Software Vulnerability Exploitation Trends. Exploring the impact of software mitigations on patterns of vulnerability exploitation

Size: px
Start display at page:

Download "Software Vulnerability Exploitation Trends. Exploring the impact of software mitigations on patterns of vulnerability exploitation"

Transcription

1 Software Vulnerability Exploitation Trends Exploring the impact of software mitigations on patterns of vulnerability exploitation

2 Software Vulnerability Exploitation Trends This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided as-is. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. Copyright 2013 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Authors Swamy Shivaganga Nagaraju Microsoft Security Response Center Cristian Craioveanu Microsoft Security Response Center Elia Florio Microsoft Security Response Center Matt Miller Microsoft Security Engineering Center 1 Vulnerability Exploitation Trends

3 Table of contents Foreword... 3 Introduction... 4 Exploitation trends... 5 Improvements in Windows Recommendations References Appendix: Data Sources and Glossary Vulnerability Exploitation Trends 2

4 Foreword Using security science to create more secure products and services The Microsoft Security Engineering Center carries out some of the software industry s most advanced security science research. Leveraging insights we glean from the Microsoft Security Response Center, the team examines new techniques that are used to attack Microsoft products and services and third-party applications running on Microsoft platforms. They use this understanding on how the attacks succeed to design countermeasures to defeat them. The output of this research feeds back into the Microsoft Security Development Lifecycle, a mandatory part of the development process that every Microsoft product or service must implement. The result is that each new version of an operating system, browser or application is harder to attack than previous versions, making it more difficult and costly for criminals to develop malicious attacks. The more expensive it is to develop an attack, the less likely it is that the attack will be created and used. This whitepaper examines the effectiveness of this approach. The paper analyzes software vulnerabilities addressed through Microsoft security updates that were exploited, and provides recommendations that can help to minimize risk of attack. Two findings are clear first, the innovations introduced by security science have forced attackers to change the attack methods they use, often requiring the development of more expensive multi-stage attacks. Second, new attacks continue to be developed for older, less secure versions of products and services. A special note to those still running Windows XP - the paper also examines the security features in Windows XP Service Pack 3 and compares them with the features in Windows 8, our most secure operating system to date. Only a quarter of Windows 8 protections are available in any form in Windows XP Service Pack 3. This means that the attack techniques that have been developed in the ensuing eight years can still be deployed against Windows XP, even though those techniques are mitigated by the updated security features in Windows 8. Running Windows XP on network-connected systems carries additional risk; the fact that Windows XP will no longer be supported at all after April 8, 2014 means that this risk will only increase over time. The Microsoft Security Engineering Center continues their work examining new attack techniques as they are developed, which will ensure the security of Microsoft products and services keeps pace with ever-improving attack techniques. Matt Thomlinson General Manager Microsoft Trustworthy Computing Security 3 Vulnerability Exploitation Trends

5 Introduction One of the security challenges that both individuals and organizations face is gauging the risks that are associated with vulnerabilities in the operating systems and applications that they use. Although such vulnerabilities always have some level of potential risk, this risk only becomes actualized when an attacker develops a functioning exploit. The existence of an exploit is what allows a malicious attacker to take advantage of a vulnerability and potentially compromise affected computers. From a risk management perspective, the likelihood of an exploit being developed can be an important factor in providing a more precise estimation of a vulnerability s actual risk. To this point, Microsoft security updates always include a description of a vulnerability s expected worst-case impact and, beginning in 2008, an Exploitability Index 1 (XI) rating that measures the likelihood of a vulnerability actually being exploited. This white paper explores the impact of improvements that Microsoft has made over time to address software vulnerabilities. This analysis is based on a survey of Microsoft vulnerabilities that have been addressed through security updates over the past seven years ( ) and are known to have been exploited. The survey focuses on assessing trends in the types of vulnerabilities that have been exploited, the product versions that have been targeted, and the exploitation techniques that have been used by attackers. It also highlights security improvements in Windows 8 that help mitigate techniques that are currently being used by attackers. The findings of this survey were used to create a set of recommendations on how to effectively minimize risk associated with software vulnerabilities. A key factor that influences the likelihood that a vulnerability will be exploited is how difficult and costly it will be for an attacker to develop a reliable exploit. Over the past decade, Microsoft has introduced numerous defense-in-depth security features into Windows and other products that have been specifically designed to increase the cost and complexity of developing exploits. These security features, which are detailed in the white paper Mitigating Software Vulnerabilities, 2 are particularly noteworthy because they offer protection even when the details of a vulnerability are not yet known to a vendor or a vulnerability has not yet been addressed through a security update. A KEY FACTOR THAT INFLUENCES THE LIKELIHOOD THAT A VULNERABILITY WILL BE EXPLOITED IS HOW DIFFICULT AND COSTLY IT WILL BE FOR AN ATTACKER TO DEVELOP A RELIABLE EXPLOIT Vulnerability Exploitation Trends 4

