Monthly Security Bulletin Briefing - Microsoft€¦ · Bulletin Briefing May 2014 Customer Version...
Transcript of Monthly Security Bulletin Briefing - Microsoft€¦ · Bulletin Briefing May 2014 Customer Version...
1
Monthly Security
Bulletin Briefing
May 2014
Customer Version
CSS Security Worldwide Programs
• Teresa Ghiorzoe Security Program Manager- GBS LATAM
• Daniel Mauser
Senior Technical Lead - LATAM CTS
Blog de Segurança: http://blogs.technet.com/b/risco/
Twitter: LATAMSRC
Email: [email protected]
CSS Security Worldwide Programs Slide 2
Security Bulletin Release Overview May 2014
Appendix
• Public Webcast Details
• Manageability Tools
Reference
• Related Resources
Critical Important
2 6
New
Security
Bulletins 8
Security
Advisories 3 Rereleased
Security
Advisory 1
CSS Security Worldwide Programs Slide 3
Security Bulletin Release Overview May 2014
Bulletin Impact Component Severity Priority Exploit
Index
Publicly
Known
Publicly
Exploited
MS14-022
Remote
Code
Execution
SharePoint Critical 2 1 No No
MS14-023
Remote
Code
Execution
Office Important 2 1 No No
MS14-024
Security
Feature
Bypass
Common
Control Important 1 NA No Yes
MS14-025 Elevation of
Privilege Group Policy Important 1 1 Yes Yes
MS14-026
Remote
Code
Execution
.NET Important 3 1 No No
MS14-027 Elevation of
Privilege Windows Important 2 1 No Yes
MS14-028 Denial of
Service iSCSI Important 3 3 No No
MS14-029
Remote
Code
Execution
IE Critical 1 1 No Yes
CSS Security Worldwide Programs Slide 4
Affected Software • Microsoft SharePoint Server 2007
• Microsoft SharePoint Server 2010
• Microsoft SharePoint Server 2013
• Microsoft Project Server 2010
• Microsoft Project Server 2013 and Microsoft Office Web Apps
2010
• Microsoft Office Services and Microsoft Office Web Apps Server
2013
• Microsoft SharePoint Services 3.0
• Microsoft SharePoint Foundation 2010
• Microsoft SharePoint Foundation 2013
• Microsoft SharePoint Designer 2007
• Microsoft SharePoint Designer 2010
• Microsoft SharePoint Designer 2013
• Microsoft Project Server 2010
• Microsoft Project Server 2013
• SharePoint Server 2013 Client Components SDK
Severity | Critical
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
2 MS13-067
MS13-100
MS14-017
None
Uninstall Support This security update cannot
be uninstalled.
Restart Requirement • A restart may be required
Detection and Deployment
WU MU MBSA WSUS ITMU SCCM After you install this security update on all
SharePoint servers, you have to run the PSconfig
tool to complete the installation process No Yes Yes Yes Yes Yes
Vulnerabilities in Microsoft SharePoint Server Could Allow
Remote Code Execution (2952166) MS14-022
CSS Security Worldwide Programs
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Slide 5
Vulnerability Details • Related remote code execution vulnerabilities (CVE-2014-0251) exist in Microsoft SharePoint Server. An authenticated attacker who successfully exploited any of
these related vulnerabilities could run arbitrary code in the security context of the W3WP service account.
• An elevation of privilege vulnerability (CVE-2014-1754) exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could allow
an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.
• A remote code execution vulnerability (CVE-2014-1813) exists in Microsoft Web Applications. An authenticated attacker who successfully exploited this
vulnerability could run arbitrary code in the security context of the W3WP service account.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-0251 Critical Remote Code Execution 1 1 * No No None
CVE-2014-1754 Important Elevation of Privilege 1 NA * No No None
CVE-2014-1813 Important Remote Code Execution 1 1 * No No None
Attack Vectors An authenticated attacker could attempt to
exploit any of these related vulnerabilities by
sending specially crafted page content to a
SharePoint server.
