Verint Witness Impact 360 Third Party Certification Report

Impact 360

Third Party Certification Report

Document Revision 1.02

March 2014

1992 2014 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.

All materials (regardless of form and including, without limitation, software applications,

documentation, and any other information relating to Verint Systems, its products or

services) are the exclusive property of Verint Systems Inc. Only expressly authorized

individuals under obligations of confidentiality are permitted to review materials in this

document. By reviewing these materials, you agree to not disclose these materials to any

third party unless expressly authorized by Verint Systems, and to protect the materials as

confidential and trade secret information. Any unauthorized review, retransmission,

dissemination or other use of these materials is strictly prohibited. If you are not

authorized to review these materials, please return these materials (and any copies) from

where they were obtained. All materials found herein are provided AS IS and without warranty of any kind.

Verint Systems Inc. does not warrant, guarantee or make any representation regarding

the use or the results of the use of the information, links, tools, and materials in terms of

the accuracy, reliability, quality, validity, stability, completeness, currentness, or

otherwise of its content or products. The entire risk as to the use, results and performance

of information, links, tools and materials provided or referenced herein is assumed by the

user. Verint Systems Inc. shall not be liable for damages resulting from the use, misuse

or unlawful use of the information, links, tools, and materials contained or referenced

herein.

Any third party technology that may be appropriate or necessary for use with the Verint

Product is licensed to you only for use with the Verint Product under the terms of the third

party license agreement specified in the Documentation, the Software or as provided

online at http://verint.com/thirdpartylicense. You may not take any action that would

separate the third party technology from the Verint Product. Unless otherwise permitted

under the terms of the third party license agreement, you agree to only use the third

party technology in conjunction with the Verint Product.

The Verint Systems Inc. products are protected by one or more U.S., European or

International Patents and other U.S. and International Patents and Patents Pending.

All marks referenced herein with the or symbol are registered trademarks or trademarks of Verint Systems Inc. or its subsidiaries. All rights reserved. All other marks

are trademarks of their respective owners.

Visit our website at www.verint.com/intellectualpropertynotice for updated information on

Verint Intellectual Property.

Document Revision 1.02

Published March 25, 2014 7:46 PM

**NOTICE: April Release will be on April 28th and not April 22nd.

Contents

Introduction ................................................................................................. 4

Scope and Intended Audience ......................................................................... 4

Verints Policy Regarding Updates .................................................................... 4

Updates Recommended .............................................................................. 4

Updates Not Recommended ......................................................................... 5

Non Approved Security Updates ................................................................... 5

Verint Guidance on Security Updates ............................................................... 5

Post-Installation Requirements .................................................................... 6

Security Updates Recommended Microsoft ................................................ 11

Windows Updates Recommended Microsoft ............................................... 87

JRE & Apache Tomcat Updates .................................................................. 7

Apache HTTP Server for Cognos ................................................................. 10

Non Approved Security Updates ................................................................. 10

Third Party Certification Report Introduction

Impact 360 Third Party Certification Report 4

Confidential and Proprietary Information of Verint Systems Inc.

Third Party Certification

Report This document describes Verints policy and position related to Third Party Certification.

Introduction This cumulative bulletin contains Microsoft updates & Third-Party updates in accordance

with Verints policy on supporting Microsoft Operating Systems, Service Packs, Security Bulletins and Security updates.

For information on Verints policy, see Verints Microsoft and Third-Party Support Policy document.

Scope and Intended Audience This bulletin is intended for Verint customers and provides support for all Verint products:

Verints Policy Regarding Updates This certification report is cumulative and reflects Verints Third-Party certification policy.

Verints recommendation policy includes the following levels of recommendation:

Updates Recommended

Updates Not Recommended

Non Approved Security Updates

Updates Recommended

Verint provides recommendations for the following Third-Party product updates, which are

used by the Verint products:

NOTE

The Microsoft updates certification is also relevant for all Impact360

versions (11, 10, 7.8, etc.).

All JRE/Apache/Apache HTTP server updates are relevant only

for Impact360 V11 and cannot be installed on legacy versions.

Third Party Certification Report Verint Guidance on Security Updates



Microsoft Security Updates & Windows Updates

JRE

Apache Tomcat

Apache HTTP Server

Updates Not Recommended

Verint does not provide recommendations for the following types of updates:

Microsoft Service Packs that are not part of the Verints supported products

Microsoft Security Updates that are not part of the Verints supported products

It is Verints recommendation that customers DO NOT install these types of updates, but rather wait for the relevant Microsoft Service Packs that roll up all the non-critical updates.

Should the customer choose to apply any of these updates as per their own IT policy, the

customer must contact Verint Systems Technical Support.


Verint provides instructions not to install specific fixes for the above Third-Party products.

These fixes are not compatible with Verint products or Windows products and must

therefore not be implemented. Once installed on Impact 360 environments, these Updates

were found to be damaging.

Should the customer choose to apply any of these updates as per their own IT policy,

customer must contact Verint Systems Technical Support.

Verint Guidance on Security Updates Verint Guidance is provided on the followings requirements and updates:




Post-Installation Requirements

Security Updates Recommended Microsoft

Windows Updates Recommended Microsoft

Apache HTTP Server for Cognos





Post-Installation Requirements

This section presents third party updates, which may cause dis-functionality in Impact 360

systems, and to overcome these issues, certain steps should be taken.

