Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information About Microsoft’s August 2004 Security Bulletins August 13, 2004 Feliciano Intini, CISSP, MCSE Security Advisor Premier Security Center Microsoft.

Published byBranden Tucker Modified over 8 years ago

Similar presentations

Presentation on theme: "Information About Microsoft’s August 2004 Security Bulletins August 13, 2004 Feliciano Intini, CISSP, MCSE Security Advisor Premier Security Center Microsoft."— Presentation transcript:

1

2 Information About Microsoft’s August 2004 Security Bulletins August 13, 2004 Feliciano Intini, CISSP, MCSE Security Advisor Premier Security Center Microsoft Services - ITALY

3 What we will cover  Security Bulletins:  MS04-025 - Windows Internet Explorer  MS04-026 - Microsoft Exchange Server 5.5  Other Security Topics:  Security Tools  Reminder: Defense In Depth Configuration Changes  Windows XP Service Pack 2  Resources  Questions & Answers

4 Review of August Security Bulletins  Overview of vulnerability for risk assessment  Workarounds you can implement while deploying the security updates  How to determine what systems the available security updates apply to  How you can deploy the security updates to your systems

5 August 2004 Security Bulletins MAXIMUM SEVERITY BULLETIN NUMBER PRODUCTS AFFECTED IMPACT CriticalMS04-025Microsoft WindowsRemote Code Execution ModerateMS04-026Microsoft ExchangeRemote Code Execution

6 MS04-025: Overview  Cumulative Security Update for Internet Explorer (867801)  Impact: Remote Code Execution  Maximum Severity: Critical  Affected Software:  Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003  Critical for Windows 98, Windows 98 Second Edition, Windows Millennium Edition  Affected Components:  Internet Explorer 5.01 Service Packs 2, 3 and 4  Internet Explorer 5.5 Service Pack 2  Internet Explorer 6.0  Internet Explorer 6.0 Service Pack 1,Internet Explorer 6 Service Pack 1 (64-Bit Edition)  Internet Explorer 6.0 for Windows Server 2003, Internet Explorer 6 for Windows Server 2003 (64-Bit Edition)

7 MS04-025: Understanding the Vulnerabilities  Navigation Method Cross-Domain Vulnerability - CAN-2004-0549:  A vulnerability in how Navigation Methods are validated that can enable code execution  Malformed BMP File Buffer Overrun Vulnerability - CAN-2004-0566:  A buffer overrun vulnerability in how BMP files are rendered that can enable code execution  Malformed GIF File Double Free Vulnerability - CAN-2003-1048:  A double free vulnerability in how GIF files are handled that can enable a denial of service or potentially code execution

8 MS04-025: Risk Assessment  Possible Attack Vectors  Malicious HTML page  Hosted on a Web site  Sent as e-mail  Impact of Successful Attack  Attacker’s code would run in user’s context  Mitigating Factors  Web page and e-mail vectors require user actions  Attacker’s code limited by user’s privileges

9 MS04-025: Risk Assessment (2)  Mitigating Factors (con’t)  HTML e-mail in the Restricted sites zone helps reduce attacks  Outlook Express 6, Outlook 2002, and Outlook 2003 by default  Outlook 98 and Outlook 2000 with Outlook E-mail Security Update (OESU)  Outlook Express 5.5 with MS04-018  Also, risk from HTML e-mail vector significantly if both:  Latest Cumulative Security Update for IE installed (change introduced in MS03-040)  Using IE 6.0 or later

10 MS04-025: Updates  Two updates available  867801 contains only security fixes and publicly available updates  Available on Windows Update, Software Update Services, Download Center  871260 (update rollup) contains security fixes, publicly available updates AND hotfixes  Available only on the Download Center  To reduce risk of problems in deployment customers should apply 867801 by default

11 MS04-026: Overview  Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross- Site Scripting and Spoofing Attacks (842463)  Impact: Remote Code Execution  Maximum Severity: Moderate  Affected Software:  Microsoft Exchange Server 5.5 SP4  Affected Components:  Outlook Web Access (OWA)

12 MS04-026: Understanding the Vulnerability  Cross-site Scripting and Spoofing Vulnerability CAN-2004-0203  A cross-site scripting and spoofing vulnerability that could cause a user to run script on the attacker's behalf or a user to view spoofed content.

