1 / 22

Information About Microsoft July 2012 Security Bulletins

Information About Microsoft July 2012 Security Bulletins. Jonathan Ness Security Development Manager Microsoft Corporation Dustin Childs Group Manager, Response Communications Microsoft Corporation. Live Video Stream. To receive our video stream in LiveMeeting: Click on Voice & Video

darrion
Download Presentation

Information About Microsoft July 2012 Security Bulletins

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information About Microsoft July 2012 Security Bulletins Jonathan Ness Security Development ManagerMicrosoft Corporation Dustin Childs Group Manager, Response CommunicationsMicrosoft Corporation

  2. Live Video Stream • To receive our video stream in LiveMeeting: • Click on Voice & Video • Click the drop down next to the camera icon • Select Show Main Video

  3. What We Will Cover • Review of July 2012 Bulletin Release Information • New Security Bulletins • Security Advisories 2719662 and 2721545 • Microsoft® Windows®Malicious Software Removal Tool • Resources • Questions and Answers: Please Submit Now • Submit Questions via Twitter #MSFTSecWebcast

  4. Severity and Exploitability Index Internet Explorer Visual Basic Windows SharePoint Windows Windows Windows Windows Office

  5. Bulletin Deployment Priority

  6. MS12-043: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)

  7. MS12-044: Cumulative Security Update for Internet Explorer (2719177)

  8. MS12-045: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)

  9. MS12-046: Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)

  10. MS12-047: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)

  11. MS12-048: Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)

  12. MS12-049: Vulnerability in TLS Could Allow Information Disclosure (2655992)

  13. MS12-050: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)

  14. MS12-051: Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)

  15. Security Advisory 2719662: Vulnerabilities in Gadgets Could Allow Remote Code Execution • We are releasing an automated Microsoft Fix it that disables the Windows Sidebar and Gadgets on supported versions of Windows Vista and Windows 7. • The Sidebar and Gadgets are already deprecated for Windows 8, and Gadget developers are shifting their efforts to the Windows Store. • Some Vista / Win7 Gadgets have been found not to adhere to secure coding practices • The Security Advisory describes the issue in greater detail and provides a Fix it that disables the Sidebar and Gadgets. • The Windows Gadget Gallery is also deprecated for Windows Vista and Windows 7. • We have updated our developer documentation.

  16. Security Advisory 2728973: Microsoft Untrusted Certificate Store Update • As part of its continued upkeep of digital certificates, Microsoft has discovered a number of certificates which do not meet our standards for security practices. • We are placing these certificates in the Untrusted Certificate Store, and replacing them with new certificate authorities that meet our high standard of public-key infrastructure (PKI) management. • None of the certificates involved are known to have been breached, compromised, or otherwise misused. • Next month, we will release a change to how Windows manages certificates that have RSA keys of less than 1024 bits in length. We will treat all of these certificates as invalid, even if they are currently valid and signed by a trusted certificate authority. (Are you ready?)

  17. Detection & Deployment *Yes only for affected Office products. Microsoft Visual Basic for Applications update available via trusted agent. ** For Microsoft Office SharePoint Server 2007 and Microsoft SharePoint Server 2010 customers, this detection table is based only on single-server deployments; the detection tools do not detect applicability to multiple-system server farms.

  18. Other Update Information *Only the update for InfoPath 2010 can be uninstalled **The Visual Basic for Applications update cannot be uninstalled

  19. Windows Malicious Software Removal Tool (MSRT) • During this release Microsoft accomplished the following for the MSRT: • Added detections for new threat variants for families currently included in the MSRT, but no new threat family was added. • Released the MSRT for the first time to Windows 8 Release Preview machines.

  20. Resources Blogs • Microsoft Security Response Center (MSRC) blog:www.blogs.technet.com/msrc • Security Research & Defense blog:http://blogs.technet.com/srd • Microsoft Malware Protection Center Blog: http://blogs.technet.com/mmpc/ Twitter • @MSFTSecResponse Security Centers • Microsoft Security Home Page: www.microsoft.com/security • TechNet Security Center:www.microsoft.com/technet/security • MSDN Security Developer Center:http://msdn.microsoft.com/en-us/security/default.aspx Bulletins, Advisories, Notifications & Newsletters • Security Bulletins Summary:www.microsoft.com/technet/security/bulletin/summary.mspx • Security Bulletins Search:www.microsoft.com/technet/security/current.aspx • Security Advisories:www.microsoft.com/technet/security/advisory/ • Microsoft Technical Security Notifications:www.microsoft.com/technet/security/bulletin/notify.mspx • Microsoft Security Newsletter:www.microsoft.com/technet/security/secnews Other Resources • Update Management Processhttp://www.microsoft.com/technet/security/guidance/patchmanagement/secmod193.mspx • Microsoft Active Protection Program Partners: http://www.microsoft.com/security/msrc/mapp/partners.mspx

  21. Questions and Answers Submit text questions using the “Ask” button. Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC Blog:http://blogs.technet.com/msrc Register for next month’s webcast at:http://microsoft.com/technet/security/current.aspx

  22. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related