KB2661254 - Verify Certificate Key Length in SSL Enabled Systems

Microsoft released windows update 2661254 which restricts the use of certificates with RSA

keys less than 1024 bits in length (This update has become a windows critical update and is

installed on all servers that use the WSUS server and are configured to have critical updates

installation).

To resolve the issue a new RSA certificate must be created with 1024 bits or higher, and

configured in the system.




JRE & Apache Tomcat Updates

Desktop Policy

Updating desktops is the customers responsibility. However, Verint certifies its desktop

software against the latest available 3rd party software updates on a monthly basis. The

recommended version is the latest version that was certified by Verint. Verint does not

supply the installation package for 3rd party updates on desktops.

Recommended Desktop Version Updates

Version Published Date

JRE 7 Update 51 December 2013

Important Notice

This client version is supported only if the following is done:

For WFM:

On Application Server: Set non Static JRE Versioning in System Management General

Settings

On Client Browser: (If I360 version is lower than 11.1.1.1929)

Click Run to allow application will run with unrestricted access.. (can be suppressed to only shown once by checking Do Not show this again for apps from the publisher)

Add Exception Site list, the AppServer and port number to Java Control Panel

Security tab of each Client machine or via file.

http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/exception_site_list.html

For Data Analytics Instance Builder & Storage Manager Rule Editor:

For V11.1 SP1: Install KB115932



For U10 (all versions): Install U100_8826




After KB installations the following Windows will be shown when trying to open Data

Analytics Instance Builder or Storage manager Rule Editor, make sure you check the I accept and click Run

Second window will be empty, click Close and you will then be able to open the applications

properly.




Server Policy

Updating desktops is the customers responsibility. However Verint certifies its server

software against the latest available 3rd party software version on a monthly basis. As

opposed to desktops, the software updates used are only the ones supplied by Verint.

Do not use other packages from the 3rd party software vendors.

A tool which automates the updates of the JRE version and the Apache Tomcat can be

downloaded from GURU.

The JRE & Apache version update tool is provided in two formats:

A standalone installation tool.

Included in the HFR kit.

NOTE

The third party update tool is provided on a monthly basis,

effective December 2012.

The update tool will also be included in future V11 kits that are

due to be published effective January 2013.

Latest Certified Updates for Impact360 & KMS Servers

Version Published Date

JRE 6 Update 71 December 2013

Apache Tomcat 6.0.37 May 2012

Installation Steps for JRE & Apache Tomcat updates on Impact360 Servers:

1. From the Latest Hotfix section in Guru, download the Hotfix Deploy Tool.zip

NOTE

If you have downloaded the Hotfix Deploy Tool.zip in the past you do not need

to download it again.

2. Unzip the Deploy tool in any computer that has network connection to the system.

3. Download the JavaUpgrade.exe from one of the following links and click Open:

a. For Verint Internal user, please use this link

b. For Online users, please use this link




This file holds the updated JRE and Tomcat versions as mentioned below.

4. Copy JavaUpgrade.exe to the same folder which the Deploy tool has been extracted.

5. Double click on the Hotfix Deploy Tool.exe

6. Double click on the JavaUpgrade.exe.

7. Double click on Setup.exe and click Next when prompted, until the task is completed.

There is an option use the deploy tool to install on multiple servers. For further instructions please see the Hotfix Deploy Tool User Guide which is located in the same location where the tool was downloaded from.

Installation Steps for JRE & Apache Tomcat updates on KMS Servers:

For Verint Internal users, please use this link and click Open

For External users, please use this link and click Open

Apache HTTP Server for Cognos

Impact Version Apache Version Download Link

V11.0 SP1 and V11.1 SP0 HTTP Server 2.0.64 For Verint Internal user, please use this link

For External users, please use this link

V11.1 SP1 HFR2 and

higher

HTTP Server 2.2.25 For Verint Internal user, please use this link

For External users, please use this link


The following Updates are not approved by Verint as they are not compatible with Verint

products or Windows products and must therefore not be implemented.

In addition, these Updates were found to be damaging, if they are installed on Impact 360

environments.

Should the customer choose to apply any of these updates per their own IT policy, customer

must contact Verint Systems Technical Support.

Product Summary / Version Severity & Impact Published Date

N/A N/A N/A N/A




Security Updates Recommended Microsoft

Customers are recommended to apply the following Security Updates on Windows 2008

and Windows 2003 systems, which are supported by Microsoft Service Pack releases listed

in the Error! Reference source not found.:

March 2014

Bulletin ID

Bulletin Title and Executive Summary Maximum Severity Rating and

Vulnerability Impact

MS14-012 Cumulative Security Update for Internet Explorer (2925418)

This security update resolves one publicly disclosed vulnerability and

seventeen privately reported vulnerabilities in Internet Explorer. These

vulnerabilities could allow remote code execution if a user views a

specially crafted webpage using Internet Explorer. An attacker who

successfully exploited these vulnerabilities could gain the same user

rights as the current user. Users whose accounts are configured to have

fewer user rights on the system could be less impacted than users who

operate with administrative user rights.

Critical

Remote Code Execution

MS14-013 Vulnerability in Microsoft DirectShow Could Allow Remote Code

Execution (2929961)

This security update resolves a privately reported vulnerability in

Microsoft Windows. The vulnerability could allow remote code execution

if a user opens a specially crafted image file. An attacker who

successfully exploited this vulnerability could gain the same user rights

as the current user. Users whose accounts are configured to have fewer

user rights on the system could be less impacted than users who


Critical


MS14-015 Vulnerabilities in Windows Kernel-Mode Driver Could Allow

Elevation of Privilege (2930275)


Important

Elevation of Privilege




Bulletin ID



one privately reported vulnerability in Microsoft Windows. The more

severe of these vulnerabilities could allow elevation of privilege if an

attacker logs on to the system and runs a specially crafted application.