6 Exploitation trends This section explores historical exploitation trends for Microsoft vulnerabilities that have been addressed through security updates within the past seven years ( ). Evidence about which vulnerabilities have been exploited was gathered from public and private reports as well as Microsoft antimalware telemetry feeds. Although this data is believed to be thorough and complete, it is possible that vulnerabilities may have been exploited without being detected. However, the scale of any such exploitation is expected to have been small because no discernible evidence exists. Unless otherwise stated, this analysis focuses on remote code execution (RCE) vulnerabilities because these vulnerabilities are often the most severe. KEY FINDINGS The key findings that were made through this analysis of historical exploitation trends are: The number of RCE vulnerabilities that are known to be exploited per year appears to be decreasing. Vulnerabilities are most often exploited only after a security update is available, although recent years have shown an upward trend in the percentage of vulnerabilities that are exploited before a security update is available. Windows 7 and Internet Explorer 9 are being increasingly targeted by exploits. Stack corruption vulnerabilities were historically the most commonly exploited vulnerability class, but now they are rarely exploited. Use after free vulnerabilities are currently the most commonly exploited vulnerability class. Exploits increasingly rely on techniques that can be used to bypass the Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). 5 Vulnerability Exploitation Trends

7 Scale To help set the context for assessing exploitation trends, it is helpful to start by considering the scale at which vulnerabilities are actually known to have been exploited. The following figure represents the number of common vulnerabilities and exposures (CVEs) that were classified as RCE CVEs over the last seven years. This data shows that approximately 29% of the CVEs addressed during this period had evidence of being exploited, ranging from 18% in 2008 to 41% in The data also suggests that 2011 was a turning point in the upward trend of vulnerabilities being exploited and that 2012 showed a significant decline in the number of known exploits. As subsequent sections will show, this decline coincides with the increasing adoption of Windows 7, Office 2010, and Internet Explorer 9 all of which benefit from stronger defenses. 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Known exploit No known exploit Figure 1. CVEs that were exploited and resolved through security updates The general timeframe within which vulnerabilities are known to be exploited is also an important factor when managing risk. The following figure shows that, with the exception of 2006 and 2007, most RCE issues only had evidence of being exploited after a security update was available. This information emphasizes the point that staying current with security updates is an effective way to minimize risk. However, recent years have shown an upward trend in the percentage of vulnerabilities that are exploited before a security update is available. This increase means that it is also important to have mitigations in place that are able to complicate exploitation without requiring prior knowledge of a specific vulnerability. Vulnerability Exploitation Trends 6

8 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Exploited before update Exploited after update The Windows Vista lull Figure 2. Percentages of CVEs that were exploited before vs. after security updates were available In 2007 and 2008, there was an apparent lull in the number of CVEs that were known to have been exploited. This lull occurred despite the fact that the total number of RCE vulnerabilities that were addressed through security updates actually increased compared to One explanation for this lull is that the release of Windows Vista may have forced a period of attacker innovation, because Windows Vista included many security improvements that were designed to break exploitation techniques that attackers relied on at the time. Most notably, Windows Vista was the first version of Windows to support address space layout randomization (ASLR) as well as a significantly hardened heap implementation. Targets The product versions that are affected by a vulnerability are what define the set of at-risk targets that an attacker could attempt to exploit. In practice, exploits often target only a small subset of the affected product versions, for multiple reasons; one key factor is that the runtime environment of an application tends to be different between product versions. These differences can make it difficult to build an exploit that functions and is reliable against the complete set of potential targets. Accordingly, exploit writers typically target affected versions that are seen as high yield, such as those versions that are used by the largest portions of the population. Of the exploit data that was analyzed, only 34% of the CVEs had at least one exploit for which the intended targets were known. The following figure shows the versions of Windows that were targeted for this subset. Notably, a downward trend is evident over the last seven years in the number of exploits that targeted Windows 2000, which no longer appeared as a target in The number of exploits that targeted Windows XP and Windows Vista has also begun trending downward in the past three years, which corresponds to the increase in exploits that target Windows 7. 7 Vulnerability Exploitation Trends

9 CVEs CVEs Windows Windows XP Windows Vista Windows Figure 3. The number of CVEs for which exploits were written that targeted specific Windows versions For exploits that targeted vulnerabilities reachable through Internet Explorer, the following figure shows how Internet Explorer 6, 7, and 8 appear to be trending downward as targets whereas Internet Explorer 9 started being explicitly targeted in As a point of reference, the release dates for each version of Internet Explorer were as follows: Internet Explorer 6. August, 2001 Internet Explorer 7. October, 2006 Internet Explorer 8. March, Internet Explorer 9. March, Internet Explorer Internet Explorer Internet Explorer Internet Explorer Figure 4. The number of CVEs for which exploits were written that targeted specific Internet Explorer versions Vulnerability Exploitation Trends 8