Mitigations • To exploit this vulnerability, an attacker must
be able to authenticate on the target
SharePoint site. Note that this is not a
mitigating factor if the SharePoint site is
configured to allow anonymous users to
access the site. By default, anonymous access
is not enabled.
• CVE-2014-1754 Microsoft has not identified
any mitigating factors for this vulnerability.
Workarounds
Microsoft has not identified any
workarounds for this vulnerability
Vulnerabilities in Microsoft SharePoint Server Could Allow
Remote Code Execution (2952166) MS14-022
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
CSS Security Worldwide Programs Slide 6
Affected Software:
• Microsoft Office 2007 (Grammar Checker for Chinese)
• Windows Office 2010 (Grammar Checker for Chinese)
• Microsoft Office 2013
• Microsoft Office 2013 RT
Severity | Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
2 MS13-104 or
None None
Restart Requirement
• A restart may be
required.
Uninstall Support
• Use the Add or Remove
Programs Control Panel applet.
• Office 2010 – update cannot be
removed Detection and Deployment
WU MU MBSA WSUS ITMU SCCM Note: Windows RT devices can only be serviced with
Windows Update, Microsoft Update, and the Windows
Store No Yes Yes Yes Yes Yes
Vulnerability in Microsoft Office Could Allow Remote Code
Execution (2961037) MS14-023
CSS Security Worldwide Programs
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Slide 7
Vulnerability in Microsoft Office Could Allow Remote Code
Execution (2961037) MS14-023
Vulnerability Details:
• A remote code execution vulnerability (CVE-2014-1756) exists in the way that affected Microsoft Office software handles the
loading of dynamic-link library (.dll) files. An attacker who successfully exploited this vulnerability could take complete control of an
affected system.
• An information disclosure vulnerability (CVE-2014-1808) exists when affected Microsoft Office software does not properly handle a
specially crafted response while attempting to open an Office file hosted on the malicious website. An attacker who successfully
exploited this vulnerability could ascertain access tokens used to authenticate the current user on a targeted Microsoft online
service.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-1756 Important Remote Code Execution 1 1 * No No 2269637
CVE-2014-1808 Important Information Disclosure 3 3 * No No None
Attack Vectors
• Attacker convinces user to open an Office
file located in same network directory as a
specially crafted .dll file
• Email vector – attacker sends Office
attachment, then convinces user to place
attachment in same directory as specially
crafted .dll file.
CVE-2014-1808 — Attacker hosts a malicious
website utilizing the vulnerability, then
convinces users to visit the site.
• Attacker takes advantage of
compromised websites and/or sites
hosting ads from other providers.
Mitigations
CVE-2014-1756 — user must visit an
untrusted network location or WebDAV
share and open Office related file.
• Users whose accounts are configured to
have fewer user rights on the system
could be less impacted than users who
operate with administrative user rights.
CVE-2014-1808 — vulnerability can’t be
exploited automatically through email.
• User has to be persuaded to visit
malicious site, typically via URL in IM or
email leading to attacker’s website.