An attacker must have valid logon credentials and be able to log on

locally to exploit these vulnerabilities.

MS14-016 Vulnerability in Security Account Manager Remote (SAMR) Protocol

Could Allow Security Feature Bypass (2934418)

This security update resolves one privately reported vulnerability in

Microsoft Windows. The vulnerability could allow security feature bypass

if an attacker makes multiple attempts to match passwords to a

username.

Important

Security Feature Bypass

February 2014

Bulletin

ID

Bulletin Title and Executive Summary Maximum Severity

Rating and Vulnerability

Impact

MS14-010 Cumulative Security Update for Internet Explorer (2909921)


twenty-three privately reported vulnerabilities in Internet Explorer. The

most severe vulnerabilities could allow remote code execution if a user

views a specially crafted webpage using Internet Explorer. An attacker

who successfully exploited the most severe of these vulnerabilities could

gain the same user rights as the current user. Users whose accounts are

configured to have fewer user rights on the system could be less

impacted than users who operate with administrative user rights.

Critical


MS14-011 Vulnerability in VBScript Scripting Engine Could Allow Remote

Code Execution (2928390)

Critical





Bulletin ID



This security update resolves a privately reported vulnerability in the

VBScript scripting engine in Microsoft Windows. The vulnerability could

allow remote code execution if a user visited a specially crafted website.

An attacker would have no way to force users to visit the website.

Instead, an attacker would have to convince users to take action,

typically by getting them to click a link in an email message or Instant

Messenger message that takes users to the attacker's website.

MS14-007 Vulnerability in Direct2D Could Allow Remote Code Execution

(2912390)


Microsoft Windows. The vulnerability could allow remote code execution

if a user views a specially crafted webpage using Internet Explorer. An

attacker would have no way to force users to view specially crafted

content. Instead, an attacker would have to convince users to take

action, typically by getting them to click a link in an email message or in

an Instant Messenger message that takes users to an attacker's website,

or by getting them to open an attachment sent through email.

Critical


MS14-008 Vulnerability in Microsoft Forefront Protection for Exchange Could

Allow Remote Code Execution (2927022)


Microsoft Forefront. The vulnerability could allow remote code

execution if a specially crafted email message is scanned.

Critical


MS14-009 Vulnerabilities in .NET Framework Could Allow Elevation of

Privilege (2916607)

This security update resolves two publicly disclosed vulnerabilities and

one privately reported vulnerability in Microsoft .NET Framework. The

most severe vulnerability could allow elevation of privilege if a user visits

a specially crafted website or a website containing specially crafted web

content. In all cases, however, an attacker would have no way to force

users to visit such websites. Instead, an attacker would have to convince

users to visit the compromised website, typically by getting them to click

Important





Bulletin ID



a link in an email message or in an Instant Messenger message that

takes them to the attacker's website.

MS14-005 Vulnerability in Microsoft XML Core Services Could Allow

Information Disclosure (2916036)

This security update resolves a publicly disclosed vulnerability in

Microsoft XML Core Services included in Microsoft Windows. The

vulnerability could allow information disclosure if a user views a specially

crafted webpage using Internet Explorer. An attacker would have no way

to force users to view specially crafted content. Instead, an attacker

would have to convince users to take action, typically by getting them to

click a link in an email message or in an Instant Messenger message that

takes users to an attacker's website, or by getting them to open an

attachment sent through email.

Important

Information Disclosure

MS14-006 Vulnerability in IPv6 Could Allow Denial of Service (2904659)

This security update resolves a publicly disclosed vulnerability in

Microsoft Windows. The vulnerability could allow denial of service if an

attacker sends a large number of specially crafted IPv6 packets to an

affected system. To exploit the vulnerability, an attacker's system must

belong to the same subnet as the target system.

Important

Denial of Service

January 2014

Bulletin ID



MS14-002 Vulnerability in Windows Kernel Could Allow Elevation

of Privilege (2914368)

This security update resolves a publicly disclosed vulnerability

in Microsoft Windows. The vulnerability could allow elevation of

privilege if an attacker logs on to a system and runs a specially

Important





Bulletin ID



crafted application. An attacker must have valid logon

credentials and be able to log on locally to exploit this

vulnerability.

MS14-003 Vulnerability in Windows Kernel-Mode Drivers Could

Allow Elevation of Privilege (2913602)

This security update resolves a privately reported vulnerability

in Microsoft Windows. The vulnerability could allow elevation of

privilege if a user logs on to a system and runs a specially



vulnerability.

Important


December 2013

Bulletin ID Bulletin Title and Executive Summary Maximum Severity

Rating and Vulnerability

Impact

MS13-096 Vulnerability in Microsoft Graphics Component Could

allow Remote Code Execution (2908005)

This security update resolves a publicly disclosed

vulnerability in Microsoft Windows, Microsoft Office, and

Microsoft Lync. The vulnerability could allow remote code

execution if a user views content that contains specially

crafted TIFF files.

Critical

Remote Code

Execution

MS13-097 Cumulative Security Update for Internet Explorer

(2898785)

This security update resolves seven privately reported

vulnerabilities in Internet Explorer. The most severe

vulnerabilities could allow remote code execution if a user

views a specially crafted webpage using Internet Explorer.