10 Vulnerabilities The root cause of a vulnerability plays a key role in defining the set of exploitation techniques that an attacker can use when developing an exploit. As a result, the level of difficulty in developing an exploit is heavily dependent on the type of vulnerability that is being exploited. In terms of risk management, the root cause of a vulnerability can be an important factor in influencing the likelihood that an exploit will be developed. As the following two figures illustrate, there have been some noteworthy shifts in the classes of vulnerabilities that are known to have been exploited. The first clear shift can be seen through the decline in the percentage of exploits for stack corruption vulnerabilities, such as stack-based buffer overruns. (See the Glossary section at the end of this paper for a definition of stack corruption vulnerabilities.) This vulnerability class has historically been the most likely to be exploited, but since 2009 it has been steadily declining. Two factors that could be contributing to this decline are the increasing prevalence of exploit mitigations for stack corruption issues (such as /GS and SafeSEH) and the increasing effectiveness of static analysis tools designed to detect such vulnerabilities. A second shift can be seen in the increasing number of use after free vulnerabilities that have been exploited. This vulnerability class includes issues that arise because of incorrect management of object lifetimes (see the Glossary section at the end of this paper for a definition of use after free vulnerabilities.) One reason for this increase is that client-side vulnerabilities have become a prime focus for attackers and object lifetime issues are a common vulnerability class encountered in applications such as web browsers. 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Stack Corruption Heap Corruption Use After Free Type Confusion Command Execution Unsafe DLL Load Uninitialized Use Invalid Free Memory Read Other XSS Cryptography Unsafe Control Transfer Figure 5. The distribution of CVE vulnerability classes for CVEs that are known to have been exploited 9 Vulnerability Exploitation Trends

11 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Windows 2000 Windows XP Windows Vista Windows 7 Stack Corruption Use After Free Heap Corruption Command Execution Type Confusion XSS Unsafe DLL Load Uninitialized Use Invalid Free Other Unsafe Control Transfer Figure 6. The distribution of CVE vulnerability classes for which exploits were written that targeted specific versions of Windows over the past seven years Techniques Attackers have developed a variety of exploitation techniques over time that can potentially enable them to exploit vulnerabilities under differing circumstances. These techniques encompass the fundamental methods of leveraging a particular class of vulnerability as a means of running malicious code. In recent years, additional techniques have been identified for bypassing exploit mitigations such as DEP and ASLR under certain conditions. From a risk management perspective, the ability for an attacker to employ certain exploitation techniques can be another factor that influences the likelihood that an exploit will be developed for a vulnerability. Of the exploit data that was analyzed, approximately 28% of the CVEs had an exploit for which the exploitation techniques were readily identifiable. The different exploitation techniques that were used by these exploits is shown in the following figure. Vulnerability Exploitation Trends 10

12 CVEs Bypass ASLR (info disclosure) Bypass DEP (.NET control) Heap Spray Stack SEH Overwrite Bypass ASLR (non-aslr image) Bypass DEP (ROP) Stack Return Address Overwrite Figure 7. The number of CVEs that were exploited using specific exploitation techniques As this data suggests, the increasing prevalence of DEP and ASLR has forced attackers to identify techniques that can be used to exploit vulnerabilities even when these features are enabled. These techniques have led to an increasing number of exploits that attempt to bypass ASLR by relying on images that have not opted into ASLR or by leveraging a vulnerability to disclose information about the layout of an application s address space. Similarly, the use of return-oriented programming (ROP) has become common in exploits that seek to bypass DEP. The increasing use of ROP was a focal problem for the winning solutions that were submitted to the Microsoft BlueHat Prize competition in 2012 some of which were integrated into the Microsoft Enhanced Mitigation Experience Toolkit (EMET) 3.5 technical preview. The data in the preceding figure also shows that attackers leveraged.net user controls between 2008 and 2010 as a method of bypassing both DEP and ASLR in Internet Explorer, but this technique was mitigated with the release of Internet Explorer 8 in 2009 and therefore is no longer useful to attackers who try to exploit Internet Explorer 8 and more recent versions. The data on which classes of vulnerabilities have been exploited showed a clear downward trend in the number of stack corruption vulnerabilities that are being exploited. This trend is further reflected by the decrease in the number of exploits that rely on stack-based exploitation techniques such as return address and SEH overwrites. Would enabling certain mitigations have broken exploits seen in the past? Another way to view the techniques used by attackers is to identify exploits that would no longer function correctly if a mitigation were enabled. The chart in the following figure shows the number of CVEs that had exploits that would have been mitigated if DEP were enabled compared to the number of CVEs that had exploits that bypassed DEP. With the exception of the lull in 2007 and 2008, there appears to be a clear downward trend in DEP s ability to retroactively break exploits. This trend is not because DEP is no longer effective; rather, it is an indication that attackers have been forced to adapt to environments in which DEP is already enabled at increased cost and complexity. The evidence is the increasing number of CVEs that had exploits that bypassed DEP. 11 Vulnerability Exploitation Trends

