Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerability Expert Forum eEye Research February 10, 2010.

Published byRachel Montgomery Modified over 8 years ago

Similar presentations

Presentation on theme: "Vulnerability Expert Forum eEye Research February 10, 2010."— Presentation transcript:

1 Vulnerability Expert Forum eEye Research February 10, 2010

2 Title Agenda  About eEye’s Research and Development  eEye Preview Overview  Microsoft’s February Security Bulletins  Security Landscape – Other InfoSec News  Securing Your Networks  Q&A

3 Title “Having a great R&D team issuing advisories and being on the ‘front lines’ of discovering security issues is assuring and was a primary decision factor in choosing eEye when migrating from ISS”. Robert Timko, Information Security Director  eEye has discovered more high risk vulnerabilities than any other Research Team  eEye’s Research Team regularly consults with government agencies and congressional committees  R&D discoveries and innovation drives unrivaled capabilities of eEye products  eEye’s Research Team provides leading edge insight, tools and resources, defining the security industry Vulnerability Research Powerhouse

4 Title  eEye Preview Security Intelligence Advanced Vulnerability Information Full Zero-Day Analysis and Mitigation Custom Malware Analysis eEye Research Tool Access Includes Managed Perimeter Scanning  eEye AMP Any Means Possible Penetration Testing Gain true insight into network insecurities “Capture-The-Flag” Scenarios  eEye Custom Research Services Exploit Development Malware Analysis Forensics Support Compliance Review eEye Research Services

5 Title Microsoft February Security Bulletins  13 total bulletins; 26 Issues Fixed 5 Critical Severity Bulletins MS10-006 - Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) MS10-007 - Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713) MS10-008 - Cumulative Security Update of ActiveX Kill Bits (978262) MS10-009 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145) MS10-013 - Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935) 7 Important Severity Bulletins MS10-003 - Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) MS10-004 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) MS10-010 - Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894) MS10-011 - Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037) MS10-012 - Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468) MS10-014 - Vulnerability in Kerberos Could Allow Denial of Service (977290) MS10-015 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) 1 Moderate Severity Bulletin MS10-005 - Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)

6 Title Microsoft’s Security Bulletin: MS10-003 Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)  A single vulnerability fixed in bulletin MSO.DLL Buffer Overflow - CVE-2010-0243  Criticality: Critical for Office XP SP3 and Office 2004 for Mac  What Does It Affect? How critical is it? Microsoft Word and Excel Vulnerability Details are public – attackers will likely attempt to use this in the wild  Mitigation Apply Patch ASAP Block Office File types at the (mail) gateway and firewall Use Blink Professional / Personal

7 Title Microsoft’s Security Bulletin: MS10-004 Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)  6 Vulnerabilities fixed in bulletin PowerPoint File Path Handling Buffer Overflow Vulnerability - CVE-2010-0029 PowerPoint LinkedSlideAtom Heap Overflow Vulnerability - CVE-2010-0030 PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability - CVE-2010-0031 PowerPoint OEPlaceholderAtom Use After Free Vulnerability - CVE-2010-0032 PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability - CVE-2010-0033 Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability - CVE-2010-0034  Criticality: Critical for Office XP and Office 2003 and PowerPoint Viewer  Office Vulnerabilities Are High Profile Targets They make ideal drive-by exploits as well as email and IM social engineering  Mitigation Apply Patch ASAP Block PPT files Use Blink Professional / Personal

8 Title Microsoft’s Security Bulletin: MS10-005 Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)  1 Vulnerability fixed in bulletin MS Paint Integer Overflow Vulnerability - CVE-2010-0028  Criticality: Moderate  Just Paint?! Microsoft Claims vulnerability only within MSPaint Low threat  Mitigation Disable Microsoft Paint Use Blink Professional / Personal

9 Title Microsoft’s Security Bulletin: MS10-006 Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)  2 Vulnerabilities fixed in bulletin SMB Client Race Condition Vulnerability - CVE-2010-0017 SMB Client Pool Corruption Vulnerability - CVE-2010-0016  Criticality: Critical  Windows 7 SMB Redux Remote Unauthenticated Remote Code execution but….. Worm implications  Mitigation Firewall rules Use Blink Professional / Personal

10 Title Microsoft’s Security Bulletin: MS10-007 Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)  1 Vulnerability fixed in bulletin URL Validation Vulnerability - CVE-2010-0027  Criticality: Moderate  Why is this Moderate? This vulnerability was actually addressed partially by MS10-002 API Abuse issue – allows potential File Execution – not a memory corruption  Mitigation Apply BOTH Patches ASAP – MS10-002 and MS10-007 Use Blink Professional / Personal

11 Title Microsoft’s Security Bulletin: MS10-008 Cumulative Security Update of ActiveX Kill Bits (978262)  1 Vulnerability fixed in bulletin Microsoft Data Analyzer ActiveX Control Vulnerability - CVE-2010-0252  Criticality: Moderate  Good ‘ol ActiveX Will give attacker RCE on all versions of Windows/IE Requires user to have previously installed  Mitigation Set kill-bits Use Blink Professional / Personal