An attacker who successfully exploited the most severe of

these vulnerabilities could gain the same user rights as the

current user. Users whose accounts are configured to have

Critical

Remote Code

Execution




Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating and


fewer user rights on the system could be less impacted than

users who operate with administrative user rights.

MS13-098 Vulnerability in Windows Could Allow Remote Code

Execution (2893294)

This security update resolves a privately reported

vulnerability in Microsoft Windows. The vulnerability could

allow remote code execution if a user or application runs or

installs a specially crafted, signed portable executable (PE)

file on an affected system.

Critical

Remote Code

Execution

MS13-099 Vulnerability in Microsoft Scripting Runtime Object

Library Could Allow Remote Code Execution

(2909158)



allow remote code execution if an attacker convinces a user

to visit a specially crafted website or a website that hosts

specially crafted content. An attacker who successfully

exploited this vulnerability could gain the same user rights

as the local user. Users whose accounts are configured to

have fewer user rights on the system could be less

impacted than users who operate with administrative user

rights.

Critical

Remote Code

Execution

MS13-101 Vulnerabilities in Windows Kernel-Mode Drivers Could


This security update resolves five privately reported

vulnerabilities in Microsoft Windows. The more severe of

these vulnerabilities could allow elevation of privilege if an

attacker logs on to a system and runs a specially crafted

application. An attacker must have valid logon credentials

and be able to log on locally to exploit this vulnerability.

Important


MS13-102 Vulnerability in LRPC Client Could Allow Elevation of

Privilege (2898715)

Important








allow elevation of privilege if an attacker spoofs an LRPC

server and sends a specially crafted LPC port message to

any LRPC client. An attacker who successfully exploited the

vulnerability could then install programs; view, change, or

delete data; or create new accounts with full administrator

rights. An attacker must have valid logon credentials and be

able to log on locally to exploit this vulnerability.


November 2013




(2888505)

This security update resolves ten privately reported



views a specially crafted webpage using Internet Explorer.

An attacker who successfully exploited the most severe of

these vulnerabilities could gain the same user rights as the

current user. Users whose accounts are configured to have

fewer user rights on the system could be less impacted than


Critical

Remote Code

Execution

MS13-089 Vulnerability in Windows Graphics Device Interface

Could Allow Remote Code Execution (2876331)



allow remote code execution if a user views or opens a

specially crafted Windows Write file in WordPad. An attacker

who successfully exploited this vulnerability could gain the

same user rights as the current user. Users whose accounts

are configured to have fewer user rights on the system

Critical

Remote Code

Execution






could be less impacted than users who operate with

administrative user rights.

MS13-090 Cumulative Security Update of ActiveX Kill Bits

(2900986)


vulnerability that is currently being exploited. The

vulnerability exists in the InformationCardSigninHelper

Class ActiveX control. The vulnerability could allow remote

code execution if a user views a specially crafted webpage

with Internet Explorer, instantiating the ActiveX control.

Users whose accounts are configured to have fewer user

rights on the system could be less impacted than users who


Critical

Remote Code

Execution

MS13-092 Vulnerability in Hyper-V Could Allow Elevation of

Privilege (2893986)



allow elevation of privilege if an attacker passes a specially

crafted function parameter in a hypercall from an existing

running virtual machine to the hypervisor. The vulnerability

could also allow denial of service for the Hyper-V host if the

attacker passes a specially crafted function parameter in a

hypercall from an existing running virtual machine to the

hypervisor.

Important


MS13-093 Vulnerability in Windows Ancillary Function Driver

Could Allow Information Disclosure (2875783)



allow information disclosure if an attacker logs on to an

affected system as a local user, and runs a specially crafted

application on the system that is designed to enable the

attacker to obtain information from a higher-privileged

account. An attacker must have valid logon credentials and

Important







be able to log on locally to exploit this vulnerability.

MS13-095 Vulnerability in Digital Signatures Could Allow Denial

of Service (2868626)



allow denial of service when an affected web service

processes a specially crafted X.509 certificate.

Important

Denial of Service

October 2013


Rating and



(2879017)

This security update resolves one publicly disclosed

vulnerability and eight privately reported vulnerabilities in

Internet Explorer. The most severe vulnerabilities could

allow remote code execution if a user views a specially

crafted webpage using Internet Explorer. An attacker who

successfully exploited the most severe of these

vulnerabilities could gain the same user rights as the current

user. Users whose accounts are configured to have fewer

user rights on the system could be less impacted than users

who operate with administrative user rights.

Critical


MS13-081 Vulnerabilities in Windows Kernel-Mode Drivers Could



vulnerabilities in Microsoft Windows. The most severe of

these vulnerabilities could allow remote code execution if a

user views shared content that embeds OpenType or

TrueType font files. An attacker who successfully exploited

Critical






Rating and


these vulnerabilities could take complete control of an

affected system.

MS13-082 Vulnerabilities in .NET Framework Could Allow

Remote Code Execution (2878890)

This security update resolves two privately reported

vulnerabilities and one publicly disclosed vulnerability in

Microsoft .NET Framework. The most severe of the


visits a website containing a specially crafted OpenType font

(OTF) file using a browser capable of instantiating XBAP

applications.

Critical


MS13-083 Vulnerability in Windows Common Control Library




allow remote code execution if an attacker sends a specially

crafted web request to an ASP.NET web application running

on an affected system. An attacker could exploit this

vulnerability without authentication to run arbitrary code.