13 CVEs Mitigated by DEP Bypassed DEP Figure 8. The number of CVEs for which exploits were written that could have been mitigated by enabling DEP as compared to the number of CVEs that had exploits that bypassed DEP Vulnerability Exploitation Trends 12

14 Improvements in Windows 8 Windows 8 contains numerous security improvements that are specifically designed to increase the cost and complexity of exploiting vulnerabilities. This section highlights some of the security improvements in Windows 8 by showing the impact they are designed to have on current trends in vulnerability exploitation. Enhanced /GS Stack corruption vulnerabilities are rarely exploited in Microsoft products today, thanks in part to the /GS stack buffer overrun protection and SafeSEH features of the Microsoft Visual C++ compiler. Despite this positive trend, there have still been cases during the past seven years in which stack corruption vulnerabilities were successfully exploited. In Visual C , the heuristics that /GS uses when deciding whether to enable protection for a function were extended to cover a broader set of cases. For example, the new heuristics now protect functions that have a plain old data structure (POD) of a certain size or that have a fixed-size local array of a non-pointer type. These enhanced heuristics provide protection for past vulnerabilities that were not previously protected by /GS. Because Windows 8 has been built with these enhancements to /GS, it will be even more difficult for attackers to develop an exploit for stack corruption vulnerabilities that may exist in Windows 8. Heap hardening Heap corruption vulnerabilities are one of the most commonly exploited vulnerability classes. In most cases, attackers attempt to exploit these vulnerabilities by corrupting the state of application data that is stored on an application s heap. For example, an attacker might use a heap buffer overrun to corrupt the virtual table of a C++ object that is later called through, which would allow them to take control of program execution. heap corruption vulnerabilities often require precise control of where objects are allocated on the heap with respect to one another. By randomizing the order in which objects are allocated, Windows 8 makes it more difficult for an attacker to reliably position objects within the heap. In addition, Windows 8 also inserts no-access guard pages between certain regions within the heap. These pages help to ensure that an application will terminate if an exploit causes a program to read or write to them. Both of these features are enabled by default in Windows 8, so all applications are able to benefit from them. VTGuard (Virtual Table Guard) Use after free vulnerabilities are currently the most exploited vulnerability class in Internet Explorer. To exploit these vulnerabilities, attackers generally rely on creating a fake instance of a C++ object that has a fake virtual function table whose content is controlled by the attacker. In this way, an attacker is able to force an application to execute attacker-specified code when a virtual method call is made. To help mitigate this, Internet Explorer 10 takes advantage of a compiler security feature known as VTGuard. This feature acts as a probabilistic mitigation for vulnerabilities that can be used to corrupt a C++ object s virtual table pointer. VTGuard works by adding a secret value as an element of the virtual table for a protected C++ class. The compiler also inserts logic prior to each virtual method call for the protected class. At runtime, this logic verifies that the virtual table for the current C++ object has the expected secret value. If the secret cannot be confirmed, the application is safely terminated. In Windows 8, new security features have been added to the heap that were specifically designed to make it more difficult to corrupt application data on the heap. Exploits that are written for 13 Vulnerability Exploitation Trends

15 Force ASLR The most common exploitation technique that is currently used to bypass ASLR involves taking advantage of a dynamic-link library (DLL) that has not actually opted into ASLR. By coercing an application into loading such a DLL, an attacker can cause known executable code to be placed at a known fixed location in the address space of an application. This placement can enable an attacker to make use of other techniques to bypass DEP. To prevent attackers from using this technique, Windows 8 introduced support for a feature known as Force ASLR. When Force ASLR is enabled for an application, all relocatable DLLs will be mapped at a randomly selected base address regardless of whether or not they have opted into ASLR. Because Internet Explorer and Office were often targeted by exploits that relied on non-aslr DLLs, Internet Explorer 10 and Office 2013 have both enabled Force ASLR as well. For versions of Windows prior to Windows 8, the Microsoft Enhanced Mitigation Experience Toolkit (EMET) can be used to enable Force ASLR. High Entropy ASLR Heap spraying has consistently been one of the most popular techniques used by exploits over the past seven years. Exploit writers generally use heap spraying to place attacker-controlled code or data at a desired location in memory. This placement is typically accomplished by coercing an application into allocating large quantities of data and thereby filling a large portion of the address space. In Windows 8, 64-bit applications that enable support for High Entropy ASLR are generically protected against traditional heapspraying techniques because High Entropy ASLR uses 24 bits of entropy when selecting the base address for heap regions. Approximately 1 terabyte of variance is available for allocation of heap regions, which means that an attacker would need to allocate more memory than a commodity PC typically has to reliably control the content of memory at a known address. Like the Force ASLR feature, the 64-bit versions of Internet Explorer 10 and Office 2013 have both enabled High Entropy ASLR. Vulnerability Exploitation Trends 14

