July 2015 Security Bulletin Release Overview

July 2015 Security Bulletin Release Overview

Monthly Security Bulletin Briefing July 2015 July 2015 Security Bulletin Release Security Bulletins New 10 New 14 Critical 44 Critical Importan 6 Important 10 Security Advisory 2 New Revision 0 0 Bulletin Advisory t Slide 2 Other content Product Support Lifecycle Appendix Manageability Tools Reference Related Resources July 2015 Security Bulletin Release Overview Bulletin Impact Component Severity MS15-058 Remote Code Execution SQL Important MS15-065

Remote Code Execution IE MS15-066 Remote Code Execution MS15-067 Exploit Index Disclosure Exploited? 2 Private No Critical 0 Public Yes VBScript Critical 1 Private No Remote Code Execution RDP Critical 3 Private No MS15-068 Remote Code Execution Hyper-V Critical 2 Private No

MS15-069 Remote Code Execution Windows Important 1 Private No MS15-070 Remote Code Execution Office Important 0 Private Yes MS15-071 Elevation of Privilege Netlogon Important 3 Private No MS15-072 Elevation of Privilege Graphics Comp Important 1 Private No MS15-073 Elevation of Privilege KMD Important 1

Private No MS15-074 Elevation of Privilege Windows Installer Important 1 Private No MS15-075 Elevation of Privilege OLE Important 1 Private No MS15-076 Elevation of Privilege RPC Important 2 Private No MS15-077 Elevation of Privilege ATM Font Driver Important 0 Public Yes Exploitability Index: 0 Exploitation Detected | 1 - Exploitation more likely | 2 Exploitation less likely | 3 Exploitation unlikely | NA - Not Affected Slide 3

MS15-058 Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718) IMPORTANT Severity Executive Summary RCE 2 NO Impact Exploitability Index Disclosure This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database. The security update addresses the vulnerabilities by correcting how SQL Server handles internal function calls and pointer casting. Affected software Microsoft SQL Server 2008, SQL Server 2008 R2, SQL Server 2012. SQL Server 2014 More Information Different update files exist depending on which servicing branch a particular system is on. Check the bulletin FAQ for a table of product versions. Slide 4 MS15-058 Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-1762 Important Remote Code Execution

3 3 NA No No No CVE-2015-1763 Important Remote Code Execution 3 3 NA No No No CVE-2015-1761 Important Elevation of Privilege 2 2 NA No No No Exploitability Index: 0 Exploitation Detected | 1 - Exploitation more likely | 2 Exploitation less likely | 3 Exploitation unlikely | NA - Not Affected Attack Vectors Authenticated attacker with special permissions accesses a database or runs a specially crafted query against an affected SQL server. Mitigations Workarounds CVE-2015-1761 Attacker needs permissions to create or modify a database. CVE-2015-1761/1763 Limit permissions on

server for database and schema creation. CVE-2015-1762 Attacker must have special permissions and transactional replication must be enabled. CVE-2015-1762 no workarounds Slide 5 MS15-065 Security Update for Internet Explorer (3076321) CRITICAL RCE 0 YES Severity Impact Exploitability Index Disclosure Executive Summary Affected software More Information This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. The security update addresses the vulnerabilities by modifying the way that IE handles objects in memory, adding additional permission validations to IE, helping to ensure that affected versions of JScript and VBScript and IE properly implement the ASLR security feature, and helping to prevent information stored in a users clipboard from being accessed by a malicious site. All supported versions of Internet Explorer on all supported versions of Windows There are multiple update packages bundled with this update that get installed transparently under most deployment scenarios. When deploying updates manually, be sure to install in correct order. .. Slide 6 MS15-065 Security Update for Internet Explorer (3076321) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited

Advisory CVE-2015-2425 Critical Remote Code Execution 0 0 NA Yes Yes No Multiple Critical Remote Code Execution 1 1 NA No No No CVE-2015-2372 Critical Remote Code Execution NA 1 NA No No No CVE-2015-2419 Critical Remote Code Execution