Critical


September 2013

Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating

and Vulnerability Impact


(2870699)

This security update resolves ten privately reported


vulnerabilities could allow remote code execution if a

user views a specially crafted webpage using Internet

Explorer. An attacker who successfully exploited the

most severe of these vulnerabilities could gain the

same user rights as the current user. Users whose

Critical







accounts are configured to have fewer user rights on

the system could be less impacted than users who


MS13-070 Vulnerability in OLE Could Allow Remote Code

Execution (2876217)


vulnerability in Microsoft Windows. The vulnerability

could allow remote code execution if a user opens a

file that contains a specially crafted OLE object. An

attacker who successfully exploited this vulnerability

could gain the same user rights as the current user.

Users whose accounts are configured to have fewer

user rights on the system could be less impacted than


Critical


MS13-071 Vulnerability in Windows Theme File Could Allow




could allow remote code execution if a user applies a

specially crafted Windows theme on their system. In

all cases, a user cannot be forced to open the file or

apply the theme; for an attack to be successful, a user

must be convinced to do so.

Important


MS13-076 Vulnerabilities in Kernel-Mode Drivers Could



vulnerabilities in Microsoft Windows. The vulnerabilities

could allow elevation of privilege if an attacker logs

onto the system and runs a specially crafted

application. An attacker must have valid logon

credentials and be able to log on locally to exploit

these vulnerabilities.

Important


MS13-077 Vulnerability in Windows Service Control Important






Manager Could Allow Elevation of Privilege

(2872339)



could allow elevation of privilege if an attacker

convinces an authenticated user to execute a specially

crafted application. To exploit this vulnerability, an

attacker either must have valid logon credentials and

be able to log on locally or must convince a user to run

the attacker's specially crafted application.


MS13-079 Vulnerability in Active Directory Could Allow

Denial of Service (2853587)


vulnerability in Active Directory. The vulnerability

could allow denial of service if an attacker sends a

specially crafted query to the Lightweight Directory

Access Protocol (LDAP) service.

Important

Denial of Service

August 2013



MS13-059 Cumulative Security Update for Internet

Explorer (2862772)

This security update resolves eleven privately

reported vulnerabilities in Internet Explorer. The

most severe vulnerabilities could allow remote code

execution if a user views a specially crafted webpage

using Internet Explorer. An attacker who successfully

exploited the most severe of these vulnerabilities



user rights on the system could be less impacted

than users who operate with administrative user

rights.

Critical







MS13-060 Vulnerability in Unicode Scripts Processor



vulnerability in the Unicode Scripts Processor

included in Microsoft Windows. The vulnerability

could allow remote code execution if a user viewed a

specially crafted document or webpage with an

application that supports embedded OpenType fonts.

An attacker who successfully exploited this

vulnerability could gain the same user rights as the

current user. Users whose accounts are configured to


impacted than users who operate with administrative

user rights.

Critical


MS13-062 Vulnerability in Remote Procedure Call Could




could allow elevation of privilege if an attacker sends

a specially crafted RPC request.

Important


MS13-063 Vulnerabilities in Windows Kernel Could Allow



vulnerability and three privately reported

vulnerabilities in Microsoft Windows. The most

severe vulnerabilities could allow elevation of

privilege if an attacker logged on locally and ran a

specially crafted application. An attacker must have

valid logon credentials and be able to log on locally

to exploit these vulnerabilities. The vulnerabilities

could not be exploited remotely or by anonymous

users.

Important


MS13-064 Vulnerability in Windows NAT Driver Could

Allow Denial of Service (2849568)

Important

Denial of Service







vulnerability in the Windows NAT Driver in Microsoft

Windows. The vulnerability could allow denial of

service if an attacker sends a specially crafted ICMP

packet to a target server that is running the

Windows NAT Driver service.

MS13-065 Vulnerability in ICMPv6 could allow Denial of

Service (2868623)



could allow a denial of service if the attacker sends a

specially crafted ICMP packet to the target system.

Important

Denial of Service

MS13-066 Vulnerability in Active Directory Federation

Services Could Allow Information Disclosure

(2873872)


vulnerability in Active Directory Federation Services

(AD FS). The vulnerability could reveal information

pertaining to the service account used by AD FS. An

attacker could then attempt logons from outside the

corporate network, which would result in account

lockout of the service account used by AD FS if an

account lockout policy has been configured. This

would result in denial of service for all applications

relying on the AD FS instance.

Important


July 2013



MS13-052 Vulnerabilities in .NET Framework and

Silverlight Could Allow Remote Code Execution

(2861561)

Critical








vulnerabilities and two publicly disclosed

vulnerabilities in Microsoft .NET Framework and

Microsoft Silverlight. The most severe of these


trusted application uses a particular pattern of code.

An attacker who successfully exploited this

vulnerability could gain the same user rights as the

logged-on user. Users whose accounts are

configured to have fewer user rights on the system



MS13-053 Vulnerabilities in Windows Kernel-Mode Drivers


This security update resolves two publicly disclosed

and six privately reported vulnerabilities in Microsoft

Windows. The most severe vulnerability could allow

remote code execution if a user views shared content

that embeds TrueType font files. An attacker who

successfully exploited this vulnerability could take

complete control of an affected system.

Critical


MS13-054 Vulnerability in GDI+ Could Allow Remote Code Execution (2848295) This security update resolves a privately reported vulnerability in Microsoft Windows, Microsoft Office, Microsoft Lync, and Microsoft Visual Studio. The vulnerability could allow remote code execution if a

user views shared content that embeds TrueType font files.

