august patch tuesday 2016

Download August Patch Tuesday 2016

If you can't read please download the document

Post on 16-Jan-2017

162 views

Category:

Technology

0 download

Embed Size (px)

TRANSCRIPT

PowerPoint Presentation

Patch Tuesday WebinarWednesday, August 10th, 2016Chris GoettlProduct Manager, ShavlikDial In: 1-855-749-4750 (US) Attendees: 923 686 352

1

AgendaAugust 2016 Patch Tuesday OverviewKnown IssuesBulletins Q & A

1234

2

Best PracticesPrivilege Management Mitigates Impact of many exploits

High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure.

User Targeted Whitelisting and Containerization mitigate

3

4

OF RECIPIENTS NOW OPEN PHISHING MESSAGES AND 11% CLICK ON ATTACHMENTS.23%Verizon 2015 Data Breach Investigations Reporthttp://www.verizonenterprise.com/DBIR/2015/

NEARLY 50% OPEN E-MAILS AND CLICK ON PHISHING LINKS WITHIN THE FIRST HOUR.5

The weakest linkDefinition: User TargetedA vulnerability that cannot be exploited except by means of convincing a user to take an action. These often take the form of phishing attacks, targeted web content or documents designed to exploit the vulnerability.

6

Mitigate ImpactA vulnerability that when exploited allows the attacker to operate in the context of the current user. Reducing user privileges reduces the attackers ability to operate thereby slowing their ability to move around your environment. Privilege Management Reduces Impact:

7

8

9

10

Known Issues Windows 10 Anniversary release build 1607But, maybe you should wait.http://www.infoworld.com/article/3104389/microsoft-windows/the-case-against-windows-10-anniversary-update-grows.html MS16-100 has a non-security dependencyMS16-102 Additional Mitigating Step for Windows 10 to remove file extension for PDF for Edge browserShavlik Protect 9.0 (2016/10/19) and 9.1 (2016/12/31) EOLs Patch Tuesday page www.Shavlik.com/patch-tuesday Heading to VMworld? Book a Protect 9.3 sneak peek demo!

http://www.forbes.com/sites/gordonkelly/2016/08/09/windows-10-anniversary-update-serious-problems/#29cae5ff756b http://rs.shavlik.com/documents/LSI-1209LegacyShavlikEndOfLifeInfo.pdfhttp://info.shavlik.com/082816-VMworld-Appointment_Request.html?r=web&_ga=1.190955305.209304491.1400572794 11

CSWU-028: Cumulative update for Windows 10: August 9, 2016Maximum Severity: Critical Affected Products: Windows 10, Edge, Internet ExplorerDescription: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-095, MS16-096, MS16-097, MS16-098, MS16-100, MS16-101, MS16-102, MS16-103.Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure, Security Feature BypassFixes 31 vulnerabilities:CVE-2016-3288, CVE-2016-3289, CVE-2016-3290, CVE-2016-3293, CVE-2016-3321, CVE-2016-3322, CVE-2016-3326, CVE-2016-3327, CVE-2016-3329, CVE-2016-3289, CVE-2016-3293, CVE-2016-3296, CVE-2016-3319, CVE-2016-3322, CVE-2016-3326, CVE-2016-3327, CVE-2016-3329, CVE-2016-3319, CVE-2016-3322, CVE-2016-3301, CVE-2016-3303, CVE-2016-3304, CVE-2016-3308, CVE-2016-3309, CVE-2016-3310, CVE-2016-3311, CVE-2016-3320, CVE-2016-3237, CVE-2016-3300, CVE-2016-3319, CVE-2016-3312Restart Required: Requires Restart

Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.

User Targeted - Privilege Management Mitigates Impact

12

MS16-095: Cumulative Security Update for Internet Explorer (3177356)Maximum Severity: Critical Affected Products: Internet ExplorerDescription: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.Impact: Remote Code ExecutionFixes 9 vulnerabilities:CVE-2016-3288, CVE-2016-3289, CVE-2016-3290, CVE-2016-3293, CVE-2016-3321, CVE-2016-3322, CVE-2016-3326, CVE-2016-3327, CVE-2016-3329

Restart Required: Requires Restart

Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.

Ensure that your Internet Explorer version is at the latest for the OS you are installed on. Microsoft is only updating the latest version for each supported OS since January 2016. For details please see: https://support.microsoft.com/en-us/lifecycle#gp/Microsoft-Internet-Explorer

User Targeted - Privilege Management Mitigates Impact

Multiple Microsoft Internet Explorer Memory Corruption VulnerabilitiesMultiple remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. The vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An attacker could host a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by an enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. The update addresses the vulnerabilities by modifying how Internet Explorer handles objects in memory.

13

MS16-096: Cumulative Security Update for Microsoft Edge (3177358)Maximum Severity: Critical Affected Products: EdgeDescription: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.Impact: Remote Code ExecutionFixes 10 vulnerabilities:CVE-2016-3289, CVE-2016-3293, CVE-2016-3296, CVE-2016-3319, CVE-2016-3322, CVE-2016-3326, CVE-2016-3327, CVE-2016-3329, CVE-2016-3319, CVE-2016-3322

Restart Required: Requires Restart

Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.

User targeted vulnerabilities Privilege Management Mitigates Impact

Multiple Edge Memory Corruption VulnerabilitiesMultiple remote code execution vulnerabilities exist when Microsoft Edge improperly accesses objects in memory. The vulnerabilities could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An attacker could host a specially crafted website that is designed to exploit the vulnerabilities through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of an enticement in an email or instant message, or by getting them to open an email attachment. The update addresses the vulnerabilities by modifying how Microsoft Edge handles objects in memory.

For CVE-2016-3319 only: Remove Microsoft EDGE from the PDF reader default file type associationhttps://technet.microsoft.com/library/security/MS16-09614

MS16-097: Security Update for Microsoft Graphics Component (3177393)Maximum Severity: Critical Affected Products: Windows, Office, Skype, Lync, Live MeetingDescription: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Impact: Remote Code ExecutionFixes 3 vulnerabilities:CVE-2016-3301, CVE-2016-3303, CVE-2016-3304

Restart Required: May Require Restart

Shavlik Priority: Shavlik rates this bu