Workarounds
CVE-2014-1756
• Disable loading of libraries from
WebDAV and remote network
shares — Details are listed in MS14-
023
• Disable the WebClient service
• Block TCP ports 139 and 445 at the
firewall
CVE-2014-1808 no workaround
CSS Security Worldwide Programs Slide 8
Vulnerability in a Microsoft Common Control Could Allow
Security Feature Bypass (2961033)
MS14-024
Affected Software • Office 2007
• Office 2010
• Office 2013
• Office 2013 RT
Severity | Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
1 MS12-060 None
Restart Requirement
• A restart may be
required
Uninstall Support
• Use Add or Remove
Programs in Control Panel Detection and Deployment
WU MU MBSA WSUS ITMU SCCM Note: Windows RT devices can only be serviced with
Windows Update, Microsoft Update, and the Windows
Store No Yes Yes Yes Yes Yes
CSS Security Worldwide Programs Slide 9
Vulnerability in a Microsoft Common Control Could Allow
Security Feature Bypass (2961033) MS14-024
Vulnerability Details
• A security feature bypass vulnerability exists because the MSCOMCTL common controls library used by Microsoft Office software
does not properly implement Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the
ASLR security feature, which helps protect users from a broad class of vulnerabilities.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-1809 Important Security Feature Bypass NA NA * No Yes None
Attack Vector • Attacker hosts a malicious website
utilizing the vulnerability, then convinces
users to visit the site. Also could embed
an ActiveX control marked "safe for
initialization" in an application or Office
file that hosts the IE rendering engine.
• Attacker takes advantage of
compromised websites and/or sites
hosting ads from other providers or that
accept user provided content.
Mitigations
• Can’t be exploited automatically via email,
opening an attachment is necessary.
• An attacker would have to convince users
to take action, typically by getting them to
click a link in an email message or instant
message that takes users to the attacker’s
website, and then convince them to open
the specially crafted Office file.
Workarounds
• Microsoft has not identified any
workarounds for this vulnerability.
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Affected Software
• Windows Vista
• Windows Server 2008
• Windows 7
• Windows Server 2008 R2
• Windows 8 and 8.1
• Windows Server 2012 and 2012 R2
Severity | Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
1 None
Existing GPOs using
these GP
preferences should
be removed
Restart Requirement
• A restart may be required
Uninstall Support
• Use Add or Remove Programs
in Control Panel
Detection and Deployment
WU MU MBSA WSUS ITMU SCCM Note: This update is available on Microsoft
Download Center and Windows Update Catalog No No Yes Yes Yes Yes
CSS Security Worldwide Programs Slide 10
Vulnerability in Group Policy Preferences Could Allow
Elevation of Privilege (2962486) MS14-025
Vulnerability in Microsoft XML Core Services Could Allow
Information Disclosure (2916036)
CSS Security Worldwide Programs
Vulnerability Details
• An elevation of privilege vulnerability exists in the way that Active Directory distributes passwords that are configured using Group
Policy preferences. An authenticated attacker who successfully exploited the vulnerability could decrypt the passwords and use
them to elevate privileges on the domain.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-1812 Important Elevation of Privilege 1 1 * Yes Yes No
Attack Vectors • To exploit the vulnerability, an attacker
would first need to gain access to an
authenticated user account on the
domain. If a GPO is configured using
Group Policy preferences to set a local
administrative password or define
credentials to map a network drive,
schedule a task, or configure the
running context of a service, an
attacker could then retrieve and
decrypt the password stored with
Group Policy preferences.
Mitigations
• An attacker must be authenticated
within a domain to execute this attack.
Workarounds
• Microsoft has not identified any
workarounds for this vulnerability.
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Slide 11
MS14-025 Vulnerability in Group Policy Preferences Could Allow
Elevation of Privilege (2962486)
Affected Software
• Microsoft .NET Framework 1.1 SP1
• Microsoft .NET Framework 2.0 SP2
• Microsoft .NET Framework 3.5
• Microsoft .NET Framework 3.5.1
• Microsoft .NET Framework 4
• Microsoft .NET Framework 4.5
• Microsoft .NET Framework 4.5.1
On all supported edition of:
• Windows Server 2003
• Windows Vista
• Windows Server 2008
• Windows 7
• Windows Server 2008 R2
• Windows 8 and 8.1
• Windows Server 2012 and 2012 R2
• Windows RT and RT 8.1
Severity | Important
Deployment
Priority Update Replacement
More Information
and / or
Known Issues
3 MS14-009 None
Restart Requirement
• A restart may be required
Uninstall Support
• Use Add or Remove Programs in
Control Panel
Note: Windows RT devices can only be serviced with Windows Update,
Microsoft Update, and the Windows Store.