12 Title Microsoft’s Security Bulletin: MS10-009 Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)  4 Vulnerabilities fixed in bulletin TCP/IP Selective Acknowledgement Vulnerability - CVE-2010-0242 ICMPv6 Route Information Vulnerability - CVE-2010-0241 Header MDL Fragmentation Vulnerability - CVE-2010-0240 ICMPv6 Router Advertisement Vulnerability - CVE-2010-0239  Criticality: Critical  IPv6!!! IPv6 vulnerabilities becoming “mainstream” – adjust firewalls accordingly! Double check for IPv6 machines on networks!  Mitigation Apply firewall rules Use Blink Professional / Personal

13 Title Microsoft’s Security Bulletin: MS10-010 Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)  1 Vulnerability fixed in bulletin Hyper-V Instruction Set Validation Vulnerability - CVE-2010-0026  Criticality: Important for 2008 and 2008 R2 only  Researchers Beware! Limited Environments Bad Instruction Set calls result in double BSOD – both Host and Guest  Mitigation Apply patch where applicable Use Blink Professional / Personal

14 Title Microsoft’s Security Bulletin: MS10-011 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)  1 Vulnerability fixed in bulletin CSRSS Local Privilege Elevation Vulnerability - CVE-2010-0023  Criticality: Important  Malware Authors’ Dream Ideal for pairing with malware Ideal target would be public computers or machines with multiple user logins.  Mitigation Apply Patch ASAP Use Blink Professional / Personal

15 Title Microsoft’s Security Bulletin: MS10-012 Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)  4 Vulnerabilities fixed in bulletin SMB Pathname Overflow Vulnerability - CVE-2010-0020 SMB Memory Corruption Vulnerability - CVE-2010-0021 SMB Null Pointer Vulnerability - CVE-2010-0022 SMB NTLM Authentication Lack of Entropy Vulnerability - CVE-2010-0231  Criticality: Critical  How critical are these? A security bypass, an authenticated RCE, and 2 DoS – these are ideal for attackers to cause havoc on LANs – potential malware wormable.  Mitigation Apply Patch ASAP Use Blink Professional / Personal

16 Title Microsoft’s Security Bulletin: MS10-013 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)  1 Vulnerability fixed in bulletin DirectShow Heap Overflow Vulnerability - CVE-2010-0250  Criticality: Critical – All Windows versions  What is affected? Any media player that uses DirectX to render AVI files Drive-by exploitable as well as email and IM Client machines should be patched immediately  Mitigation Apply Patch ASAP Remember media files extensions can be ‘incorrect’ Use Blink Professional / Personal

17 Title Microsoft’s Security Bulletin: MS10-014 Vulnerability in Kerberos Could Allow Denial of Service (977290)  1Vulnerability fixed in bulletin Kerberos Null Pointer Dereference Vulnerability - CVE-2010-0035  Criticality: Important – Only if you run Kerberos Auth  How is this triggered? What does it cause Requires a valid login session through Kerberos Malicious user sends a malformed TGT request DoS can last until the server is restarted - not a bugcheck / BSOD Attackers could use this to cause administrators to focus on issues while they silently attack other systems  Mitigation Apply Patch ASAP Use Blink Professional / Personal

18 Title Microsoft’s Security Bulletin: MS10-015 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)  2 Vulnerabilities fixed in bulletin Windows Kernel Exception Handler Vulnerability - CVE-2010-0232 Windows Kernel Double Free Vulnerability - CVE-2010-0233  Criticality: Critical – Affects every version of Windows since 3.1 AND its being used by malware in the wild.  How critical are these? Attackers already using them in malware – they could start using them with exploits as well. The exploit is very reliable and publicly available  Mitigation Apply Patch ASAP Use Blink Professional / Personal

19 Title Security Landscape - More Than A Microsoft World  CTO/CSO/CxO News US Navy Cyber Command PGP buys Chose Security China  IT Admin News iPhone Holes Patched BIND Flaws Patched BlackBerry Spyware Source Unleashed  Researcher News Black Hawk Safety Net BackTrack Final 4 Echo Mirage

20 Title eEye Digital Security – Award Winning Products Retina® Network Security Scanner Unsurpassed vulnerability assessment & remediation Blink® Unified Client Security with Anti-virus Multi-layer threat mitigation & system protection Iris® Network Traffic Analyzer Visual data monitoring & reassembly SecureIIS ™ Web Server Protection Proactive web server security

21 eEye Research - skunkworks@eeye.comskunkworks@eeye.com eEye Research Service Inquiries – services@eeye.com services@eeye.com CONTACT

Download ppt "Vulnerability Expert Forum eEye Research February 10, 2010."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.

Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
PREVIOUS GNEWS. 11 Patches – 5 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS10-018 - IE, Remote Execution.

PREVIOUS GNEWS. 11 Patches – 5 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS IE, Remote Execution.
PREVIOUS GNEWS. 13 Patches – 5 Critical Affecting Windows (pretty much all of them) Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS10-003.

PREVIOUS GNEWS. 13 Patches – 5 Critical Affecting Windows (pretty much all of them) Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.

Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
Dial In Number 1-800-227-8104 PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

Similar presentations

Ads by Google