1 / 23

Information About Microsoft December 2011 Security Bulletins

Information About Microsoft December 2011 Security Bulletins. Jonathan Ness Security Development Manager Microsoft Corporation Jerry Bryant Group Manager, Response Communications Microsoft Corporation. What We Will Cover. Review of December 2011 b ulletin release information:

presta
Télécharger la présentation

Information About Microsoft December 2011 Security Bulletins

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft Corporation Jerry Bryant Group Manager, Response CommunicationsMicrosoft Corporation

  2. What We Will Cover • Review of December 2011 bulletin release information: • New Security Bulletins • Announcements • Microsoft® Windows®Malicious Software Removal Tool • Resources • Questions and answers: Please Submit Now

  3. Severity and Exploitability Index Internet Explorer Windows Windows Windows Windows Windows Windows Windows Office Office Office Office Office

  4. Bulletin Deployment Priority

  5. MS11-087: Vulnerability In Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)

  6. MS11-088: Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)

  7. MS11-089: Vulnerabilities In Microsoft Office Could Allow Remote Code Execution (2590602)

  8. MS11-090: Cumulative Security Update of ActiveX Kill Bits (2518451)

  9. MS11-091: Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)

  10. MS11-092: Vulnerability In Windows Media Could Allow Remote Code Execution (2648048)

  11. MS11-093: Vulnerability in OLE Could Allow Remote Code Execution (2624667)

  12. MS11-094: Vulnerabilities In Microsoft PowerPoint Could Allow Remote Code Execution (2639142)

  13. MS11-095: Vulnerability In Active Directory Could Allow Remote Code Execution (2640045)

  14. MS11-096: Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)

  15. MS11-097: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)

  16. MS11-098: Vulnerability In Windows Kernel Could Allow Elevation of Privilege (2633171)

  17. MS11-099: Cumulative Security Update For Internet Explorer (2618444)

  18. Detection & Deployment # Microsoft Office Pinyin SimpleFast Style Available Through Download Center* Except For Windows XP Media Center Edition 2005 SP3 ** Except For Office 2008 For Mac *** Except For Office 2004 For Mac

  19. Other Update Information

  20. Windows Malicious Software Removal Tool (MSRT) • During this release Microsoft will increase detection capability for the following families in the MSRT: • Win32/Helompy: This is an AutoIt worm that propagates via removable drives, network share, email, and IM. It aims to steal Web credentials for various services, including Facebook, eBay, and Gmail. The worm contacts a remote host in order to download arbitrary files and to upload stolen personal information. • Available as a priority update through Windows Update or Microsoft Update. • Is offered through WSUS 3.0 or as a download at: www.microsoft.com/malwareremove.

  21. Resources Blogs • Microsoft Security Response Center (MSRC) blog:www.blogs.technet.com/msrc • Security Research & Defense blog:http://blogs.technet.com/srd • Microsoft Malware Protection Center Blog: http://blogs.technet.com/mmpc/ Twitter • @MSFTSecResponse Security Centers • Microsoft Security Home Page: www.microsoft.com/security • TechNet Security Center:www.microsoft.com/technet/security • MSDN Security Developer Center:http://msdn.microsoft.com/en-us/security/default.aspx Bulletins, Advisories, Notifications & Newsletters • Security Bulletins Summary:www.microsoft.com/technet/security/bulletin/summary.mspx • Security Bulletins Search:www.microsoft.com/technet/security/current.aspx • Security Advisories:www.microsoft.com/technet/security/advisory/ • Microsoft Technical Security Notifications:www.microsoft.com/technet/security/bulletin/notify.mspx • Microsoft Security Newsletter:www.microsoft.com/technet/security/secnews Other Resources • Update Management Processhttp://www.microsoft.com/technet/security/guidance/patchmanagement/secmod193.mspx • Microsoft Active Protection Program Partners: http://www.microsoft.com/security/msrc/mapp/partners.mspx

  22. Questions and Answers Submit text questions using the “Ask” button. Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC Blog:http://blogs.technet.com/msrc Register for next month’s webcast at:http://microsoft.com/technet/security/current.aspx

More Related