WU MU MBSA WSUS ITMU SCCM
Yes Yes Yes Yes Yes Yes
CSS Security Worldwide Programs Slide 12
Vulnerability in .NET Framework Could Allow Elevation of
Privilege (2958732) MS14-026
Vulnerability in Microsoft XML Core Services Could Allow
Information Disclo
CSS Security Worldwide Programs
Vulnerability Details
• An elevation of privilege vulnerability exists in the way that .NET Framework handles TypeFilterLevel checks for some malformed
objects.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-1806 Important Elevation of Privilege 1 1 * No No No
Attack Vectors • An unauthenticated attacker could send
specially crafted data to an affected
workstation or server that uses .NET
Remoting, allowing the attacker to execute
arbitrary code on the targeted system
Mitigations
• .NET Remoting endpoints are not
accessible to anonymous clients by
default.
Workarounds
Enable security when registering a
channel.
For more information see Authentication
with the TCP channel
http://msdn.microsoft.com/library/59haf
wyt
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Slide 13
MS14-026 Vulnerability in .NET Framework Could Allow Elevation of
Privilege (2958732)
Affected Software
• Windows Server 2003
• Windows Vista
• Windows Server 2008
• Windows 7
• Windows Server 2008 R2
• Windows 8 and 8.1
• Windows Server 2012 and 2012 R2
• Windows RT and RT 8.1
Severity | Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
2 MS10-007
MS12-048 None
Restart Requirement
• A restart is required
Uninstall Support
• Use Add or Remove Programs
in Control Panel
Detection and Deployment
WU MU MBSA WSUS ITMU SCCM Note: Windows RT devices can only be serviced
with Windows Update, Microsoft Update, and the
Windows Store Yes Yes Yes Yes Yes Yes
CSS Security Worldwide Programs Slide 14
Vulnerability in Windows Shell Handler Could Allow Elevation
of Privilege (2962488) MS14-027
CSS Security Worldwide Programs
Vulnerability Details
• An elevation of privilege vulnerability exists when the Windows Shell improperly handles file associations. An attacker who
successfully exploited this vulnerability could run arbitrary code in the context of the Local System account. An attacker could then
install programs; view, change, or delete data; or create new accounts with full administrative rights.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-1807 Important Elevation of Privilege 1 1 * No Yes No
Attack Vectors • To exploit this vulnerability, an
attacker would first have to log on to
the system. An attacker could then run
a specially crafted application
designed to elevate privileges.
Mitigations
• An attacker must have valid logon
credentials and be able to log on locally
to exploit this vulnerability.
Workarounds
• Microsoft has not identified any
workarounds for this vulnerability.
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Slide 15
MS14-027 Vulnerability in Windows Shell Handler Could Allow Elevation
of Privilege (2962488)
Affected Software
• Windows Server 2008 x86, x64
• Windows Server 2008 R2 x64
• Windows Server 2012 and 2012 R2
Severity | Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
3 None
No security update
available for Server
2008
Restart Requirement
• A restart may be required
Uninstall Support
• Use Add or Remove Programs
in Control Panel
Detection and Deployment
WU MU MBSA WSUS ITMU SCCM The architecture to properly support the fix
provided in the update does not exist on
Windows Storage Server 2008 systems, making it
infeasible to build the fix for Windows Storage
Server 2008. Yes Yes Yes Yes Yes Yes
CSS Security Worldwide Programs Slide 16
Vulnerabilities in iSCSI Could Allow Denial of Service
(2962485) MS14-028
CSS Security Worldwide Programs
Vulnerability Details
• Two denial of service vulnerabilities exist in the way that affected operating systems handle iSCSI packets or connections. An
attacker who successfully exploited the vulnerability could cause the affected service or services to stop responding.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-0255 Important Denial of Service 3 3 T No No No
CVE-2014-0256 Important Denial of Service 3 3 T No No No
Attack Vectors • An attacker could exploit the
vulnerability by creating a large
number of specially crafted iSCSI
packets and sending the packets to
affected systems over a network.