1 1 NA Yes No No CVE-2015-2405 Important Elevation of Privilege 1 1 NA No No No Multiple Important Information Disclosure 1 1 NA No No No CVE-2015-2398 NA unlikely | NA - Not Yes Exploitability Index: 0 Important Exploitation Detected | 1Bypass - Exploitation more likely | 2 2 Exploitation less2likely | 3 Exploitation Affected No No No No

Security Feature CVE-2015-2421 Important Attack Vectors Security Feature Bypass Attacker hosts a malicious website utilizing the vulnerability, then convinces users to visit the site. Attacker takes advantage of compromised websites and/or sites hosting ads from other providers. Mitigations 2 2 NA Attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. All memory corruption CVE Exploitation only gains the same user rights as the logged-on account. All memory corruption CVE EMET helps mitigate the attacks. All memory corruption CVE By default, IE runs in Enhanced Security Configuration mode for all Windows Servers. Slide 7 No Workarounds CVE-2015-2372 restrict access to vbscript.dll. See bulletin for details. MS15-066 Vulnerability in VBScript Scripting Engines Could Allow Remote Code Execution (3072604) CRITICAL RCE 1 NO Severity Impact Exploitability Index Disclosure Executive

Summary Affected software More Information This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The security update addresses the vulnerability by modifying how the VBScript scripting engine handles objects in memory. Windows Vista, Windows Server 2003, Windows Server 2008 The updates available in this bulletin are for systems without Internet Explorer installed or for systems with Internet Explorer 8 or earlier versions installed. For IE 9 and later, apply MS15065. Slide 8 MS15-066 Vulnerabilities in VBScript Scripting Engines Could Allow Remote Code Execution (3072604) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2372 Critical Remote Code Execution NA 1 NA No No No Exploitability Index: 0 Exploitation Detected | 1 - Exploitation more likely | 2 Exploitation less likely | 3 Exploitation unlikely | NA - Not Affected Attack Vectors Attacker hosts a malicious website utilizing the vulnerability, then convinces users to visit the site. Mitigations

Workarounds Microsoft has not identified any mitigating factors for this vulnerability. Attacker takes advantage of compromised websites and/or sites hosting ads from other providers. Attacker could embed an ActiveX control marked safe for initialization in an application or Microsoft Office document that hosts the IE rendering engine. Slide 9 CVE-2015-2372 restrict access to VBScript.dll. See bulletin for details. MS15-067 Vulnerability in RDP Could Allow Remote Code Execution (3073094) CRITICAL RCE 3 NO Severity Impact Exploitability Index Disclosure Executive Summary Affected software More Information This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with Remote Desktop Protocol (RDP) server service enabled. By default, the RDP server service is not enabled on any Windows operating system. Systems that do not have the RDP server service enabled are not at risk. The security update addresses the vulnerability by modifying how the terminal service handles packets. Windows 7, Windows 8, Windows Server 2012 Enterprise and Ultimate editions of Windows 7 are affected. All supported editions of Windows 7 are affected if RDP 8.0 is installed on the system. For customers running RDP 8.0 on local systems who do not need the new server-side features provided in RDP 8.0, Microsoft recommends upgrading to RDP 8.1 and not applying (or removing) the 3067904 update. Slide 10 MS15-067 Vulnerability in RDP Could Allow Remote Code Execution (3073094) CVE Severity Impact

XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2373 Critical Remote Code Execution NA 3 P No No No Exploitability Index: 0 Exploitation Detected | 1 - Exploitation more likely | 2 Exploitation less likely | 3 Exploitation unlikely | NA - Not Affected Attack Vectors Attacker sends a specially crafted sequence of packets to a system running RDP server service. Mitigations Workarounds Microsoft has not identified any mitigating factors for this vulnerability. Slide 11 Microsoft has not identified any workarounds for this vulnerability. MS15-068 Vulnerabilities in Windows Server Hyper-V Could Allow Remote Code Execution (3072000) CRITICAL RCE 2 NO Severity Impact

