1 / 12

Patch Tuesday: Critical Patches for IE, Kernel, Visio, Silverlight, SharePoint and More Updates

This article covers the latest Patch Tuesday releases, including critical patches for Internet Explorer, Kernel, Visio, Silverlight, SharePoint, and other updates for MSRT, Defender Definitions, and Junk Mail Filter. Additionally, it discusses patches for Oracle, Adobe, Apple, Cisco, VMware, ArcSight Logger, Postgres, Wireshark, Nvidia, and SSHD.

allenb
Télécharger la présentation

Patch Tuesday: Critical Patches for IE, Kernel, Visio, Silverlight, SharePoint and More Updates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • 7Patches – 3 Critical – 20 CVEs • Affected – IE, Kernel, Visio, Silverlight Sarepoint,….. • Other updates, MSRT, Defender Definitions, Junk Mail Filter • MS13-021 – Cumulative Security Update for Internet Explorer, Remote Code • MS13-022 – Silverlight, Remote Code • MS13-023 - Microsoft Visio Viewer 2010, Remote Code • MS13-024 -Sharepoint, Privilege Escalation • MS13-025 -Microsoft OneNote, Info Disclosure • MS13-026 – Office Outlook for Mac, Info Disclosure • MS13-027 – Kernel-Mode Drivers, Privilege Escalation

  3. Holes / Patches • Oracle, Due April 16 • Out of band Java Patch • Adobe • APSA13-02 – Adobe Reader and Acrobat  2 CVEs • APSB13-07 – Adobe Reader and Acrobat  2 CVEs • APSB13-08 – Adobe Flash Player  3 CVEs • APSB13-09 – Adobe Flash Player  4 CVEs • Apple, • Java for OSX 10.6.8 Update 13 and 14 • Cisco • Root shell access, multiple products • Video conferencing, ftp config • MARS, info disclosure • Wireless LAN Controllers, DoS • Unified Communications, multiple vulns

  4. Holes / Hacking • VMWare – NFC memory corruption (network file copy) • ArcSight Logger – Info disclosure, XSS, command inject • Postgress – DoS • Wireshark – multiple dissector bugs (crash, loop) • Nvidia – root access • SSHD - rootkit

  5. Holes / Hacking • FB Hacked • Mac games • mobile coldboot • HDMI breakout • pwnpad • iphone passcode • html5 full drive • cpanel root passwords • You are all commies • Pirate bay moves to N.Korea

  6. Corp • Firefox OS • Tripwire to buy nCircle • Raytheon data mining • Bit9 not practicing what they preach ...ooops • HP to use andriod • Buffalo add Trend Micro to NAS • Android 4.2.2. kills nexus lte • BitCoins= pizza • BitCoin ATM • Bitcoinmarket up • PCI for cloud • Blackberry gives India PIN • FB target adverts and opt out

  7. Legal • IT Executive Order finally here • ITIF calls for govt. control of interwebs • Seattle ordered to dismantled drones • Cato buy drones, EFF asks for good privacy policy • CAS comes to an ISP near you • Bill requires warrants for email

  8. Papers • Shortcuts • http://resources.infosecinstitute.com/allow-me-to-save-you-some-time-some-useful-shortcuts/ • Wireshark101  • http://www.wiresharkbook.com/ • Drone use summary • https://www.eff.org/deeplinks/2013/02/just-how-many-drone-licenses-has-faa-really-issued

  9. tools • Nunit 2.6 - .net testing • Nessus 5.0.3 – vuln scanner • Nessus now audits palo alto configs • Wafec – eval criteria • mobile ips • IE 10 for win 7 • abine maskme – anti-tracker • Belkasoft Facebook Profile Saver • (happy stalker)

  10. WTF • Apple App Store turns on HTTPS

  11. CON Events Shmoo RSA B-Sides San Francisco CanSecWest

  12. All images scavenged without permission All images scavenged without permission

More Related