Download - Patch Summary Webinar April 11
Patch Overview March/April
Wolfgang Kandek, Qualys, Inc
April 11, 2012
March Patches• Microsoft March, 12: 7 bulletins – MS13-021-MS13-027
• 4 critical, 3 important
• Internet Explorer MS13-0021 – Metasploit available
• USB MS13-027 – “Evil Maid” attack
March Patches• Microsoft March, 12: 7 bulletins – MS13-021-MS13-027
• 4 critical, 3 important
• Internet Explorer MS13-0021 – Metasploit available
• USB MS13-027 – “Evil Maid” attack
• Adobe Flash – 4 critical
March Patches• Microsoft March, 12: 7 bulletins – MS13-021-MS13-027
• 4 critical, 3 important
• Internet Explorer MS13-0021 – Metasploit available
• USB MS13-027 – “Evil Maid” attack
• Adobe Flash – 4 critical
• Oracle Java 0-day – March, 4: Java v7u17
March Patches• Microsoft March, 12: 7 bulletins – MS13-021-MS13-027
• 4 critical, 3 important
• Internet Explorer MS13-0021 – Metasploit available
• USB MS13-027 – “Evil Maid” attack
• Adobe Flash – 4 critical
• Oracle Java 0-day – March, 4: Java v7u17
• CanSecWest – Pwn2Own Competition
• Oracle Java 4x US$20,000
• Chrome, Firefox, Internet Explorer – each US$ 100,000
• Adobe Flash and Reader – each US$70,000
April Patches• Microsoft April, 9: 9 bulletins – MS13-028-MS13-036
• 2 critical, 7 important
• Internet Explorer MS13-0028
• RDP ActiveX MS13-029
• No PWN2OWN
April Patches• Microsoft April, 9: 9 bulletins – MS13-028-MS13-036
• 2 critical, 7 important
• Internet Explorer MS13-0028
• RDP ActiveX MS13-029
• No PWN2OWN
• Adobe Flash – 4 critical
• PWN2OWN – but not Adobe Reader
April Patches• Microsoft April, 9: 9 bulletins – MS13-028-MS13-036
• 2 critical, 7 important
• Internet Explorer MS13-0028
• RDP ActiveX MS13-029
• No PWN2OWN
• Adobe Flash – 4 critical
• PWN2OWN – but not Adobe Reader
• Oracle Java Scheduled Patch Day – April, 16
• Out-of-band scheduled
• Java 6 now end of life
• PWN2OWN unlikely
Patch Monitoring• Microsoft
• Apple
• Adobe
• Flash
• Reader
• Oracle Java
Patch Monitoring• Microsoft
• Apple
• Adobe
• Flash
• Reader
• Oracle Java
What really gets attacked ?
March/April Patch related
March/April Patch related
March/April Patch related
March/April Patch relatedEMET - Enhanced Mitigation Experience Toolkit
• Straight jacket for Windows programs
• Checks for often abused attack vectors
• DEP, ASLR bypass, Headspray, StackPivot, ROP
• Often cited by Microsoft as a valid mitigation technique
• V3.5
• manageable via GPO
• Integration of BlueHat Prize Mitigation Technologies