Mitigations
• This vulnerability only affects servers for
which the iSCSI target role has been
enabled. By default the iSCSI target role
is not enabled on any of these OS.
Workarounds
• Limit the attack surface from untrusted
networks by placing iSCSI on its own
isolated network, separate from any
network on which internet traffic flows.
• Configure your firewall to restrict access
to TCP port 3260 to authorized iSCSI
client IP addresses
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Slide 17
MS14-028 Vulnerabilities in iSCSI Could Allow Denial of Service
(2962485)
Affected Software • Internet Explorer 6 on Windows Server 2003
• Internet Explorer 7 on Windows Server 2003, Windows
Vista, and Windows Server 2008
• Internet Explorer 8 on Windows Server 2003, Windows
Vista, Windows Server 2008, Windows 7, and Windows
Server 2008 R2
• Internet Explorer 9 on Windows Vista, Windows Server
2008, Windows 7, and Windows Server 2008 R2
• Internet Explorer 10 on Windows 7, Windows Server 2008
R2, Windows 8, Windows Server 2012, and Windows RT
• Internet Explorer 11 on Windows 7, Windows Server 2008
R2, Windows 8.1, Windows Server 2012 R2, and Windows
RT 8.1
Severity | Critical
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
1 MS14-021
Not a cumulative
update. Requires
MS14-018 on most
platforms
Restart Requirement
• A restart is required
Uninstall Support
• Use Add or Remove
Programs in Control Panel
Detection and Deployment
WU MU MBSA WSUS ITMU SCCM This update includes the fix for CVE-2014-1776,
first addressed by the MS14-021 out-of-band
security update on May 1. Yes Yes Yes Yes Yes Yes
CSS Security Worldwide Programs Slide 18
Security Update for Internet Explorer (2962482) MS14-029
CSS Security Worldwide Programs
Vulnerability Details
• Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities
could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-0310 Critical Remote Code Execution 1 1 * No No No
CVE-2014-1815 Critical Remote Code Execution 1 1 * No Yes No
Attack Vectors • Attacker hosts a malicious website
utilizing the vulnerability, then
convinces users to visit the site.
• Attacker takes advantage of
compromised websites and/or sites
hosting ads from other providers.
Mitigations
• Attacker would have to convince users to take
action, typically by getting them to click a link in an
email message or in an Instant Messenger message
that takes users to the attacker's website, or by
getting them to open an attachment sent through
email. No way for attacker to force user to view
malicious content.
• Exploitation only gains the same user rights as the
logged-on account.
• By default, all Microsoft email clients open HTML
email messages in the Restricted Sites zone.
• By default, Internet Explorer runs in a restricted
mode for all Windows Servers.
Workarounds
• Set Internet and Local intranet
security zone settings to "High" to
block ActiveX Controls and Active
Scripting in these zones.
• Configure Internet Explorer to
prompt before running Active
Scripting or to disable Active
Scripting in the Internet and Local
intranet security zone.
• Add sites that you trust to the
Internet Explorer Trusted sites zone.
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Slide 19
MS14-029 Security Update for Internet Explorer (2962482)
CSS Security Worldwide Programs Slide 20
Update for Disabling RC4 in .NET TLS (2960358) Security
Advisory
Executive Summary
Microsoft is announcing the availability of an update for Microsoft .NET Framework that
disables RC4 in Transport Layer Security (TLS) through the modification of the system registry.
Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover
plaintext from encrypted sessions.
Recommendations
Microsoft recommends that customers download and test the update before deploying it in
their environments as soon as possible. The update is available from the Microsoft Download
Center. For information on how to manually apply the update, see Microsoft Knowledge Base
Article 2960358.