Exploitability Index Disclosure Executive Summary This security update resolves vulnerabilities in Windows Server Hyper-V. The vulnerabilities could allow remote code execution in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability. The security update addresses the vulnerabilities by correcting how Hyper-V initializes system data structures in guest virtual machines. Affected software Windows 8 x64, Windows 8.1 x64, Windows Server 2008 x64, Windows Server 2008 R2 x64, Windows Server 2012 More Information None. Slide 12 MS15-068 Vulnerabilities in Windows Server Hyper-V Could Allow Remote Code Execution (3072000) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2361 Critical Remote Code Execution 2 2 P No No No

Remote Code 2 2 NA No Exploitability Index: 0 Exploitation Detected |Execution 1 - Exploitation more likely | 2 Exploitation less likely | 3 Exploitation unlikely | NA - Not No No CVE-2015-2362 Critical Affected Attack Vectors A specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. Mitigations Workarounds Attacker must have valid logon credentials on a guest virtual machine. Slide 13 Microsoft has not identified any workarounds for these vulnerabilities. MS15-069 Vulnerabilities in Windows Could Allow Remote Code Execution (3072631) IMPORTANT Severity Executive Summary Affected software More Information RCE 1 NO Impact Exploitability Index Disclosure This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow Remote Code Execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target users current working directory and then convinces the user to open an RTF file or to launch a program that is designed to load a trusted DLL file but instead loads the attackers specially crafted DLL file. An attacker who successfully exploited the vulnerabilities

could take complete control of an affected system. Windows Vista, Windows 7, Windows 8.1, Windows RT 8.1, Windows Server 2003 x86 and x64, Windows Server 2008 x86 and x64, Windows Server 2008 R2 x86 and x64, Windows Server 2012 R2 Windows Server 2008 R2 systems are affected only if Desktop Experience is installed. Slide 14 MS15-069 Vulnerabilities in Windows Could Allow Remote Code Execution (3072631) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2368 Important Remote Code Execution 1 1 NA No No No Remote Code NA 2 NA No Exploitability Index: 0 Exploitation Detected |Execution 1 - Exploitation more likely | 2 Exploitation less likely | 3 Exploitation unlikely | NA - Not No No CVE-2015-2369 Important Affected Attack Vectors

Attacker places a specially crafted DLL file in the target users current working directory and then convinces the user to open a specially crafted .RTF file or launch a program that loads a trusted DLL file but instead loads the attackers specially crafted DLL file. Mitigations Workarounds Microsoft has not identified any mitigating factors for these vulnerabilities. Slide 15 CVE-2015-2369 Modify the registry to prevent Office documents from loading the WMDMCESP. WMDMCESP ActiveX control. See bulletin for details. MS15-070 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620) IMPORTANT Severity RCE 0 NO Impact Exploitability Index Disclosure Executive Summary This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. The security update addresses the vulnerabilities by correcting how correcting how Office parses specially crafted files, handles files in memory, and by helping to ensure the SharePoint Server properly sanitizes user input. Affected software Office 2007, Office 2010, Office 2013, Office 2013 RT, Office for Mac, Excel Viewer 2007, Office Compatibility Pack, Word Viewer, Excel Services on SharePoint Server 2007, 2010, 2013 More Information There are many different updates associated with this bulletin due to the number of affected Office products. Depending on configuration, more than one update may be applicable to your environment. Slide 16 MS15-070 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620)

CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2424 Important Remote Code Execution 0 0 NA No Yes No CVE-2015-2378 Important Remote Code Execution NA 2 NA No No No Multiple Important Remote Code Execution 1 1

NA No No No Exploitability Index: 0 Exploitation Detected | 1 - Exploitation Security Feature more likely | 2 Exploitation less likely | 3 Exploitation unlikely | NA - Not CVE-2015-2375 Important 2 2 NA No Affected No No Bypass Attack Vectors Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. Mitigations Web Scenario - Attacker hosts a malicious website utilizing the vulnerability, then convinces users to visit the site or attacker takes advantage of compromised websites and/or sites hosting ads from other providers. All CVE except CVE-2015-2378 Attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. Email scenario - Attacker sends speciallycrafted file and persuades user to open file. Exploitation only gains the same user rights as the logged-on account. CVE-2015-2378 Attacker places a specially crafted DLL file in the target users current working directory and then convinces the user to launch a program that loads a trusted DLL file but instead loads the attackers specially crafted DLL file. Slide 17 Workarounds Microsoft has not identified any workarounds for these vulnerabilities.

