1 / 15

Patch Tuesday Updates: KB Articles, Internet Explorer, Microsoft Edge, Windows, Office, ASP.NET, Chakra Core, and more

Stay up to date with the latest Patch Tuesday updates from Microsoft including KB articles, Internet Explorer, Microsoft Edge, Windows, Office, ASP.NET, Chakra Core, and more.

lstevenson
Download Presentation

Patch Tuesday Updates: KB Articles, Internet Explorer, Microsoft Edge, Windows, Office, ASP.NET, Chakra Core, and more

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Patch Tuesday • Nov – 55 KB Articles with 195 unique downloads • Internet Explorer • Microsoft Edge • Microsoft Windows • Microsoft Office and Microsoft Office Services and Web Apps • ASP.NET Core and .NET Core • Chakra Core

  2. Patch Tuesday • Dec – 24 KB Articles with 156 unique downloads • Internet Explorer • Microsoft Edge • Microsoft Windows • Microsoft Office and Microsoft Office Services and Web Apps • Microsoft Exchange Server • ChakraCore • Microsoft Malware Protection Engine

  3. Holes / Patches • VMWare • VMSA-2017-0018.1 ( 6 CVE ) • Workstation, Fusion, Horizon View (multi) • VMSA-2017-0019 ( 1 CVE ) • NSX for vSphere (xss) • Apple • iOS 11.1.2 / 11.2 • Security Update 2017-001 • tvOS11.2 • watchOS 4.2 • Safari 11.0.2 • macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan • iTunes 12.7.2 for Windows • AirPort Base Station 7.69 / 7.7.9 • Mac passwordless root account ships enabled • Oracle • Out-Of-Band Tuxedo patch • Regular Patches due out 16 Jan • Adobe • APSB17-42 Flash Player ( 1 CVE)

  4. Holes / Patches • MS guidance on DDE disablement • Linux 4.14 kernel • Cisco Voice issues • Eavesdropper / Twilio REST API / SDK • More chip fixes • ME 11.x, SPS 4.0, and TXE 3.0

  5. Hacking • Intel's CPU management controller has been hacked. • Any computer can be owned from USB invisible to the OS • malware leveraging Autoit (again) • phone charging with ambient light • FaceID busted • OnePlus root • disable Amazon Key cam • pfSense command injection • ASLR broken? • HP printers • Echo / Home voice data? • saml ticket? • key logger on HP laptops • all the hacked passwords

  6. forever 21 popped • imgur popped • NCF S3 Bucket • paypal tio breach • uber hides hack for 1yr+ • Google android location data • Site trackers • FB Messenger Kids • pepsico + russia = better milk • MS IOT Chip • apple acquires shazam Corp

  7. FCC net neutrality • Bots breaks FCC and Net Neutrality comments • TSA to use fingerprint for id verification, wants facial biometrics • 9th Circuit removed anonymity ‘US vs Glassdoor’ • 6th Circuit, upheld anonymity ‘Signatuire Management Team LLC vs John Doe’ • Patent vs GDPR • new robocaller rules • oops contractor botches aws account • another mil S3 bucket, this one not so benign • ICQ self dox / Ar3s = Sergey Jaretz Govt

  8. Google password report https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/46437.pdf FB Privacy Settings https://www.wired.com/story/how-to-lock-down-facebook-privacy-settings/ EFF SEC (security education companion) https://sec.eff.org/ powershell for audit, alerting, remediation https://www.sans.org/reading-room/whitepapers/assurance/supplementing-windows-audit-alerting-remediation-powershell-38140 Data mining in the dark https://www.sans.org/reading-room/whitepapers/threatintelligence/data-mining-dark-darknet-intelligence-automation-38175 Mr. HITB goes to washington https://www.troyhunt.com/im-testifying-in-front-of-congress-in-washington-dc-about-data-breaches-what-should-i-say/ harvard campaign security playbook https://www.belfercenter.org/sites/default/files/files/publication/Playbook%201.3.pdf Papers

  9. WebBrowser Security? http://resources.infosecinstitute.com/best-practices-web-browser-security/ malware email address analysis https://www.scmagazine.com/an-analysis-of-3000-malware-email-addresses/article/710024/ smartphone sec 101 https://www.wired.com/story/smartphone-security-101/ bug sweeping https://www.wired.com/story/how-to-sweep-for-bugs/ Papers

  10. WikiLeaks WTF

  11. SNIFFlab Python for MITM environment RDPY Python for RDP hacking txt.fyi Blog plugin to break links Depth1 - ctf walkthrough tenta - https://tenta.com/ DNS over TLS mailsploit Mail spoofing Cred0v3r Credential reuse tool blackhat arsenal Tools

  12. Future Cons Shmoo Con - 19-21 Jan DC CyberUSAConference 2018 - Jan 29-30 San Antonio InfoSec SouthWest - Apr 11-13 Austin

  13. DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) ?? Fort Worth Crypto Party ?? ( 2nd Tuesday ? / The Maker Spot, N. Richland Hills ) Hack Ft Worth @Hack_FtW ( 3rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Where

  14. All images scavenged without permission All images scavenged without permission

More Related