16 Comparing Windows XP to Windows 8 The threat landscape has changed dramatically since Windows XP was first released 12 years ago. In the years that followed Windows XP s initial release, multiple internet worms were created that exploited vulnerabilities in remote services provided by Windows (Code Red, Blaster, Sasser). Microsoft responded to these attacks by releasing Windows XP Service Pack 2 in August 2004 which enabled the Windows firewall by default and also introduced support for Data Execution Prevention (DEP). These platform security features played a key role in helping to address the major threats at that time. Windows XP Service Pack 3 was released in April This is the final Service Pack for Windows XP, and will not be supported after April 8 th After that date there will be no more security updates released for any version of Windows XP. As of 2013, the predominate threats that individuals and organizations face are now much different. Rather than actively targeting remote services, attackers primarily focus on exploiting vulnerabilities in client applications such as web browsers and document readers. In addition, attackers have refined their tools and techniques over the past decade to make them more effective at exploiting vulnerabilities. As a result, the security features that are built into Windows XP are no longer sufficient to defend against modern threats. To illustrate this point, the table below compares the mitigation features supported by Internet Explorer 8 on Windows XP Service Pack 3 with the features supported by Internet Explorer 10 on Windows 8. As this table shows, Internet Explorer 10 on Windows 8 benefits from an extensive number of platform security improvements that simply are not available to Internet Explorer 8 on Windows XP. Windows XP SP3 Internet Explorer 8 Windows 8 Internet Explorer 10 SEHOP No Yes Protected Mode No Yes Enhanced Protected Mode (EPM) No Yes Virtual Table Guard No Yes ASLR Limited Extensive Stack randomization No Yes Heap randomization No Yes Image randomization No Yes Force image randomization No Yes Bottom-up randomization No Yes Top-down randomization No Yes High entropy randomization No Yes PEB/TEB randomization Yes Yes Heap hardening Limited Extensive Header encoding No Yes Terminate on corruption No Yes Guard pages No Yes Allocation randomization No Yes Safe unlinking Yes Yes Header checksums Yes Yes /GS Yes Yes Enhanced /GS No Yes SafeSEH Yes Yes 15 Vulnerability Exploitation Trends

17 Malware infection rates on different operating system versions The security features that are available with different versions of the Windows operating system and the differences in the way people and organizations use each version affect the malicious software infection rates for the different versions and service packs. The Microsoft Security Intelligence Report (SIR) shows the normalized malicious software infection rates for several different versions of Windows. This infection rate data is gathered from the Malicious Software Removal Tool (MSRT) which executes on more than 600 million Windows systems around the world each month. The data gathered is normalized to allow comparison between the various different operating system versions and service packs, and displayed as a metric called CCM (Computers Cleaned per Mille) which represents the number of computers cleaned for every 1,000 executions of the MSRT. The data in the latest version of the SIR shows a dramatic difference in malicious software infection rates between Windows XP Service Pack 3 and later versions of Windows, especially Windows Too little data 32-bit 64-bit 32-bit 64-bit 32-bit 64-bit 32-bit 64-bit 32-bit 64-bit 32-bit 64-bit 32-bit 64-bit Windows XP SP3 Windows Vista SP Too little data Windows 7 RTM Windows 7 SP1 Windows 8 RTM Windows Server 2003 SP2 Too little data Windows Server 2008 R2 SP1 Figure 9. Infection rate (CCM) by operating system and service pack in the fourth quarter of 2012 Vulnerability Exploitation Trends 16

18 Recommendations The likelihood that a vulnerability will be successfully exploited depends on many factors, including the type of vulnerability being exploited, the product versions being targeted, an attacker s ability to make use of the necessary exploitation techniques, and the amount of time required to build a reliable exploit. The following recommendations show how these factors can be influenced to help reduce the likelihood of exploitation and thereby minimize risk. Stay current on security updates Most vulnerabilities only showed signs of being exploited after a security update had been made available. Installing security updates as soon as they are available can help minimize risk. Use the newest application versions Windows 8, Internet Explorer 10, and Office 2013 all take advantage of improved security features that more effectively mitigate techniques that are currently being used to exploit vulnerabilities. Use the Enhanced Mitigation Experience Toolkit (EMET) EMET can be used to protect applications that run on all supported versions of Windows. The features included in EMET are specifically designed to break exploitation techniques that are currently used by attackers. 17 Vulnerability Exploitation Trends

19 References Microsoft Exploitability Index Mitigating Software Vulnerabilities The Enhanced Mitigation Experience Toolkit Vulnerability Exploitation Trends 18