More Information
Microsoft Security Advisory 2960358
https://technet.microsoft.com/library/2960358.aspx
Pre-installation of the 2868725 update, released in November, 2013, is a prerequisite for
installing the updates addressed in this bulletin, with the exception of those updates applying
to Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. For more information about
the prerequisite update, see Microsoft Knowledge Base Article 2868725.
CSS Security Worldwide Programs Slide 21
Update Rollup of Revoked Non-Compliant UEFI Modules (2962824) Security
Advisory
Executive Summary
With this advisory, Microsoft is revoking the digital signature for one private, third-party UEFI (Unified
Extensible Firmware Interface) module that could be loaded during UEFI Secure Boot.
This UEFI (Unified Extensible Firmware Interface) module could be loaded during UEFI Secure Boot.
When the update is applied, the affected UEFI module will no longer be trusted and will no longer
load on systems where UEFI Secure Boot is enabled. The affected UEFI module consists of a specific
Microsoft-signed module that is not in compliance with our certification program and is being
revoked at the request of the author.
Microsoft is not aware of any misuse of the affected UEFI module. Microsoft is proactively revoking
this non-compliant module as part of ongoing efforts to protect customers. This action only affects
systems running Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2 that
are capable of UEFI Secure Boot where the system is configured to boot via UEFI and Secure Boot is
enabled. There is no action on systems that do not support UEFI Secure Boot or where it is disabled.
Recommendations
Microsoft recommends that customers apply the update at the earliest opportunity after ensuring
that their systems are not using any of the affected UEFI modules. The update is available through
Microsoft Update. In addition, the update is available on the Download Center as well as the
Microsoft Update Catalog for Windows 8, Windows Server 2012, Windows 8.1, and Windows Server
2012 R2.
More Information
Warning Customers who apply this update on a system that is using one of the affected UEFI
modules risk delivering the system into a non-bootable state. Microsoft recommends that all
customers apply this update after ensuring they are running up-to-date UEFI modules. Customers
with concern that they may be using an affected UEFI module should consult the "What does this
update do?" and the "What revoked digital signatures are addressed by this Update Rollup of
Revoked Non-compliant UEFI modules?" advisory FAQs for information on affected UEFI modules.
Microsoft Security Advisory 2962824
https://technet.microsoft.com/library/2962824.aspx
CSS Security Worldwide Programs Slide 22
Update to Improve Credentials Protection and Management (2871997) Security
Advisory
Executive Summary
Microsoft is announcing the availability of an update for supported editions of Windows 8 for
32-bit Systems, Windows 8 for x64-based Systems, Windows RT, Windows Server 2012,
Window 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for
x64-based Systems, and Windows 2008 R2 for Itanium-based Systems that improves
credential protection and domain authentication controls to reduce credential theft. This
update provides additional protection for the Local Security Authority (LSA), adds a restricted
admin mode for Credential Security Support Provider (CredSSP), introduces support for
protected account-restricted domain user category, and enforces stricter authentication
policies for Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012
machines as clients.
Recommendations Microsoft recommends that customers apply the update immediately using update
management software, or by checking for updates using the Microsoft Update service.
More Information Microsoft Security Advisory 2871997
https://technet.microsoft.com/library/2871997.aspx
CSS Security Worldwide Programs Slide 23
(2755801) Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
Rereleased
Security
Advisory
What Has Changed?
Microsoft updated this advisory to announce the availability of a new update for Adobe Flash
Player. On May 13, 2014, Microsoft released an update (KB2957151) for Internet Explorer 10
on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on
Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the
vulnerabilities described in Adobe Security bulletin APSB14-14. For more information about
this update, including download links, see Microsoft Knowledge Base Article 2957151.
Executive Summary
Microsoft is announcing the availability of an update for Adobe Flash Player in Internet
Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT,
Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the
vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained
within Internet Explorer 10 and Internet Explorer 11.
