august patch tuesday 2016
TRANSCRIPT
Patch Tuesday WebinarWednesday, August 10th, 2016
Chris Goettl• Product Manager, Shavlik
Dial In: 1-855-749-4750 (US) Attendees: 923 686 352
Agenda
August 2016 Patch Tuesday Overview
Known Issues
Bulletins
Q & A
1
2
3
4
Best Practices
Privilege Management Mitigates Impact of many exploits
High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure.
User Targeted – Whitelisting and Containerization mitigate
OF RECIPIENTS NOW OPEN PHISHING MESSAGES AND 11% CLICK ON ATTACHMENTS.
23%“Verizon 2015 Data Breach Investigations Reporthttp://www.verizonenterprise.com/DBIR/2015/”
The weakest link
Definition: User TargetedA vulnerability that cannot be exploited except by means of convincing a user to take an action. These often take the form of phishing attacks, targeted web content or documents designed to exploit the vulnerability.
January February March April May June 0
2
4
6
8
10
12
14
16
18
Bulletin Count User Targeted
Mitigate Impact
A vulnerability that when exploited allows the attacker to operate in the context of the current user. Reducing user privileges reduces the attackers ability to operate thereby slowing their ability to move around your environment.
January February March April May June0
2
4
6
8
10
12
14
16
18
Bulletin Count Privilege Management Reduces Impact
Privilege Management Reduces Impact:
Known Issues –
• Windows 10 Anniversary release build 1607• But, maybe you should wait….• http://www.infoworld.com/article/3104389/microsoft-windows/
the-case-against-windows-10-anniversary-update-grows.html • MS16-100 has a non-security dependency• MS16-102 Additional Mitigating Step for Windows 10 to remove file
extension for PDF for Edge browser• Shavlik Protect 9.0 (2016/10/19) and 9.1 (2016/12/31) EOLs • Patch Tuesday page www.Shavlik.com/patch-tuesday • Heading to VMworld? Book a Protect 9.3 sneak peek demo!
CSWU-028: Cumulative update for Windows 10: August 9, 2016
Maximum Severity: Critical Affected Products: Windows 10, Edge, Internet ExplorerDescription: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-095, MS16-096, MS16-097, MS16-098, MS16-100, MS16-101, MS16-102, MS16-103.
Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure, Security Feature BypassFixes 31 vulnerabilities:
CVE-2016-3288, CVE-2016-3289, CVE-2016-3290, CVE-2016-3293, CVE-2016-3321, CVE-2016-3322, CVE-2016-3326, CVE-2016-3327, CVE-2016-3329, CVE-2016-3289, CVE-2016-3293, CVE-2016-3296, CVE-2016-3319, CVE-2016-3322, CVE-2016-3326, CVE-2016-3327, CVE-2016-3329, CVE-2016-3319, CVE-2016-3322, CVE-2016-3301, CVE-2016-3303, CVE-2016-3304, CVE-2016-3308, CVE-2016-3309, CVE-2016-3310, CVE-2016-3311, CVE-2016-3320, CVE-2016-3237, CVE-2016-3300, CVE-2016-3319, CVE-2016-3312
Restart Required: Requires Restart
MS16-095: Cumulative Security Update for Internet Explorer (3177356)
Maximum Severity: Critical Affected Products: Internet ExplorerDescription: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact: Remote Code ExecutionFixes 9 vulnerabilities:
CVE-2016-3288, CVE-2016-3289, CVE-2016-3290, CVE-2016-3293, CVE-2016-3321, CVE-2016-3322, CVE-2016-3326, CVE-2016-3327, CVE-2016-3329
Restart Required: Requires Restart
MS16-096: Cumulative Security Update for Microsoft Edge (3177358)
Maximum Severity: Critical Affected Products: EdgeDescription: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Impact: Remote Code ExecutionFixes 10 vulnerabilities:
CVE-2016-3289, CVE-2016-3293, CVE-2016-3296, CVE-2016-3319, CVE-2016-3322, CVE-2016-3326, CVE-2016-3327, CVE-2016-3329, CVE-2016-3319, CVE-2016-3322
Restart Required: Requires Restart
MS16-097: Security Update for Microsoft Graphics Component (3177393)
Maximum Severity: Critical Affected Products: Windows, Office, Skype, Lync, Live MeetingDescription: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact: Remote Code ExecutionFixes 3 vulnerabilities:
CVE-2016-3301, CVE-2016-3303, CVE-2016-3304
Restart Required: May Require Restart
MS16-099: Security Update for Microsoft Office (3177451)
Maximum Severity: Critical Affected Products: Office Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Impact: Remote Code ExecutionFixes 7 vulnerabilities:
CVE-2016-0137, CVE-2016-3312, CVE-2016-3313, CVE-2016-3315, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318
Restart Required: May Require Restart
MS16-102: Security Update for Microsoft Windows PDF Library (3182248)
Maximum Severity: CriticalAffected Products: WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact: Remote Code ExecutionFixes 1 vulnerabilities:
CVE-2016-3319
Restart Required: Requires Restart
CHROME-177: Google Chrome 52.0.2743.116
Maximum Severity: HighAffected Products: Google Chrome Description: The stable channel has been updated to 52.0.2743.116 for Windows, Mac, and Linux. This will roll out over the coming days/weeks.
