1 / 14

June 2017 Patch Tuesday - Vulnerabilities and Patches for Windows, Office, Adobe Flash Player, and More

This article provides an overview of the vulnerabilities and patches released during the June 2017 Patch Tuesday, covering Internet Explorer/Microsoft Edge, Microsoft Windows, Microsoft Office, Adobe Flash Player, and more.

kathrynthomas
Télécharger la présentation

June 2017 Patch Tuesday - Vulnerabilities and Patches for Windows, Office, Adobe Flash Player, and More

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • Jun 2017 – 96 vulnerabilities with 331 unique dowloads • Internet Explorer / Microsoft Edge • Microsoft Windows • Microsoft Office and Microsoft Office Services and Web Apps • Silverlight • Skype for Business and Lync • Adobe Flash Player • Windows 10 and Windows Server 2016 (including Microsoft Edge) / Remote Code • Windows 8.1 and Windows Server 2012 R2 / Remote Code • Windows Server 2012 / Remote Code • Windows RT 8.1 / Remote Code • Windows 7 and Windows Server 2008 R2 / Remote Code • Windows Server 2008 / Remote Code • Microsoft Office, Office Services, Office Web Apps, and other Office-related software/ Remote Code • Microsoft Silverlight/ Remote Code • Microsoft Lync and Skype for Business/ Remote Code • Adobe Flash Player / Remote Code

  3. Holes / Patches • VMWare • VMSA-2017-0009 ( 2 CVE) • workstation • VMSA-2017-0010 ( 2 CVE) • vSphere Data Protection • VMSA-2017-0011 ( 1 CVE) • Horizon View Client • Apple • iOS 10.3.2 ( 55 CVE) • Security Update 2017-002 ( 44 CVE) • watchOS 3.2.2 ( 21 CVE) • iTunes 12.6.1 for Windows ( 1 CVE) • Safari 10.1.1 ( 27 CVE) • iCloud for Windows 6.2.1 ( 1 CVE) • tvOS 10.2.1 ( 33 CVE) • Oracle • Due 18 Jul 2017 • Adobe • APSB17-17 Flash Player ( 9 CVE) • APSB17-18 Shockwave Player ( 1 CVE) • APSB17-19 Captivate ( 1 CVE) • APSB17-20 Digital Editions( 9 CVE) • Android • 2017-05-01 ( 20 CVE) • 2017-05-05 ( 98 CVE)

  4. Holes / Patches • HP audio driver with KeyLogger • MS bulletin site • Sudo 1.86p7 – 1.8.20 w/ SELinux • Samba prior to 4.4.x • cisco anyconnect prior to 4.4.02034 (windows) • 30 fixes in chrome 59

  5. Hacking • WCry / WanaCry • evil subtitles • indexing azure • Jeep thefts • Raberry Pis vuln to lunix bug • More leaks, cia frameworks • shadow brokers going monthly? • keybase extension • rig EK shutdown • ATM now getting abused

  6. Chase payment outage. • Need for Cobol • InterContinental hack bigger than originally reported. • da font popped • chipotle popped (FW stores affected) • kmart popped • one login popped • hotels.com suspicous activity • twitter dropping donottrack? • square to replace DC taxi meters • OpenVPN audits Corp

  7. Cashless Sweden • Cyber Security Executive Order • Govt Pay averages 7K less • Protecting our Ability To Counter Hacking (PATCH) Act • FL Dept of Agreculture and Consumer Services popped - CHL data • patent suit must be local • NV bans blockchain tax • Modernizing Government Technology Act, passes House • Apple NSL • OCR IR Checklist Govt

  8. Understanding Pacemaker Systems Cybersecurity http://blog.whitescope.io/2017/05/understanding-pacemaker-systems.html Papers

  9. google auto photo sharing? shrooms are safest take off eh! WTF

  10. KeychainCracker SITCH stingray detector maltrail Traffic analysis Labryneth ctf nix auditor forensics roll-up 22 tools Tools

  11. Past Cons HackMiami 19-21 May NolaCon 19-21 May Circle City Con Indy 9-11 Jun

  12. Future Cons ANYCon Albany 16-18 Jun BlackHat 22-27 Jul BSidesLV 25-26 Jul DefCon 27-30 Jul

  13. DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2ndSaturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Fort Worth Crypto Party ( 2nd Tuesday ? / The Maker Spot, N. Richland Hills ) Hack Ft Worth @Hack_FtW ( 3rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3rdTuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Lock Pick DFW @LockPickDFW ( Last Monday/ SherlocksArlington ) Where

  14. All images scavenged without permission All images scavenged without permission

More Related