MS15-071 Vulnerability in NETLOGON Could Allow Elevation of Privilege (3068457) IMPORTANT Severity EOP 3 NO Impact Exploitability Index Disclosure Executive Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with access to a primary domain controller (PDC) on a target network runs a specially crafted application to establish a secure channel to the PDC as a backup domain controller (BDC). The update addresses the vulnerability by modifying how Netlogon handles establishing secure channels. Affected software Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 , Windows Server 2012 R2 More Information None. Slide 18 MS15-071 Vulnerability in NETLOGON Could Allow Elevation of Privilege (3068457) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2374 Important Elevation of Privilege

3 3 NA No No No Exploitability Index: 0 Exploitation Detected | 1 - Exploitation more likely | 2 Exploitation less likely | 3 Exploitation unlikely | NA - Not Affected Attack Vectors An elevation of privilege vulnerability exists in Netlogon that is caused when the service improperly establishes a secure communications channel to a primary domain controller (PDC). An attacker would first need to have access to a PDC on a target network. An attacker could then run a specially crafted application that could establish a secure channel to the PDC as a backup domain controller (BDC) and may be able to disclose credentials. Mitigations Workarounds Microsoft has not identified any mitigating factors for this vulnerability. Slide 19 Microsoft has not identified any workarounds for this vulnerability. MS15-072 Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392) IMPORTANT Severity EOP 1 NO Impact Exploitability Index Disclosure Executive Summary The vulnerability could allow elevation of privilege if Windows Graphics component fails to properly process bitmap conversions. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. The security update addresses

the vulnerability by correcting how Windows processes bitmap conversions. Affected software Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 , Windows Server 2012 R2 More Information None. Slide 20 MS15-072 Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2364 Important Elevation of Privilege 1 NA NA No No No Exploitability Index: 0 Exploitation Detected | 1 - Exploitation more likely | 2 Exploitation less likely | 3 Exploitation unlikely | NA - Not Affected Attack Vectors To exploit the vulnerability, an attacker must first log on to the system. An attacker could then run a specially crafted application designed to increase privileges. Mitigations Workarounds

Attacker must be able to log on to system to exploit. Slide 21 Microsoft has not identified any workarounds for this vulnerability. MS15-073 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102) IMPORTANT Severity Executive Summary EOP 1 NO Impact Exploitability Index Disclosure The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory. Affected software Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 , Windows Server 2012 R2 More Information None. Slide 22 MS15-073 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102) CVE Severity Impact XI Latest XI Legacy XI DOS Public

Exploited Advisory CVE-2015-2363 Important Elevation of Privilege 1 1 P No No No CVE-2015-2365 Important Elevation of Privilege 1 1 P No No No CVE-2015-2366 Important Elevation of Privilege 2 2 NA No No No CVE-2015-2367 Important Information Disclosure 2

2 NA No No No CVE-2015-2381 Important Information Disclosure 2 2 NA No No No CVE-2015-2382 Important Information Disclosure 2 2 NA No No No Exploitability Index: 0 Exploitation Detected | 1 - Exploitation more likely | 2 Exploitation less likely | 3 Exploitation unlikely | NA - Not Affected Attack Vectors Attacker logs on to system and runs a specially crafted application. Mitigations Workarounds An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. Slide 23 Microsoft has not identified any workarounds for these vulnerabilities.

