 | | | | | | | | | | | | Microsoft Security Newsletter | | |  |  |  |  |  | | To receive our next issues of Security Focus, |  | |  |  | | |  |  |  |  | | | |  | | | | | | | | |  | Challenges to a safer, more trusted Information and Communication Technology (ICT) remain prevalent. Data breaches, attack methods and cybercriminals are becoming more established and sophisticated. With more sensitive data moving online and into the cloud, attackers are and will continue to be attracted to these new, richer targets. The theme of this year's Microsoft Platform Security and Audit handbook is around ISO 27001. Security needs to be managed as an ongoing process. Audit is one powerful tool which can provide a comprehensive review of the implemented security controls and their impact on | | | an integrated view of the business and IT in the organization. This handbook addresses the technical layer - the controls to be applied to specific technology platforms, by providing best practices and prescriptive guidance to ensure security when deployed. Customers should know about this handbook because it will help them address issues that impact the productivity and agility of their business, help save costs, improve security and strengthen the systems, provide scalability and extensibility - basically, in one phrase, ensure continuity of service. |  | | We have seen that there is a gap in the implementation of control effectiveness in terms of the controls adopted and the built in controls available in the platform products. This gap continues to widen over a period of time as upgrades and new product versions are introduced thereby introducing vulnerabilities and threats. The Platform Security and Audit handbook is an attempt to help the auditor and security community with possible internal technical controls which may be implemented with the latest Microsoft technology platform deployment. This handbook has been a joint effort between Microsoft India and ISACA Mumbai Chapter, India which is affiliated to ISACA International. The target audience for the Platform Security and Audit Handbook is the audit community of organizations. | | | | These comprise of internal Information Systems audit teams, external independent Information Systems auditors, government auditors such as CAG and STQC (Standardization, Testing and Quality Certification, Information System Security teams in organizations, Information System Infrastructure teams in organizations, Information System audit teams in banks and other critical infrastructure sectors. | | Microsoft India invited the information security community in a 3 city event in affiliation with ISACA Mumbai, Kochi and Hyderabad to provide information and insight on the practical implementation of the ISO 27001 using Windows 7 and Windows Server 2008 R2. The key highlight of the event was the launch of Microsoft Platform Security and Audit Handbook 2010. | | Microsoft India held the 7th edition of the CSO Forum, exclusive offsite event for Chief Security Officers at Bangalore from 27th-28th May. The event focused on providing CSOs with the most comprehensive security and privacy knowledge thereby helping them to keep their organizations better informed so as to maximize security investments. The event was attended by 28 CSOs from IT, ITES, BFSI, Government and other verticals. The Key takeaways was that the CSOs need to focus on Zero Day Exploits, Cyber Espionage, Social Engineering, Malware, Security Development Lifecycle and Collaboration so as to raise the bar on Cyber Security and Security Innovation Sanjay Bahl is the Chief Security Officer for Microsoft Corporation (India) Pvt Ltd, and is a member of various security committees at national and International level.
| | | | | | |  | | | | | | | | | | | | | | |  | What is the purpose of this alert? | | | | As part of the monthly security bulletin release cycle, Microsoft provides advance notification to our customers concerning the number of new security updates being released, the products affected, the aggregate maximum severity, and information about detection tools relevant to the update. This is intended to help our customers plan for the deployment of these security updates more effectively. | | | | | | | | | On July 13, 2010, Microsoft has released four new security bulletins. Below is a summary. | | | | | | Bulletin ID | Maximum Severity Rating | Vulnerability Impact | Restart Requirement | Affected Software | Bulletin 1 | Critical
| Remote Code Execution | May require restart | Microsoft Windows XP and Windows Server 2003. | Bulletin 2 | Critical
| Remote Code Execution | Requires restart | Microsoft Windows 7 for x64-based systems and Windows Server 2008 R2 for x64-based systems. | Bulletin 3 | Critical
| Remote Code Execution | May require restart | Microsoft Office Access 2003 and Office Access 2007 | Bulletin 4 | Important
| Remote Code Execution | May require restart | Microsoft Office Outlook 2002, Office Outlook 2003, and Office Outlook 2007. | Note: The affected software listed in this table is an abstract. To see the complete list, please visit the Advance Notification web page at the link below and navigate to the Affected Software section of the page. | | | | | | | Although we do not anticipate any changes, the number of bulletins, products affected, restart information, and severities are subject to change until released. Advance Notification Webpage: The full version of the Microsoft Security Bulletin Advance Notification for this month can be found at http://www.microsoft.com/technet/security/bulletin/ms10-jul.mspx. Microsoft Windows Malicious Software Removal Tool: Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. Monthly Security Bulletin Webcast: To address customer questions on these bulletins, Microsoft hosted webcast on Wednesday, July 14, 2010. Details can be found at http://www.microsoft.com/technet/security/bulletin/summary.mspx | | | | | | | | |  | | | | | | | | What is the purpose of this alert? | | | | This alert is to notify you that Microsoft has released Security Advisory 2286198 - Vulnerability in Windows Shell Could Allow Remote Code Execution - on July 16, 2010. | | | | | | |  | Summary | | | Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as well as workarounds and mitigations for this issue. The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives. For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. | | | | | | | | | Mitigating Factors | | | | | • | An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights | | • | When AutoPlay is disabled, the user would manually have to launch Windows Explorer or a similar application and browse to the root folder of the removable disk | | • | Blocking outbound SMB connections on the perimeter firewall will reduce the risk of remote exploitation using file shares. | | | | | | | | | Affected Software | | | | The security advisory discusses the following software. | | | | | • | Windows XP Service Pack 3 | | • | Windows XP Professional x64 Edition Service Pack 2 | | • | Windows Server 2003 Service Pack 2 | | • | Windows Server 2003 x64 Edition Service Pack 2 | | • | Windows Server 2003 with SP2 for Itanium-based Systems | | • | Windows Vista Service Pack 1 and Windows Vista Service Pack 2 | | • | Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 | | • | Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 | | • | Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 | | • | Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems
Service Pack 2 | | • | Windows 7 for 32-bit Systems | | • | Windows 7 for x64-based Systems | | • | Windows Server 2008 R2 for x64-based Systems | | • | Windows Server 2008 R2 for Itanium-based Systems | | | | | | | | | Recommendations | | | | Review Microsoft Security Advisory 2286198 for an overview of the issue, details on affected components, mitigating factors, workarounds, suggested actions, frequently asked questions (FAQs), and links to additional resources. Customers who believe they are affected can contact Customer Service and Support (CSS) in North America for help with security update issues or viruses at no charge using the PC Safety line (866) PCSAFETY. International customers can contact Customer Service and Support by using any method found at http://www.microsoft.com/protect/worldwide/default.mspx. | | | | | | | | Additional Resources | | | | | | | | | | | | Regarding Information Consistency | | | | We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft's security content posted to the Web is occasionally updated to reflect late-breaking information.
If this results in an inconsistency between the information here and the information in Microsoft's web-based security content, the information in Microsoft's web-based security content is authoritative. | | | | | | | | Thank you,
Microsoft CSS Security Team | | | | | | | |
0 comments:
Post a Comment