Impact: Remote Code Execution Fixes 10 vulnerabilities:
CVE-2016-5141, CVE-2016-5142, CVE-2016-5139, CVE-2016-5140, CVE-2016-5145, CVE-2016-5143, CVE-2016-5144, CVE-2016-5146
Restart Required: Does not require restart
FF16-012: Firefox 48.0
Maximum Severity: Critical Affected Products: Firefox Description:
• Roar for moar protection against harmful downloads! We've got your back• Process separation (e10s) is enabled for some of you. Like it? Let us know and we'll roll it out to more.• Add-ons that have not been verified and signed by Mozilla will not load• Various security fixes
Impact: Remote Code Execution Fixes 24 vulnerabilities:
CVE-2016-2835, CVE-2016-2836, CVE-2016-5258, CVE-2016-5259, CVE-2016-5250, CVE-2016-5268, CVE-2016-5267, CVE-2016-5266, CVE-2016-5265, CVE-2016-5264, CVE-2016-5263, CVE-2016-2837, CVE-2016-5262, CVE-2016-5261, CVE-2016-5260, CVE-2016-5255, CVE-2016-5254, CVE-2016-5253, CVE-2016-0718, CVE-2016-5252, CVE-2016-5251, CVE-2016-2839, CVE-2016-2838, CVE-2016-2830
Restart Required: Does not require restart
MS16-098: Security Update for Windows Kernel-Mode Drivers (3178466)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
Impact: Elevation of Privilege Fixes 4 vulnerabilities:
CVE-2016-3308, CVE-2016-3309, CVE-2016-3310, CVE-2016-3311
Restart Required: Requires Restart
MS16-100: Security Update for Secure Boot (3179577)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker installs a policy affected by the vulnerability onto a target device.
Impact: Security Feature BypassFixes 1 vulnerabilities:
CVE-2016-3320
Restart Required: Does not require restart
MS16-101: Security Update for Windows Authentication Methods (3178465)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves multiple vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined system.
Impact: Elevation of Privilege Fixes 2 vulnerabilities:
CVE-2016-3237, CVE-2016-3300
Restart Required: Requires Restart
MS16-103: Security Update for ActiveSyncProvider (3182332)
Maximum Severity: Priority 2Affected Products: Windows Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Universal Outlook fails to establish a secure connection.
Impact: Information DisclosureFixes 1 vulnerabilities:
CVE-2016-3312
Restart Required: Requires Restart
Between Patch Tuesdays New Product Support: Snagit 13, WinMerge, PeaZip 6, Windows 10 1607
Security Updates: Flash Player (1), iTunes (2), GIMP (1), Chrome (2), Java (1), FileZilla (2), Nitro Pro (1), Skype (1), Wireshark (2), Firefox and Firefox ESR (2), Opera (2), Adobe Acrobat and Reader DC (2), Foxit Reader (1)
Non-Security Updates: Microsoft (13), Tomcat (1), Splunk Universal Forwarder (1), CCleaner (1), PDFCreator (1), TeamViewer (1), Snagit (1), WinMerge (1), Java (1), AutoCAD 2016 (1), PeaZip (1), HipChat (2), Citrix VDA Core Services (1), WinSCP (1), Xmind (1), Box Sync (2), Google Drive (2), CDBurnerXP (1), Classic Shell (1), Dropbox (1), Libre Office (2), Foxit Phantom (1), GoodSync (1),
Security Tools:
Resources and Webinars
Get Shavlik Content Updates
Get Social with Shavlik
Sign up for next months Patch Tuesday Webinar
Watch previous webinars and download presentation.
Thank you