MS15-074 Vulnerability in Windows Installer Component Could Allow Elevation of Privilege (3072630) IMPORTANT Severity EOP 1 NO Impact Exploitability Index Disclosure Executive Summary The vulnerability could allow elevation of privilege if the Windows Installer component improperly runs custom action scripts. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. The security update addresses the vulnerability by correcting how custom action scripts are executed. Affected software Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 , Windows Server 2012 R2 More Information None. Slide 24 MS15-074 Vulnerability in Windows Installer Component Could Allow Elevation of Privilege (3072630) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2371 Important Elevation of Privilege

1 1 NA No No No Exploitability Index: 0 Exploitation Detected | 1 - Exploitation more likely | 2 Exploitation less likely | 3 Exploitation unlikely | NA - Not Affected Attack Vectors To exploit the vulnerability, an attacker must first compromise a user who is logged on to the target system, then find a vulnerable .msi package that is installed on the target system and, finally, place specially crafted code on the target system that the vulnerable .msi package can execute. Mitigations Workarounds Microsoft has not identified any mitigating factors for this vulnerability. Slide 25 Microsoft has not identified any workarounds for this vulnerability. MS15-075 Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633) IMPORTANT Severity EOP 1 NO Impact Exploitability Index Disclosure Executive Summary The vulnerabilities could allow elevation of privilege if an attacker convinces a user to open a file that contains a specially crafted OLE component. The security update addresses the vulnerability by modifying how OLE objects are handled in memory. Affected software

Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 , Windows Server 2012 R2 More Information None Slide 26 MS15-075 Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2416 Important Elevation of Privilege 1 NA NA No No No CVE-2015-2417 Important Elevation of Privilege 1 1 NA No No No

Exploitability Index: 0 Exploitation Detected | 1 - Exploitation more likely | 2 Exploitation less likely | 3 Exploitation unlikely | NA - Not Affected Attack Vectors An attacker could exploit the vulnerabilities by convincing a user to open a file that contains a specially crafted OLE object. Mitigations Workarounds Attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website (or network share), or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. Slide 27 Microsoft has not identified any workarounds for this vulnerability. MS15-076 Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505) IMPORTANT Severity Executive Summary Affected software More Information EOP 2 NO Impact Exploitability Index Disclosure The vulnerability, which exists in Windows Remote Procedure Call (RPC) authentication, could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could take complete control of the affected system. The security update addresses the vulnerability by improving how Windows Remote Procedure Call (RPC) handles authentication checks to preclude redirection. Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 , Windows Server 2012 R2 None. Slide 28

MS15-076 Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2370 Important Elevation of Privilege 2 2 NA No No No Exploitability Index: 0 Exploitation Detected | 1 - Exploitation more likely | 2 Exploitation less likely | 3 Exploitation unlikely | NA - Not Affected Attack Vectors To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to elevate privileges. Mitigations Workarounds Microsoft has not identified any mitigating factors for this vulnerability. Slide 29 Microsoft has not identified any workarounds for this vulnerability. MS15-077 Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657) IMPORTANT Severity

EOP 0 YES Impact Exploitability Index Disclosure Executive Summary The vulnerability Adobe Type Manager Font Driver (ATMFD) could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. The security update addresses the vulnerability by correcting how ATMFD handles objects in memory. Affected software Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 , Windows Server 2012 R2 More Information US Cert vulnerability note : http://www.kb.cert.org/vuls/id/103336 Slide 30 MS15-077 Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657) CVE Severity Impact XI Latest XI Legacy XI DOS Public Exploited Advisory CVE-2015-2387 Important Elevation of Privilege 0 0 NA

Yes Yes No Exploitability Index: 0 Exploitation Detected | 1 - Exploitation more likely | 2 Exploitation less likely | 3 Exploitation unlikely | NA - Not Affected Attack Vectors To exploit the vulnerability, an attacker would first have to log on to a target system and then run a specially crafted application. Mitigations Workarounds Microsoft has not identified any mitigating factors for this vulnerability. Slide 31 Rename ATMFD.DLL. See bulletin for details. Impact: applications relying on embedded font technology will not display properly. Security Advisory Update to Harden Use of DES Encryption SA3057154 Executive Summary DES Hardening This update provides enhanced protection where DES is still used for application compatibility reasons. After applying the update, DES is disabled for the following built-in accounts: krbtgt, trust, machine, machine/user accounts. Suggested Actions Test and Deploy Microsoft recommends that customers running applications that may still use DES encryption to test this update carefully and then deploy. More Information KB https://support.microsoft.com/kb/3057154 Slide 32 Security Advisory Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation of Privilege SA3074162 Executive Summary