Critical Remote Code Execution


Explorer (2846071)

This security update resolves seventeen privately

reported vulnerabilities in Internet Explorer. The

most severe vulnerabilities could allow remote code



Critical










user rights on the system could be less impacted

than users who operate with administrative user

rights.

MS13-056 Vulnerability in Microsoft DirectShow Could





specially crafted image file. An attacker who

successfully exploited this vulnerability could gain

the same user rights as the local user. Users whose




Critical


MS13-057 Vulnerability in Windows Media Format

Runtime Could Allow Remote Code Execution

(2847883)




specially crafted media file. An attacker who

successfully exploited this vulnerability could gain

the same user rights as the local user. Users whose




Critical


MS13-058 Vulnerability in Windows Defender Could Allow



vulnerability in Windows Defender for Windows 7 and

Windows Defender when installed on Windows

Server 2008 R2. The vulnerability could allow

Important







elevation of privilege due to the pathnames used by

Windows Defender. An attacker who successfully

exploited this vulnerability could execute arbitrary

code and take complete control of an affected

system. The attacker could then install programs;

view, change, or delete data; or create new accounts

with full user rights. An attacker must have valid

logon credentials to exploit this vulnerability. The

vulnerability could not be exploited by anonymous

users.

June 2013


Rating and



Explorer (2838727)

This security update resolves nineteen privately

reported vulnerabilities in Internet Explorer. The most

severe vulnerabilities could allow remote code








Critical


MS13-048 Vulnerability in Windows Kernel Could Allow

Information Disclosure (2839229)

This security update resolves one privately reported

vulnerability in Windows. The vulnerability could allow

information disclosure if an attacker logs on to a

system and runs a specially crafted application or

convinces a local, logged-in user to run a specially


Important






Rating and



vulnerability. Note that this vulnerability would not

allow an attacker to execute code or to elevate their

user rights directly, but it could be used to produce

information that could be used to try to further

compromise an affected system.

MS13-049 Vulnerability in Kernel-Mode Driver Could Allow




could allow denial of service if an attacker sends

specially crafted packets to the server. Firewall best

practices and standard default firewall configurations

can help protect networks from attacks that originate

outside the enterprise perimeter.

Important

Denial of Service

MS13-050 Vulnerability in Windows Print Spooler

Components Could Allow Elevation of Privilege

(2839894)



could allow elevation of privilege when an

authenticated attacker deletes a printer connection.

An attacker must have valid logon credentials and be

able to log on to exploit this vulnerability.

Important

Elevation of privilege

May 2013


Rating and



Explorer (2829530)

This security update resolves eleven privately

Critical






Rating and











MS13-038 Security Update for Internet Explorer

(2847204)


vulnerability in Internet Explorer. The vulnerability

could allow remote code execution if a user views a

specially crafted webpage using Internet Explorer. An






Critical


MS13-039 Vulnerability in HTTP.sys Could Allow Denial of

Service (2829254)




specially crafted HTTP packet to an affected Windows

server or client.

Important

Denial of Service


Spoofing (2836440)


vulnerability and one publicly disclosed vulnerability in

the .NET Framework. The more severe of the

vulnerabilities could allow spoofing if a .NET

application receives a specially crafted XML file. An

Important

Spoofing





Rating and


attacker who successfully exploited the vulnerabilities

could modify the contents of an XML file without

invalidating the file's signature and could gain access

to endpoint functions as if they were an authenticated

user.

MS13-046 Vulnerabilities in Kernel-Mode Drivers Could

Allow Elevation Of Privilege (2840221)

This security update resolves three privately reported

vulnerabilities in Microsoft Windows. The

vulnerabilities could allow elevation of privilege if an

attacker logs on to the system and runs a specially




Important


April 2013


Rating and



Explorer (2817183)


vulnerabilities in Internet Explorer. These



Explorer. An attacker who successfully exploited these

vulnerabilities could gain the same user rights as the




user rights.

Critical


MS13-029 Vulnerability in Remote Desktop Client Could Critical





Rating and




vulnerability in Windows Remote Desktop Client. The

vulnerability could allow remote code execution if a

user views a specially crafted webpage. An attacker

who successfully exploited the vulnerability could gain

the same user rights as the current user. Users whose





MS13-031 Vulnerabilities in Windows Kernel Could Allow









Important


MS13-032 Vulnerability in Active Directory Could Lead to



vulnerability in Active Directory. The vulnerability


specially crafted query to the Lightweight Directory

Access Protocol (LDAP) service.

Important

Denial of Service

MS13-033 Vulnerability in Windows Client/Server Run-

time Subsystem (CSRSS) Could Allow Elevation

of Privilege (2820917)


vulnerability in all supported editions of Windows XP,

Windows Vista, Windows Server 2003, and Windows

Server 2008. The vulnerability could allow elevation of

Important






Rating and


privilege if an attacker logs on to a system and runs a

specially crafted application. An attacker must have

valid logon credentials and be able to log on locally to

exploit this vulnerability.

MS13-036 Vulnerabilities in Kernel-Mode Driver Could



vulnerabilities and one publicly disclosed vulnerability

in Microsoft Windows. The most severe of these




credentials and be able to log on locally to exploit the

most severe vulnerabilities.

Important


March 2013

Bulletin ID Bulletin Title and Executive Summary

Maximum Severity

Rating and


MS13-021

Cumulative Security Update for Internet

Explorer (2809289)

This security update resolves eight privately reported

vulnerabilities and one publicly disclosed vulnerability

in Internet Explorer. The most severe vulnerabilities



attacker who successfully exploited these





user rights.

