patch summary webinar april 11

Patch Overview March/April

Wolfgang Kandek, Qualys, Inc

April 11, 2012

March Patches• Microsoft March, 12: 7 bulletins – MS13-021-MS13-027

• 4 critical, 3 important

• Internet Explorer MS13-0021 – Metasploit available

• USB MS13-027 – “Evil Maid” attack





• Adobe Flash – 4 critical






• Oracle Java 0-day – March, 4: Java v7u17






• Oracle Java 0-day – March, 4: Java v7u17

• CanSecWest – Pwn2Own Competition

• Oracle Java 4x US$20,000

• Chrome, Firefox, Internet Explorer – each US$ 100,000

• Adobe Flash and Reader – each US$70,000

April Patches• Microsoft April, 9: 9 bulletins – MS13-028-MS13-036


• Internet Explorer MS13-0028

• RDP ActiveX MS13-029

• No PWN2OWN





• No PWN2OWN


• PWN2OWN – but not Adobe Reader





• No PWN2OWN


• PWN2OWN – but not Adobe Reader

• Oracle Java Scheduled Patch Day – April, 16

• Out-of-band scheduled

• Java 6 now end of life

• PWN2OWN unlikely

Patch Monitoring• Microsoft

• Apple

• Adobe

• Flash

• Reader

• Oracle Java

Patch Monitoring• Microsoft

• Apple

• Adobe

• Flash

• Reader

• Oracle Java

What really gets attacked ?

March/April Patch related

March/April Patch relatedEMET - Enhanced Mitigation Experience Toolkit

• Straight jacket for Windows programs

• Checks for often abused attack vectors

• DEP, ASLR bypass, Headspray, StackPivot, ROP

• Often cited by Microsoft as a valid mitigation technique

• V3.5

• manageable via GPO

• Integration of BlueHat Prize Mitigation Technologies

patch summary webinar april 11

Technology