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 , Windows Server 2012 R2 Affected software More Information None Slide 26 26

Elevation of Privilege MS15-075 Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2416 Important Elevation of Privilege 1 NA No CVE-2015-2417 Exploitability Index: 0 – Exploitation Detected | 1 - Exploitation more likely | 2 – Exploitation less likely | 3 – Exploitation unlikely | NA - Not Affected Attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website (or network share), or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. Microsoft has not identified any workarounds for this vulnerability. Mitigations Workarounds An attacker could exploit the vulnerabilities by convincing a user to open a file that contains a specially crafted OLE object. Attack Vectors Slide 27

MS15-076 Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505) Severity IMPORTANT Impact EOP Exploitability Index 2 Disclosure NO Executive Summary The vulnerability, which exists in Windows Remote Procedure Call (RPC) authentication, could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could take complete control of the affected system. The security update addresses the vulnerability by improving how Windows Remote Procedure Call (RPC) handles authentication checks to preclude redirection. Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 , Windows Server 2012 R2 Affected software More Information None. Slide 28 28

Elevation of Privilege MS15-076 Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2370 Important Elevation of Privilege 2 NA No Exploitability Index: 0 – Exploitation Detected | 1 - Exploitation more likely | 2 – Exploitation less likely | 3 – Exploitation unlikely | NA - Not Affected Microsoft has not identified any mitigating factors for this vulnerability. Microsoft has not identified any workarounds for this vulnerability. Mitigations Workarounds To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to elevate privileges. Attack Vectors Slide 29

MS15-077 Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657) Severity IMPORTANT Impact EOP Exploitability Index Disclosure YES The vulnerability Adobe Type Manager Font Driver (ATMFD) could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. The security update addresses the vulnerability by correcting how ATMFD handles objects in memory. Executive Summary Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 , Windows Server 2012 R2 Affected software More Information US Cert vulnerability note : http://www.kb.cert.org/vuls/id/103336 Slide 30 30

Elevation of Privilege MS15-077 Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2387 Important Elevation of Privilege NA Yes No Exploitability Index: 0 – Exploitation Detected | 1 - Exploitation more likely | 2 – Exploitation less likely | 3 – Exploitation unlikely | NA - Not Affected Microsoft has not identified any mitigating factors for this vulnerability. Rename ATMFD.DLL. See bulletin for details. Impact: applications relying on embedded font technology will not display properly. Mitigations Workarounds To exploit the vulnerability, an attacker would first have to log on to a target system and then run a specially crafted application. Attack Vectors Slide 31

Security Advisory – Update to Harden Use of DES Encryption SA3057154 Executive Summary DES Hardening This update provides enhanced protection where DES is still used for application compatibility reasons. After applying the update, DES is disabled for the following built- in accounts: krbtgt, trust, machine, machine/user accounts. Suggested Actions Test and Deploy Microsoft recommends that customers running applications that may still use DES encryption to test this update carefully and then deploy. More Information KB https://support.microsoft.com/kb/3057154 Slide 32

Security Advisory – Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation of Privilege SA3074162 Executive Summary CVE-2015-2418 EoP An update to the Microsoft Malicious Software Removal Tool (MSRT) is available that addresses a security vulnerability that could allow elevation of privilege if an attacker logs on to a target system and places a specially crafted dynamic link library (.dll) file in a local directory. An authenticated attacker who successfully exploited the vulnerability could elevate privileges on a target system. Suggested Actions Update Immediately Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malicious Software Removal Tool, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. Administrators may need to ensure that the latest version of the MSRT is approved for deployment. More Information KB Last version of the MSRT affected by this vulnerability: Version 5.25. First version of the MSRT with this vulnerability addressed: Version 5.26 https://support.microsoft.com/kb/3074162 Slide 33

Product Families and Service Packs Reaching End of Support Microsoft Windows Server 2003 Microsoft Forefront Client Security Product Families Microsoft Dynamics GP 2013 (RTM) Microsoft SQL Server 2012 Service Pack 1 Service Packs Public migration planning assistant: http://www.microsoft.com/en-us/server-cloud/products/windows-server- 2003/#fbid=dOMveZ3Cgwj More Information Slide 34

Appendix

Detection and Deployment Bulletin Component Windows Update Microsoft Update MBSA WSUS 3.0 Configuration Manager MS15-058 SQL Server No Yes MS15-065 Internet Explorer Yes1 MS15-066 VBScript MS15-067 RDP MS15-068 Hyper-V MS15-069 Windows MS15-070 Office MS15-071 Netlogon MS15-072 Graphics Component MS15-073 Kernel Mode Drivers MS15-074 MSI MS15-075 OLE MS15-076 RPC MS15-077 ATM Font Driver Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store Slide 36

Additional Update Information Bulletin Component Restart Uninstall Replaces MS15-058 SQL Server Maybe Yes None MS15-065 Internet Explorer MS15-056 MS15-066 VBScript MS15-019 MS15-067 RDP MS15-030 MS15-068 Hyper-V MS15-069 Windows MS15-070 Office Yes (except SharePoint, Mac) MS13-084, MS15-022, MS15-033, MS15-046 MS15-071 Netlogon MS15-027 MS15-072 Graphics Component MS14-036, MS15-035 MS15-073 Kernel Mode Drivers MS15-061 MS15-074 MSI MS14-049 MS15-075 OLE MS13-070 MS15-076 RPC MS15-031, MS15-052, MS15-055 MS15-077 ATM Font Driver MS15-021 Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store Slide 37

Antimalware Resources Malicious Software Removal Tool Win32/Crowti – This ransomware encrypts the files on your PC and directs you to a webpage with instructions on how to unlock them. Win32/Reveton – This ransomware locks your PC and displays a full-screen message, commonly called a "lock screen”. Additional Malware removal tools Microsoft Safety Scanner Same basic engine as the MSRT, but with a full set of A/V signatures. Windows Defender Offline An offline bootable A/V tool with a full set of signatures. Designed to remove rootkits and other advanced malware that can't always be detected by antimalware programs. Requires you to download an ISO file and burn a CD, DVD, or USB flash drive. Antimalware Resources Slide 38

Public Security Bulletin Resource Links Microsoft Security Bulletin Summary for July 2015 https://technet.microsoft.com/library/ms15-jul.aspx Security Bulletin Search http://technet.microsoft.com/security/bulletin Security Advisories http://technet.microsoft.com/security/advisory Microsoft Technical Security Notifications http://technet.microsoft.com/security/dd252948.aspx Detailed Bulletin Information Spreadsheet http://go.microsoft.com/fwlink/?LinkID=245778 Security Tools for IT Pros http://technet.microsoft.com/en-us/security/cc297183 KB894199 Description of Software Update Services and Windows Server Update Services changes in content http://support.microsoft.com/kb/894199 The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software http://support.microsoft.com/kb/890830 Slide 39

Known Issues MS15-058 SQL KB3045317 - MS15-058: Description of the security update for SQL Server 2012 SP1 QFE: July 14, 2015 An instance of SQL Server 2012 Service Pack 1 that has the Master Data Services (MDS) component installed but does not have the SQL Engine component installed may not discover this security update from Microsoft Update. KB3045313, KB3045314, KB3045316 - MS15-058: Description of the security update for SQL Server 2008 R2 (SP2 & SP3) When you use the /? switch or the /Help switch with this security update package, you receive an error message. To avoid the error use /IACCEPTSQLSERVERLICENSETERMS /? Slide 40