Critical


MS13-027

Vulnerabilities in Kernel-Mode Drivers Could



vulnerabilities in Microsoft Windows. These


Important






Maximum Severity

Rating and


attacker gains access to a system.

February 2013


Maximum Severity

Rating and


MS13-009


Explorer (2792100)

This security update resolves thirteen privately





exploited these vulnerabilities could gain the same

user rights as the current user. Users whose accounts

are configured to have fewer user rights on the

system could be less impacted than users who operate

with administrative user rights.

Critical


MS13-010

Vulnerability in Vector Markup Language Could



vulnerability in the Microsoft implementation of Vector

Markup Language (VML). The vulnerability could allow

remote code execution if a user viewed a specially

crafted webpage using Internet Explorer. Users whose




Critical


MS13-011

Vulnerability in Media Decompression Could





specially crafted media file (such as an .mpg file),

opens a Microsoft Office document (such as a .ppt file)

that contains a specially crafted embedded media file,

or receives specially crafted streaming content. An



Critical






Maximum Severity

Rating and





MS13-020

Vulnerability in OLE Automation Could Allow



vulnerability in Microsoft Windows Object Linking and

Embedding (OLE) Automation. The vulnerability could

allow remote code execution if a user opens a

specially crafted file. An attacker who successfully

exploited the vulnerability could gain the same user

rights as the current user. Users whose accounts are




Critical


MS13-014

Vulnerability in NFS Server Could Allow Denial of

Service (2790978)



could allow denial of service if an attacker attempts a

file operation on a read only share. An attacker who

exploited this vulnerability could cause the affected

system to stop responding and restart. The

vulnerability only affects Windows servers with the

NFS role enabled.

Important

Denial of Service

MS13-015

Vulnerability in .NET Framework Could Allow



vulnerability in the .NET Framework. The vulnerability

could allow elevation of privilege if a user views a

specially crafted webpage using a web browser that

can run XAML Browser Applications (XBAPs). The

vulnerability could also be used by Windows .NET

applications to bypass Code Access Security (CAS)

restrictions. An attacker who successfully exploited

the vulnerability could gain the same user rights as

the current user. Users whose accounts are configured

to have fewer user rights on the system could be less


user rights.

Important






Maximum Severity

Rating and


MS13-016

Vulnerabilities in Windows Kernel-Mode

Driver Could Allow Elevation of Privilege

(2778344)

This security update resolves 30 privately reported





credentials and be able to log on locally to exploit the

vulnerabilities.

Important


MS13-017

Vulnerabilities in Windows Kernel Could Allow



vulnerabilities in all supported releases of Microsoft

Windows. The vulnerabilities could allow elevation of

privilege if an attacker logs on to the system and runs

a specially crafted application. An attacker must have

valid logon credentials and be able to log on locally to

exploit the vulnerabilities.

Important


MS13-018

Vulnerability in TCP/IP Could Allow Denial of

Service (2790655)



could allow denial of service if an unauthenticated

attacker sends a specially crafted connection

termination packet to the server.

Important

Denial of Service

MS13-019

Vulnerability in Windows Client/Server Run-time

Subsystem (CSRSS) Could Allow Elevation of

Privilege (2790113)

This security update resolves a publicly disclosed


could allow elevation of privilege if an attacker logs on

to a system and runs a specially crafted application.

An attacker must have valid logon credentials and be

able to log on locally to exploit this vulnerability.

Important





January 2013


Maximum Severity Rating and


MS13-008

Security Update for Internet Explorer

(2799329)


vulnerability in Internet Explorer. The vulnerability








Critical


MS13-001

Vulnerability in Windows Print Spooler

Components Could Allow Remote Code

Execution (2769369)



could allow remote code execution if a print server

received a specially crafted print job. Firewall best

practices and standard default firewall configurations

can help protect networks from attacks that originate

outside the enterprise perimeter. Best practices

recommend that systems connected directly to the

Internet have a minimal number of ports exposed.

Critical


MS13-002

Vulnerabilities in Microsoft XML Core Services



vulnerabilities in Microsoft XML Core Services. The



Explorer. An attacker would have no way to force

users to visit such a website. Instead, an attacker

would have to convince users to visit the website,

typically by getting them to click a link in an email

message or Instant Messenger message that takes the

user to the attacker's website.

Critical



Elevation of Privilege(2769324)

Important








This security update resolves four privately reported

vulnerabilities in the .NET Framework. The most

severe of these vulnerabilities could allow elevation of

privilege if a user views a specially crafted webpage

using a web browser that can run XAML Browser

Applications (XBAPs). The vulnerabilities could also be

used by Windows .NET applications to bypass Code

Access Security (CAS) restrictions. An attacker who

successfully exploited these vulnerabilities could gain

the same user rights as the logged-on user. Users

whose accounts are configured to have fewer user

rights on the system could be less impacted than


MS13-005

Vulnerability in Windows Kernel-Mode Driver

Could Allow Elevation of Privilege (2778930)



could allow elevation of privilege if an attacker runs a

specially crafted application.

Important


MS13-006

Vulnerability in Microsoft Windows Could Allow

Security Feature Bypass (2785220)


vulnerability in the implementation of SSL and TLS in

Microsoft Windows. The vulnerability could allow

security feature bypass if an attacker intercepts

encrypted web traffic handshakes.