Recommendations
Microsoft recommends that customers apply the current update immediately using update
management software, or by checking for updates using the Microsoft Update service. Since
the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update.
More Information
http://technet.microsoft.com/library/2755801
CSS Security Worldwide Programs Slide 24
Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update
May 2014
Update for
Windows 8.1
Executive Summary
Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update is a cumulative update that
includes all previous released security updates and nonsecurity updates. In addition to previous
updates, it includes improvements such as improved Internet Explorer 11 compatibility for enterprise
applications, usability improvements, extended mobile device management and improved hardware
support. Additionally, this update enable Windows Server 2012 to support clustering configurations for
hosts.
Important All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and
Windows Server 2012 R2 require this update to be installed. We recommend that you install this
update on your Windows RT 8.1, Windows 8.1, or Windows Server 2012 R2-based computer in order
to receive continued future updates.
Recommendations
This update is provided as an important update. If you select the Install updates automatically
(recommended) Windows Update setting, this update is installed automatically. If you select other
Windows Update settings, we highly recommend that you install this update through Windows Update
immediately.
Important For the months of May-August, any update applicable to Windows 8.1/Server 2012 R2 will
have 2 packages: one for systems that have 2919355 and one for systems without 2919355.
More Information
Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update May 2014
http://support.microsoft.com/kb/2919355
Information for IT Professionals
http://blogs.windows.com/windows/b/springboard/archive/2014/04/02/windows-8-1-update-the-it-
pro-perspective.aspx
http://blogs.windows.com/windows/b/springboard/archive/2014/04/16/windows-8-1-update-and-
wsus-availability-and-adjusted-timeline.aspx
CSS Security Worldwide Programs Slide 25
Security Bulletin Summary May 2014
Bulletin Bulletin title Severity Priority
MS14-029 Security Update for Internet Explorer Critical 1
MS14-024 Vulnerability in a Microsoft Common Control Could Allow Security Feature
Bypass Important 1
MS14-025 Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege Important 1
MS14-022 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code
Execution Critical 2
MS14-023 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution Important 2
MS14-027 Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege Important 2
MS14-026 Vulnerability in .NET Framework Could Allow Elevation of Privilege Important 3
MS14-028 Vulnerabilities in iSCSI Could Allow Denial of Service Important 3
Appendix
CSS Security Worldwide Programs
CSS Security Worldwide Programs Slide 27
MSRT Changes, Tools, and Public Security Bulletin Webcast Related
Resources
Malicious Software
Removal Tool (MSRT)
Win32/Miuref - This family of threats can redirect your web browser to show you ads or download
other malware.
Win32/Filcout – This application, sometimes referred to as FileScout, is used to help you find programs
to run unknown files, however it is also known to install variants of the Win32/Sefnit family without
your knowledge.
Additional Malware
Removal Tools
Microsoft Safety Scanner
• Same basic engine as the MSRT, but with a full set of A/V signatures.
Windows Defender Offline
• An offline bootable A/V tool with a full set of signatures.
• Designed to remove rootkits and other advanced malware that can't always be detected by
antimalware programs.
• Requires you to download an ISO file and burn a CD, DVD, or USB flash drive.
Public Webcast
Information About Microsoft's Security Bulletins
Wednesday, May 14, 2014, 11:00 A.M. Pacific Time (US & Canada)