20 Appendix: Data Sources and Glossary Data sources This survey used the following data sources: Publicly available, commercially available, and privately reported exploits, including proofs of concept, exploit descriptions, and complete exploit modules. Antimalware telemetry for exploits observed in the wild. The data sources surveyed did not universally provide information about targeted product versions or techniques used by exploits. As such, this portion of the analysis is limited to exploits in which this information was readily available. The antimalware telemetry data that was used in this survey is signature-based and therefore does not constitute proof that a given vulnerability was actually being exploited. Despite this fact, the inclusion of this data provides a more accurate upper bound on which vulnerabilities were actually exploited. Glossary ASLR. An acronym for address space layout randomization, a platform security feature that randomizes the location of code and data in the address space of a process. The first version of Microsoft Windows to support ASLR was Windows Vista in DEP. An acronym for Data Execution Prevention, a platform security feature that prevents data from being executed as code. Exploit. Malicious code that attempts to take advantage of a vulnerability in computer applications or operating systems. Exploitability Index. An index of information created by Microsoft that provides information about the potential exploitability of software vulnerabilities that have been rated as Important or Critical. Microsoft publishes this information for customers who wish to use it for risk analysis purposes. RCE exploit. RCE is an acronym for remote code execution. An RCE exploit is one that enables an attacker to execute arbitrary code of their choosing remotely, without having physical access to the targeted computer. Stack corruption vulnerabilities. Exploitable vulnerabilities that allow the general purpose data structure known as the stack to be corrupted. The stack is that portion of computer memory that is used for storing local variables, function parameters, and other saved register values. Uninitialized memory use vulnerabilities. Exploitable vulnerabilities that occur when a program accesses memory that has not been properly initialized. If exploited, these vulnerabilities could allow remote code execution (RCE). Use after free vulnerabilities. Exploitable vulnerabilities that occur when an object is accessed after it has been freed. Attackers might use such vulnerabilities to cause programs to use their own values, crash programs, or achieve remote code execution (RCE). Vulnerability. A weakness in a product that could allow an attacker to compromise the integrity, availability, or confidentiality of that product. 19 Vulnerability Exploitation Trends

Turn the Page: Why now is the time to migrate off Windows Server 2003

Turn the Page: Why now is the time to migrate off Windows Server 2003 Turn the Page: Why now is the time to migrate off Windows Server 2003 HP Security Research Contents Introduction... 1 What does End of Support mean?... 1 What End of Support doesn t mean... 1 Why you need

More information

Bypassing Memory Protections: The Future of Exploitation

Bypassing Memory Protections: The Future of Exploitation Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Research into reliable exploitation techniques: Heap Feng Shui in JavaScript

More information

Microsoft Security Intelligence Report volume 7 (January through June 2009)

Microsoft Security Intelligence Report volume 7 (January through June 2009) Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and

More information

Why should I care about PDF application security?

Why should I care about PDF application security? Why should I care about PDF application security? What you need to know to minimize your risk Table of contents 1: Program crashes present an opportunity for attack 2: Look for software that fully uses

More information

Bromium Labs Research Brief. Endpoint Exploitation Trends H1 2014

Bromium Labs Research Brief. Endpoint Exploitation Trends H1 2014 Bromium Labs Research Brief Endpoint Exploitation Trends H1 2014 1 Table of Contents Executive Brief... 3 and exploit trends H1, 2014... 3 Zero day trends... 3 Internet Explorer release to patch timeline...

More information

Microsoft Update Management. Sam Youness Microsoft

Microsoft Update Management. Sam Youness Microsoft Microsoft Update Management Sam Youness Microsoft Microsoft s Areas of Focus for ICS Risk Management Secure Development Device and Network Security Identity and Access Management Operational Response Get

More information

Bypassing Browser Memory Protections in Windows Vista

Bypassing Browser Memory Protections in Windows Vista Bypassing Browser Memory Protections in Windows Vista Mark Dowd & Alexander Sotirov markdowd@au1.ibm.com alex@sotirov.net Setting back browser security by 10 years Part I: Introduction Thesis Introduction

More information

Microsoft Security Intelligence Report

Microsoft Security Intelligence Report Microsoft Security Intelligence Report Volume 16 July through December, 2013 Key Findings Summary This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY,

More information

Advanced Endpoint Protection Overview

Advanced Endpoint Protection Overview Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking

More information

Background. How much does EMET cost? What is the license fee? EMET is freely available from Microsoft without material cost.

Background. How much does EMET cost? What is the license fee? EMET is freely available from Microsoft without material cost. Microsoft s Enhanced Mitigation Experience Toolkit (EMET) is an enhancement to the Windows operating system that stops broad classes of malware from executing. EMET implements a set of anti-exploitation

More information

Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT

Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT TESTED PRODUCTS: AVG Internet Security Network Edition v8.0 Kaspersky Total Space Security v6.0 McAfee Total Protection for Endpoint Sophos

More information

Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You

Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats Windows XP Support Has Ended Why It Concerns You Protect Detect Respond 1 02 Windows XP support has ended Windows XP support

More information

Software Vulnerability Assessment

Software Vulnerability Assessment Software Vulnerability Assessment Setup Guide Contents: About Software Vulnerability Assessment Setting Up and Running a Vulnerability Scan Manage Ongoing Vulnerability Scans Perform Regularly Scheduled

More information

Tracking Anti-Malware Protection 2015

Tracking Anti-Malware Protection 2015 Tracking Anti-Malware Protection 2015 A TIME-TO-PROTECT ANTI-MALWARE COMPARISON TEST Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This report aims to measure