Important


MS13-007

Vulnerability in Open Data Protocol Could Allow

Denial of Service(2769327)


vulnerability in the Open Data (OData) protocol. The

vulnerability could allow denial of service if an

unauthenticated attacker sends specially crafted HTTP

requests to an affected site. Firewall best practices

and standard default firewall configurations can help

protect networks from attacks that originate outside

the enterprise perimeter. Best practices recommend

that systems that are connected to the Internet have

a minimal number of ports exposed.

Important

Denial of Service




December 2012


Maximum Severity

Rating and Vulnerability Impact

MS12-077


Explorer (2761465)





Explorer. An attacker who successfully exploited these





user rights.

Critical


MS12-078

Vulnerabilities in Windows Kernel-Mode Drivers

Could Allow Remote Code Execution

(2783534)


vulnerability and one privately reported vulnerability

in Microsoft Windows. The more severe of these


user opens a specially crafted document or visits a

malicious webpage that embeds TrueType or

OpenType font files. An attacker would have to

convince users to visit the website, typically by getting

them to click a link in an email message that takes

them to the attacker's website.

Critical


MS12-081

Vulnerability in Windows File Handling

Component Could Allow Remote Code Execution

(2758857)



could allow remote code execution if a user browses

to a folder that contains a file or subfolder with a

specially crafted name. An attacker who successfully

exploited this vulnerability could gain the same user

rights as the current user. Users whose accounts are




Critical








MS12-082

Vulnerability in DirectPlay Could Allow Remote

Code Execution (2770660)



could allow remote code execution if an attacker

convinces a user to view a specially crafted Office

document with embedded content. An attacker who

successfully exploits this vulnerability could gain the

same user rights as the current user. Users whose




Important


MS12-083

Vulnerability in IP-HTTPS Component Could

Allow Security Feature Bypass (2765809)



could allow security feature bypass if an attacker

presents a revoked certificate to an IP-HTTPS server

commonly used in Microsoft DirectAccess

deployments. To exploit the vulnerability, an attacker

must use a certificate issued from the domain for IP-

HTTPS server authentication. Logging on to a system

inside the organization would still require system or

domain credentials.

Important


November 2012




MS12-071


Explorer (2761451)


vulnerabilities in Internet Explorer. The vulnerabilities



attacker who successfully exploited these





Critical








user rights.

MS12-072

Vulnerabilities in Windows Shell Could Allow





user browses to a specially crafted briefcase in

Windows Explorer. An attacker who successfully

exploited this vulnerability could run arbitrary code as

the current user. If the current user is logged on with

administrative user rights, an attacker could take

complete control of the affected system. An attacker

could then install programs; view, change, or delete

data; or create new accounts with full user rights.




Critical


MS12-074

Vulnerabilities in .NET Framework Could Allow



vulnerabilities in the .NET Framework. The most

severe of these vulnerabilities could allow remote code

execution if an attacker convinces the user of a target

system to use a malicious proxy auto configuration file

and then injects code into the currently running

application.

Critical


MS12-075

Vulnerabilities in Windows Kernel-Mode Drivers



vulnerabilities in Microsoft Windows. The most severe

of these vulnerabilities could allow remote code

execution if a user opens a specially crafted document

or visits a malicious webpage that embeds TrueType

font files. An attacker would have to convince users to

visit the website, typically by getting them to click a

link in an email message that takes them to the

attacker's website.

Critical


MS12-073 Vulnerabilities in Microsoft Internet Information

Services (IIS) Could Allow Information Moderate







Disclosure (2733829)


vulnerability and one privately reported vulnerability

in Microsoft Internet Information Services (IIS). The

more severe vulnerability could allow information

disclosure if an attacker sends specially crafted FTP

commands to the server.


October 2012



MS12-068 Vulnerability in Windows Kernel Could Allow



vulnerability in all supported releases of Microsoft

Windows except Windows 8 and Windows Server

2012. This security update is rated Important for all

supported editions of Windows XP, Windows Server

2003, Windows Vista, Windows Server 2008, Windows

7, and Windows Server 2008 R2.

The vulnerability could allow elevation of privilege if

an attacker logs on to the system and runs a specially



vulnerability.

Important


MS12-069 Vulnerability in Kerberos Could Allow Denial of

Service (2743555)



could allow denial of service if a remote attacker

sends a specially crafted session request to the

Kerberos server. Firewall best practices and standard

default firewall configurations can help protect

networks from attacks that originate outside the

Important

Denial of Service






enterprise perimeter. Best practices recommend that

systems that are connected to the Internet have a

minimal number of ports exposed.

MS12-070 Vulnerability in SQL Server Could Allow



vulnerability in Microsoft SQL Server on systems

running SQL Server Reporting Services (SSRS). The

vulnerability is a cross-site-scripting (XSS)

vulnerability that could allow elevation of privilege,

enabling an attacker to execute arbitrary commands

on the SSRS site in the context of the targeted user.

An attacker could exploit this vulnerability by sending

a specially crafted link to the user and convincing the

user to click the link. An attacker could also host a

website that contains a webpage designed to exploit

the vulnerability. In addition, compromised websites

and websites that accept or host user-provided

content or advertisements could contain specially

crafted content that could exploit this vulnerability.

Important


September 2012



MS12-061 Vulnerability in Visual Studio Team Foundation

Server Could Allow Elevation of Privilege

(2719584)


vulnerability in Visual Studio Team Foundation Server.

The vulnerability could allow eleva

Verint Witness Impact 360 Third Party Certification Report

Documents

Transcript of Verint Witness Impact 360 Third Party Certification Report