13 MS04-026: Risk Assessment  Possible Attack Vectors  Sending a specially-crafted HTTP request to the Outlook Web Access server  Impact of Successful Attack  Execute script in the user’s context  Put spoofed content in Web browser and intermediate proxy server caches  Mitigating Factors  An attacker must have valid logon credentials for the Outlook Web Access server  Limitations on user’s account apply to attacker’s script  “Do not save encrypted pages to disk” option prevents attempts to put spoofed content into client cache  SSL-protected connections protect against intermediate proxy vector  Difficult for an attacker to predict what users would be served spoofed cached content from intermediate proxy server

14 MS04-020 Re-Release  Re-issued to advise on the availability of a security update for Microsoft INTERIX 2.2  Customers who are not using Microsoft INTERIX 2.2 and have previously installed the security updates provided as part of the original release of this bulletin do not need to install the new security update  Customers using Microsoft INTERIX 2.2 should apply the new update

15 Workarounds  Host-based workarounds:  MS04-025  Set Internet and Local Intranet security zone settings to “High”  Restrict Web sites to only trusted Web sites  Strengthen the security settings for the Local Machine zone  Knowledge Base article 833633.  Read e-mail messages in plain text format  MS04-026  Disable Outlook Web Access for Each Exchange Site

16 Determining Systems for Deployment  MBSA:  Use MBSA to determine systems that require MS04-025, MS04- 026  MBSA will identify systems that require MS04-025 but cannot determine systems that might require 871260 (update rollup)  As of 8/10, MBSA will not raise a warning regarding greater-than- expected file versions on systems with 871260 (update rollup)  SUS:  The SUS Client (the Automatic Updates Client) will automatically detect systems that require MS04-025  The SUS Client (the Automatic Updates Client) will identify systems that require MS04-025 but cannot determine systems that might require 871260 (update rollup)  Cannot use SUS to determine systems that require MS04-026

17 Determining Systems for Deployment (2)  SMS 2.0 / 2003:  SMS 2003 to identify systems that need MS04-025, MS04-026  SMS will identify systems that require MS04-025 but cannot determine systems that might require 871260 (update rollup)  To limit the deployment of the update rollup to only those computers running post-MS04-004 hotfixes  Use software inventory to detect systems based on the hotfix affected files  For more information see Deploying Software Updates Using the SMS Software Distribution Feature:  www.microsoft.com/technet/prodtechnol/sms/sms2003/pa tchupdate.mspx www.microsoft.com/technet/prodtechnol/sms/sms2003/pa tchupdate.mspx www.microsoft.com/technet/prodtechnol/sms/sms2003/pa tchupdate.mspx  Note regarding SMS and MBSA:  Proxy caching at ISP or Intranet may delay the availability of detection catalog mssecure.cab  File uses “Cache-Control: must-revalidate” most proxy servers honor this  Refer to KB 842432 to diagnose delays KB 842432KB 842432

18 Deploying the Updates  SUS:  Use the SUS Client (the Automatic Updates Client) to deploy MS04-025  SUS can only be used to deploy 867801, it will not deploy 871260 (update rollup)  SMS:  Use SMS 2.0 with the SMS SUS Feature Pack or SMS 2003 to deploy MS04-025, MS04-026  Can deploy 871260 (update rollup) using “import” feature documented in SMS documentation

19 Deploying the Updates (2)  Restarts  MS04-025: Required  MS04-026: Not required but will restart these services  Microsoft Internet Information Services (IIS)  Exchange Store  Exchange System Attendant  Uninstall  MS04-025: Can be uninstalled  MS04-026: Can be uninstalled

20 Deploying the Updates (3)  Notes for MS04-026:  Version Requirements for Dependent Components: Microsoft Outlook Web Access (OWA) server must have one of the following:  Internet Explorer 5.01 Service Pack 3 on Windows 2000 Service Pack 3  Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4  Internet Explorer 6 Service Pack 1 on current supported operating systems  Apply update to Exchange 5.5 Servers running Outlook Web Access only.

21 Security Tools: MBSA Reminder  MBSA 1.1.1 no longer supported  As of April 20, 2004 mssecure.xml file used by versions earlier than MBSA 1.2 is no longer updated  Scans performed with MBSA 1.1.1 or earlier versions will not detect the Security Bulletins released since April  When using SMS, MBSA GUI and mbsacli, scan results will include an ‘update’, e.g.:  Obtain Upgrades:  SMS 2.0 SUS Feature Pack and SMS 2003 users:  SMS downloads page www.microsoft.com/smserver/downloads www.microsoft.com/smserver/downloads  MBSA Users:  MBSA homepage www.microsoft.com/mbsa www.microsoft.com/mbsa

22 Security Tools: MBSA & XP SP2  New version of MBSA (1.2.1) needed for Windows XP SP2 compatibility!  Needed to provide compatibility and better support for Windows XP SP2 security improvements  Needed to provide compatibility and better support for Windows XP SP2 security improvements  Will be available in mid-August  Users running MBSA 1.2 will be automatically notified when they run the tool with an Internet connection  www.microsoft.com/mbsa www.microsoft.com/mbsa

23  New variant, MyDoom.O, discovered on Monday, July 26 2004  Zindos.A worm, discovered on Tuesday, July 27 2004, uses backdoor opened by MyDoom.O  Cleaner tool was updated to clean for all known MyDoom variants and Zindos.A  More information: www.microsoft.com/security/incident/mydoom.mspx www.microsoft.com/security/incident/mydoom.mspx Security Tools: MyDoom Cleaner Tool