More information

Ivan Medvedev Principal Security Development Lead Microsoft Corporation

Ivan Medvedev Principal Security Development Lead Microsoft Corporation Ivan Medvedev Principal Security Development Lead Microsoft Corporation Session Objectives and Takeaways Session Objective(s): Give an overview of the Security Development Lifecycle Discuss the externally

More information

Maximizing customer protections

Maximizing customer protections Maximizing customer protections 8 7 Vista XP XP end of support 8 XP 7 Vista XP What is the risk of continuing to run XP? Attackers will have the advantage over defenders After support ends, when Microsoft

More information

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

THREAT VISIBILITY & VULNERABILITY ASSESSMENT THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings

More information

90% of data breaches are caused by software vulnerabilities.

90% of data breaches are caused by software vulnerabilities. 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with

More information

Microsoft Security Bulletin MS09-053 - Important

Microsoft Security Bulletin MS09-053 - Important Microsoft Security Bulletin MS09-053 - : Vulnerabilities in FTP Service for...page 1 of 28 TechNet Home > TechNet Security > Bulletins Microsoft Security Bulletin MS09-053 - Vulnerabilities in FTP Service

More information

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security 2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.

More information

Microsoft Security Bulletin MS09-064 - Critical

Microsoft Security Bulletin MS09-064 - Critical Microsoft Security Bulletin MS09-064 - Critical: Vulnerability in License Logging Se... Page 1 of 11 TechNet Home > TechNet Security > Bulletins Microsoft Security Bulletin MS09-064 - Critical Vulnerability

More information

Enterprise Anti-Virus Protection

Enterprise Anti-Virus Protection Enterprise Anti-Virus Protection JAN - MAR 2015 Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This report aims to compare the effectiveness of anti-malware products

More information

EMET 4.0 PKI MITIGATION. Neil Sikka DefCon 21

EMET 4.0 PKI MITIGATION. Neil Sikka DefCon 21 EMET 4.0 PKI MITIGATION Neil Sikka DefCon 21 ABOUT ME Security Engineer on MSRC (Microsoft Security Response Center) I look at 0Days EMET Developer I enjoy doing security research on my free time too:

More information

Anti-exploit tools: The next wave of enterprise security

Anti-exploit tools: The next wave of enterprise security Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of

More information

The SDL Progress Report. Progress reducing software vulnerabilities and developing threat mitigations at Microsoft

The SDL Progress Report. Progress reducing software vulnerabilities and developing threat mitigations at Microsoft The SDL Progress Report Progress reducing software vulnerabilities and developing threat mitigations at Microsoft 2004-2010 The SDL Progress Report This document is for informational purposes only. MICROSOFT

More information

Jordan University of Science and Technology

Jordan University of Science and Technology Jordan University of Science and Technology Department of Computer Engineering Cryptography and Networks Security Investigation Done By Omar Ibrahim Mohammad Bataineh 20010171035 Aysar Mohammad Rashed

More information

AppSecUSA New York City 2013

AppSecUSA New York City 2013 AppSecUSA New York City 2013 ME? Simón Roses Femerling Founder & CEO, VULNEX www.vulnex.com Blog: www.simonroses.com Twitter: @simonroses Former Microsoft, PwC, @Stake DARPA Cyber Fast Track award on software

More information

Windows Updates vs. Web Threats

Windows Updates vs. Web Threats Windows Updates vs. Web Threats HOW WELL DO WINDOWS UPDATES PROTECT AGAINST MALWARE? Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This test explores how much

More information

DATA CENTER IPS COMPARATIVE ANALYSIS

DATA CENTER IPS COMPARATIVE ANALYSIS DATA CENTER IPS COMPARATIVE ANALYSIS Security 2014 Thomas Skybakmoen, Jason Pappalexis Tested Products Fortinet FortiGate 5140B, Juniper SRX 5800, McAfee NS- 9300, Sourcefire 8290-2 Data Center Overview

More information

ASL IT SECURITY XTREME XPLOIT DEVELOPMENT

ASL IT SECURITY XTREME XPLOIT DEVELOPMENT ASL IT SECURITY XTREME XPLOIT DEVELOPMENT V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: The most dangerous threat is the one which do not have a CVE. Until now developing reliable exploits

More information

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security

More information

Types of cyber-attacks. And how to prevent them

Types of cyber-attacks. And how to prevent them Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual

More information

MWR InfoSecurity Advisory. Interwoven Worksite ActiveX Control Remote Code Execution. 10 th March 2008. Contents

MWR InfoSecurity Advisory. Interwoven Worksite ActiveX Control Remote Code Execution. 10 th March 2008. Contents Contents MWR InfoSecurity Advisory Interwoven Worksite ActiveX Control Remote Code Execution 10 th March 2008 2008-03-10 Page 1 of 9 Contents Contents 1 Detailed Vulnerability Description...5 1.1 Introduction...5

More information

Windows Operating Systems. Basic Security

Windows Operating Systems. Basic Security Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System

More information

Internet Explorer Vulnerability (Remote Code Execution (CVE )

Internet Explorer Vulnerability (Remote Code Execution (CVE ) Internet Explorer Vulnerability (Remote Code Execution (CVE-2014-1776) MSS-SIEM Prepared By: Managed Service / Revision Number: 0.1 Date: 04/28/2014 Table of Contents Technical Summary... 3 Affected Versions...

