1 / 11

Critical Updates: Microsoft Patches and Security Vulnerabilities - July 6

On July 6, critical updates were released, addressing 27 CVEs including remote code execution and privilege escalation vulnerabilities affecting Internet Explorer, Windows Journal, and other Microsoft components. Additionally, updates for Adobe Flash Player and Cisco products were provided, highlighting risks like VOIP hijacking. This comprehensive patch list seeks to enhance security measures and protect systems from potential exploits. Stay informed to ensure safety against malicious threats in software and equipment.

kent
Télécharger la présentation

Critical Updates: Microsoft Patches and Security Vulnerabilities - July 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • July - 6 Patches – 2 Critical - 27 CVEs • MS14-037- Cumulative Security Update for IE, Remote Code • MS14-038 –Windows Journal, Remote Code • MS14-039 –On-Screen Keyboard, Privilege Escalation • MS14-040 –Ancillary Function Driver (AFD), Privilege Escalation • MS14-041 –Direct Show, Privilege Escalation • MS14-042 –Microsoft Service Bus, DoS • Other updates, MSRT, Defender Definitions, Junk Mail Filter

  3. Holes / Patches • Rosetta Flash • APSB14-17 • Cisco VOIP hijack with default SSH key • CVE-2014-2198 • Oracle • Due 15th July • Adobe • APSB14-16 Adobe Flash Player • APSB14-17 Adobe Flash Player • Apple, • OS X 10.9.4 • iOS 7.1.2 • Apple TV 6.2 • Safari 6.1.5 / 7.0.5 • Cisco • SPA300 and SPA500 IP Phones • IOS IPSecDoS • Intelligent Automation for Cloud • Unified Communications / Webex

  4. Hacking • MS bugs  Security Essentials / Forefront - win32k.sys • CVE-2014-2779 • bitcoin decentralization • Fun with Nest • Android Keystore • MHN – Modern Honey Network • Mini-er, stealthier, skimmier. Even smaller ATM skimmers found in EU • LIFX smart light bulb exposes wifi passwords (pre-shared key) • Lite Zeus (128bit AES) • Malware targeting energy companies

  5. Papers Scada honeypot https://www.sans.org/reading-room/whitepapers/detection/designing-implementing-honeypot-scada-network-35252 WireShark http://news.hitb.org/content/malware-targeting-energy-companies-usa-and-europe IR in MS SQL http://news.hitb.org/content/malware-targeting-energy-companies-usa-and-europe

  6. Govt • TSA non-bootable device rule

  7. Corp • Malwarebyteslaunches Anti-Exploit • cloudflarebuys cryptoseal • MS Interflow (information exchange)

  8. Tools CoreOS

  9. Cons • Hope X - Jul • Defcon – Aug • B-Sides Memphis – Sep 13 Multiple DC214 speakers • ToorCon – Oct • B-Sides Houston - Oct • B-Sides DFW – Nov

  10. Local DHA ( 1st Wednesday / Allen Wicker Pub, plano) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) (1st Fri / 1418 Coffeehouse, plano) The Lab.MS ( 2nd Monday / Allen Wicker Pub, plano) Crypto Party ( 3rd Thursday / Improving Enterprises, addison) NAISG ( 4th Thursday / CrossPointe Theatre, carrollton ) LockPick DFW ( Last Monday / Trinity Hall, dallas ) Dallas MakerSpace Random / carrollton

  11. All images scavenged without permission All images scavenged without permission

More Related