24 Three configuration changes released in July to enhance resiliency of Internet Explorer 6.0 and Outlook Express 5.5 SP2  Disable ADODB.stream in Windows ActiveX Control (July 2 2004)  Knowledge Base Article 870669 (http://support.microsoft.com/default.aspx?kbid=870669) http://support.microsoft.com/default.aspx?kbid=870669  Limit functionality of Shell.application (July 13 2004)  Fix is included in MS04-024  Change HTML viewing in Outlook Express 5.5 SP2 (July 13 2004)  Change included in MS04-018 Reminder: Deploy Defense in Depth Configuration Changes

25 Proactive protection technologies block malicious code at the “point of entry”  Enhance Security  Increase Manageability  Improve Experience  Network  Email & IM  Web Browsing  Memory Attack Vectors Windows XP Service Pack 2

26 Functional Area Compatibility Status Attachment Handler User experience modified NX & /GS Windows Firewall Few apps  proper configuration required DCOM & RPC Other components Internet Explorer Some apps  proper configuration required  The vast majority of application compatibility issues are mitigated through configuration of SP2 security options  Very few issues require code changes Application Compatibility Snapshot

27  August 6:  Release to manufacturing for SP2 English and German (Remaining 25 languages RTM over 5 weeks)  August 9:  Release to Microsoft Download Center – full network installation package  Release to MSDN – CD ISO image  August 10:  Release to Automatic Updates - for machines running pre- release versions of Windows XP SP2 only  August 16:  Release to Automatic Updates - for machines not running pre- releases versions of Windows XP SP2  Release to SUS  August TBD:  Release to Windows Update for interactive user installations Windows XP SP2 – Timeline

28 SP2 Delivery via Automatic Update  SP2 is categorized as a critical update  Unlike previous critical updates, SP2 requires interactive installation  Some customer have requested a mechanism to temporarily block SP2 delivery via AU  Allow all other critical security updates via AU  Registry based solution temporarily prevents Automatic Update and Windows Update from downloading SP2 - and only SP2  AU and WU search for existence of new registry setting  Other downloads unaffected  Registry setting is the only change required on local machine

29 Automatic Update Blocking Mechanism  Tools for implementing solution  ADM file to control registry setting via Active Directory Group Policy  Microsoft signed executable that will set the registry setting on local machine  Script file to execute the tool remotely  E-mail message point users to a script file hosted on Microsoft.com  All of these tools allow for disabling the registry setting  This solution expires after 120 days  AU and WU will ignore registry key after December 14, 2004  Scripts and documentation posted on TechNet  www.microsoft.com/technet/winxpsp2 www.microsoft.com/technet/winxpsp2  Best solution is Software Update Services  www.microsoft.com/sus www.microsoft.com/sus

30 Windows XP SP2 Summary  More secure  “Shields-up” approach  Reduced attack surface area  Improved manageability of security settings  More granular control  Improved support for Active Directory Group Policy  Reduced urgency for patching vulnerabilities  Better user experience  More and better security information  Applications function while remaining secure A major step forward on a long journey http://www.microsoft.com/technet/winxpsp2

31 Resources  September Security Bulletins Webcast: il nostro prossimo appuntamento è venerdì 17 settembre – 10:30 http://www.microsoft.com/italy/security http://www.microsoft.com/italy/security  Security Bulletins Search www.microsoft.com/technet/security/current.aspx www.microsoft.com/technet/security/current.aspx  Windows XP Service Pack 2 www.microsoft.com/technet/winxpsp2 www.microsoft.com/technet/winxpsp2  Information on MyDoom and its variants www.microsoft.com/security/incident/mydoom.mspx www.microsoft.com/security/incident/mydoom.mspx  Security Newsletter www.microsoft.com/technet/security/secnews/default.mspx www.microsoft.com/technet/security/secnews/default.mspx  Security Guidance Center www.microsoft.com/italy/security/guidance www.microsoft.com/italy/security/guidance

32

Download ppt "Information About Microsoft’s August 2004 Security Bulletins August 13, 2004 Feliciano Intini, CISSP, MCSE Security Advisor Premier Security Center Microsoft."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.

SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Changes in Windows XP Service Pack 2

Changes in Windows XP Service Pack 2
Information for Developers Windows XP Service Pack 2 Information for Developers.

Information for Developers Windows XP Service Pack 2 Information for Developers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
How To Keep Up With Security Patches Eric Schultze Security Strategies Microsoft.

How To Keep Up With Security Patches Eric Schultze Security Strategies Microsoft.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Windows XP Service Pack 2 and the Microsoft Virtual Machine: Developer Implications Rudi Larno Developer & Platform Group Microsoft BeLux.

Windows XP Service Pack 2 and the Microsoft Virtual Machine: Developer Implications Rudi Larno Developer & Platform Group Microsoft BeLux.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
16.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.

16.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

Similar presentations

Ads by Google