Suggested Actions CVE-2015-2418 EoP Update Immediately An update to the Microsoft Malicious Software Removal Tool (MSRT) is available that addresses a security vulnerability that could allow elevation of privilege if an attacker logs on to a target system and places a specially crafted dynamic link library (.dll) file in a local directory. An authenticated attacker who successfully exploited the vulnerability could elevate privileges on a target system. Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malicious Software Removal Tool, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. Administrators may need to ensure that the latest version of the MSRT is approved for deployment. Last version of the MSRT affected by this vulnerability: Version 5.25. More Information KB First version of the MSRT with this vulnerability addressed: Version 5.26 https://support.microsoft.com/kb/3074162 Slide 33 Product Families and Service Packs Reaching End of Support Product Families Microsoft Windows Server 2003 Microsoft Forefront Client Security Service Packs Microsoft Dynamics GP 2013 (RTM) Microsoft SQL Server 2012 Service Pack 1 More Information Public migration planning assistant: http://www.microsoft.com/en-us/server-cloud/products/windows-se rver-2003/# fbid=dOMveZ3Cgwj Slide 34 Appendix Detection and Deployment Bulletin Component Windows Update MS15-058 SQL Server

MS15-065 Internet Explorer Yes Yes Yes1 Yes1 Yes1 MS15-066 VBScript Yes Yes Yes1 Yes1 Yes1 MS15-067 RDP Yes Yes Yes1 Yes1 Yes1 MS15-068 Hyper-V MS15-069 Windows MS15-070 Office No Yes Yes1 Yes1 Yes1 MS15-071

Netlogon Yes Yes Yes Yes Yes MS15-072 Graphics Component Yes Yes Yes1 Yes1 Yes1 MS15-073 Kernel Mode Drivers Yes Yes Yes1 Yes1 Yes1 MS15-074 MSI Yes Yes Yes1 Yes1 Yes1 MS15-075 OLE Yes Yes Yes1

Yes1 Yes1 MS15-076 RPC Yes Yes Yes1 Yes1 Yes1 MS15-077 ATM Font Driver Yes Yes Yes1 Yes1 Yes1 No Microsoft Update Yes Yes Yes Yes Yes MBSA Yes Yes Yes Configuration Manager Yes Yes Yes1 1. Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store Slide 36 WSUS 3.0 Yes

Yes1 Yes1 Additional Update Information Bulletin Component Restart Uninstall MS15-058 SQL Server Maybe Yes None MS15-065 Internet Explorer Yes Yes MS15-056 MS15-066 VBScript Maybe Yes MS15-019 MS15-067 RDP Maybe Yes MS15-030 MS15-068 Hyper-V Yes Yes None MS15-069 Windows

Maybe Yes None MS15-070 Office Maybe Yes (except SharePoint, Mac) MS13-084, MS15-022, MS15-033, MS15-046 MS15-071 Netlogon Yes Yes MS15-027 MS15-072 Graphics Component Yes Yes MS14-036, MS15-035 MS15-073 Kernel Mode Drivers Yes Yes MS15-061 MS15-074 MSI Yes Yes MS14-049 MS15-075 OLE Maybe Yes MS13-070

MS15-076 RPC Yes Yes MS15-031, MS15-052, MS15-055 MS15-077 ATM Font Driver Yes Yes MS15-021 1. Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store Slide 37 Replaces Antimalware Resources Malicious Software Removal Tool Win32/Crowti This ransomware encrypts the files on your PC and directs you to a webpage with instructions on how to unlock them. Win32/Reveton This ransomware locks your PC and displays a full-screen message, commonly called a "lock screen. Additional Malware removal tools Microsoft Safety Scanner Same basic engine as the MSRT, but with a full set of A/V signatures. Windows Defender Offline An offline bootable A/V tool with a full set of signatures. Designed to remove rootkits and other advanced malware that can't always be detected by antimalware programs. Requires you to download an ISO file and burn a CD, DVD, or USB flash drive. Slide 38 Public Security Bulletin Resource Links Microsoft Security Bulletin Summary for July 2015 https://technet.microsoft.com/library/ms15-jul.aspx Security Bulletin Search http://technet.microsoft.com/security/bulletin Security Advisories http://technet.microsoft.com/security/advisory Microsoft Technical Security Notifications http://technet.microsoft.com/security/dd252948.aspx Detailed Bulletin Information Spreadsheet