Register at: https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032572979
Microsoft Security
Blogs
Microsoft Security Response Center Blog: http://blogs.technet.com/msrc
Microsoft Security Research Defense Blog: http://blogs.technet.com/srd
Microsoft Malware Protection Center Blog: http://blogs.technet.com/mmpc
Microsoft Security Development Lifecycle Blog: http://blogs.technet.com/sdl
CSS Security Worldwide Programs Slide 28
Detection & Deployment (Manageability Tools) Reference May 2014
Bulletin Windows
Update 1
Microsoft
Update 1 MBSA 2 WSUS SMS ITMU SCCM
MS14-022 No Yes Yes Yes Yes Yes
MS14-023 No Yes Yes Yes Yes Yes
MS14-024 No Yes Yes Yes Yes Yes
MS14-025 No No Yes Yes Yes Yes
MS14-026 Yes Yes Yes Yes Yes Yes
MS14-027 Yes Yes Yes Yes Yes Yes
MS14-028 Yes Yes Yes Yes Yes Yes
MS14-029 Yes Yes Yes Yes Yes Yes
1. Windows RT devices can only be serviced with Windows Update, Microsoft Update, and the Windows Store.
2. Microsoft Baseline Security Analyzer (MBSA) v2.3 now supports Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2.
CSS Security Worldwide Programs Slide 30
Public Security Bulletin Resource Links Resources
Monthly Bulletin Links
• Microsoft Security Bulletin Summary for May 2014
https://technet.microsoft.com/library/ms14-may.aspx
• Security Bulletin Search
http://technet.microsoft.com/security/bulletin
• Security Advisories
http://technet.microsoft.com/security/advisory
• Microsoft Technical Security Notifications
http://technet.microsoft.com/security/dd252948.aspx
Supplemental Security Reference Articles
• Detailed Bulletin Information Spreadsheet
http://go.microsoft.com/fwlink/?LinkID=245778
• Security Tools for IT Pros
http://technet.microsoft.com/en-us/security/cc297183
• KB894199 Description of Software Update Services and Windows Server Update Services changes in content
http://support.microsoft.com/kb/894199
• The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software
http://support.microsoft.com/kb/890830
CSS Security Worldwide Programs Slide 31
MS14-025 and MS14-029 Known Issues
MS14-025 : KB2962486, 2928120
• Additional Action Required: It is important to note that the update does not remove any
existing GPOs that were configured prior to the application of this security update. Customers
with existing GPOs that were configured using the identified Group Policy preferences should
remove this risk from their domain environment. See Knowledge Base Article 2962486 for more
information.
MS14-029 : KB2953522, 2961851
• This security update is not a cumulative update, either MS14-018 or MS14-012 (depending on
OS and IE combination) is required. See the table in the bulletin FAQ for details.
Links
Públicos
dos
Boletin de
Segurança
Português
LATAM
Links do Boletins em Português
• Microsoft Security Bulletin Summary for May 2014-
Resumo
http://technet.microsoft.com/pt-
br/security/bulletin/ms14-May
• Security Bulletin Search/Boletins de Segurança Busca
http://technet.microsoft.com/pt-br/security/bulletin
• Security Advisories/Comunicados de Segurança
http://technet.microsoft.com/pt-br/security/advisory
• Microsoft Technical Security Notifications - Notificações
http://technet.microsoft.com/pt-
br/security/dd252948.aspx
Blogs
Negócios de Risco
• http://blogs.technet.com/b/risco/
• MSRC Blog
http://blogs.technet.com/msrc
• SRD Team Blog
http://blogs.technet.com/srd
• MMPC Team Blog
http://blogs.technet.com/mmpc
• MSRC Ecosystem Team Blog
http://blogs.technet.com/ecostrat
Supplemental Security Reference Articles
• Detailed Bulletin Information Spreadsheet
http://go.microsoft.com/fwlink/?LinkID=245778
• Security Tools for IT Pros- Ferramentas de Segurança
http://technet.microsoft.com/pt-br/security/cc297183
• KB894199 Description of Software Update Services and Windows Server Update Services changes in
content
http://support.microsoft.com/kb/894199
• The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious
software
http://support.microsoft.com/kb/890830
Webcast
Português
Junho
GBS Security Worldwide Programs 33
Webcast Português (Externo) WEBCAST – CLIENTES https://msevents.microsoft.com/CUI/EventDetail.aspx?Event
ID=1032575585
12/Junho/2014
15:30 Hrs Brasília
Para receber convite para a conferência escrever para [email protected]