http://go.microsoft.com/fwlink/?LinkID=245778 Security Tools for IT Pros http://technet.microsoft.com/en-us/security/cc297183 KB894199 Description of Software Update Services and Windows Server Update Services changes in content http://support.microsoft.com/kb/894199 The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software http://support.microsoft.com/kb/890830 Slide 39 Known Issues MS15-058 SQL KB3045317 - MS15-058: Description of the security update for SQL Server 2012 SP1 QFE: July 14, 2015 An instance of SQL Server 2012 Service Pack 1 that has the Master Data Services (MDS) component installed but does not have the SQL Engine component installed may not discover this security update from Microsoft Update. KB3045313, KB3045314, KB3045316 - MS15-058: Description of the security update for SQL Server 2008 R2 (SP2 & SP3) When you use the /? switch or the /Help switch with this security update package, you receive an error message. To avoid the error use /IACCEPTSQLSERVERLICENSETERMS /? Slide 40

Recently Viewed Presentations

  • Presentación de PowerPoint

    Presentación de PowerPoint

    A little about Portugal. Evolution of . pharmaceutical services . in Portugal. Antiretroviral therapy . in community pharmacies. Structuring development with . competencies. Information technology . shaping modern pharmacy //SUMMARY
  • DISCOVER STUDY for HIV Pre-Exposure Prophylaxis (PrEP): F/TAF ...

    DISCOVER STUDY for HIV Pre-Exposure Prophylaxis (PrEP): F/TAF ...

    Honoraria for speakers bureau and/or advisory boards from Gilead, AbbVie, Janssen, MSD, Teva/Hexal, and ViiV Healthcare
  • Teoría de sistemas y "pensamiento complejo"

    Teoría de sistemas y "pensamiento complejo"

    Ilustración, modernidad, filosofía y ciencias sociales Jorge Riechmann
  • Course Introduction

    Course Introduction

    Jiannan @ SFU. Reduce (k, v_list) Map (k, v) SELECT. Reduce(v) FROM. Table. GROUP BY . k. MapReduce: A Major Step Backwards. 1. MapReduce is a step backwards in database access . 2. MapReduce is a poor implementation . 3....
  • PowerPoint-præsentation - LandbrugsInfo

    PowerPoint-præsentation - LandbrugsInfo

    Peter Kryger Jensen ... Der er anvendt Hardi Injet 015 luftinjektionsdyse. Ved bagudvinkling er der anvendt en vinkel på 300. Reduktion i afdrift 1-5 meter fra sprøjtet areal ved kombination af afdriftsreducerende udstyr, målt i forhold til traditionel marksprøjte med...
  • What is Development? - OhioLINK

    What is Development? - OhioLINK

    Major premises: Maturation is basis for development. Children are active and curious. Children construct their own knowledge. Children want to maintain a mental homeostatic environment. Stage theory of cognitive development beginning at birth and continuing through adolescence. Piaget's Theory of...
  • Integrated Air Quality Strategy - US EPA

    Integrated Air Quality Strategy - US EPA

    CEG supports the use of CEMs assuming that issues as to their reliability and accuracy are resolved to EPA's satisfaction. Otherwise, compliance should be monitored annually using EPA Method 101A for total mercury, in conjunction with annual RATA testing.
  • The Cold War 1945-1990 The Cold War Defined

    The Cold War 1945-1990 The Cold War Defined

    The Cold War 1945-1990 Civil War cont'd Milosevic arrested tried for war crimes Tensions still exist between ethnic groups 2004-Ukrainian (pro-western) Presidential Candidate Victor Yushchenko poisoned A continuing state of tensions between the United States and the Soviet Union Development...