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities Learning Objectives Name the common categories of vulnerabilities Discuss common system

More information

The Prevalence of Flash Vulnerabilities on the Web

The Prevalence of Flash Vulnerabilities on the Web TECHNICAL BRIEF FLASH FLOODING The Prevalence of Flash Vulnerabilities on the Web Adobe Flash Player is a cross-platform, browser plugin that provides uncompromised viewing of expressive applications,

More information

SECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING. Presented by: Dave Kennedy Eric Smith

SECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING. Presented by: Dave Kennedy Eric Smith SECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING Presented by: Dave Kennedy Eric Smith AGENDA Penetration Testing by the masses Review of current state by most service providers Deficiencies in

More information

Enterprise Anti-Virus Protection

Enterprise Anti-Virus Protection Enterprise Anti-Virus JULY - SEPTEMBER 2013 Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This report aims to compare the effectiveness of anti-malware products

More information

CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT

CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT 26579500 CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT Version 2.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 About this document This document describes the features, testing and deployment

More information

SAFECode Security Development Lifecycle (SDL)

SAFECode Security Development Lifecycle (SDL) SAFECode Security Development Lifecycle (SDL) Michael Howard Microsoft Matthew Coles EMC 15th Semi-annual Software Assurance Forum, September 12-16, 2011 Agenda Introduction to SAFECode Security Training

More information

Home Anti-Virus Protection

Home Anti-Virus Protection Home Anti-Virus Protection JULY - SEPTEMBER 2013 Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This report aims to compare the effectiveness of anti-malware

More information

Windows Embedded Security and Surveillance Solutions

Windows Embedded Security and Surveillance Solutions Windows Embedded Security and Surveillance Solutions Windows Embedded 2010 Page 1 Copyright The information contained in this document represents the current view of Microsoft Corporation on the issues

More information

Home Anti-Virus Protection

Home Anti-Virus Protection Home Anti-Virus Protection JULY - SEPT 2015 Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This report aims to compare the effectiveness of anti-malware products

More information

Adobe Flash Player and Adobe AIR security

Adobe Flash Player and Adobe AIR security Adobe Flash Player and Adobe AIR security Both Adobe Flash Platform runtimes Flash Player and AIR include built-in security and privacy features to provide strong protection for your data and privacy,

More information

Securing the Cloud Infrastructure

Securing the Cloud Infrastructure EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy

More information

Small Business Anti-Virus Protection

Small Business Anti-Virus Protection Small Business Anti-Virus Protection JULY - SEPT 2015 Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This report aims to compare the effectiveness of anti-malware

More information

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform McAfee Endpoint Security 10 provides customers with an intelligent, collaborative framework, enabling endpoint defenses to

More information

PC Anti-Malware Protection 2015

PC Anti-Malware Protection 2015 PC Anti-Malware Protection 2015 A DYNAMIC ANTI-MALWARE COMPARISON TEST Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This report aims to compare the effectiveness

More information

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org

More information

Custom Penetration Testing

Custom Penetration Testing Custom Penetration Testing Compromising a Vulnerability through Discovery and Custom Exploitation Stephen Sims Advanced Penetration Testing - 2009 SANS 1 Objectives Penetration Testing Precompiled Tools

More information

The Leader in Cloud Security SECURITY ADVISORY

The Leader in Cloud Security SECURITY ADVISORY The Leader in Cloud Security SECURITY ADVISORY Security Advisory - December 14, 2010 Zscaler Provides Protection in the Face of Significant Microsoft Year End Patch Cycle Zscaler, working with Microsoft

More information

Eugene Tsyrklevich. Ozone HIPS: Unbreakable Windows

Eugene Tsyrklevich. Ozone HIPS: Unbreakable Windows Eugene Tsyrklevich Eugene Tsyrklevich has an extensive security background ranging from designing and implementing Host Intrusion Prevention Systems to training people in research, corporate, and military

More information

Enterprise Anti-Virus Protection

Enterprise Anti-Virus Protection Enterprise Anti-Virus Protection APRIL - JUNE 2014 Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This report aims to compare the effectiveness of anti-malware

More information

OWASP Spain Barcelona 2014

OWASP Spain Barcelona 2014 OWASP Spain Barcelona 2014 ME & VULNEX Simon Roses Femerling Founder & CEO, VULNEX www.vulnex.com @simonroses @vulnexsl Former Microsoft, PwC, @Stake Black Hat, RSA, OWASP, SOURCE, AppSec, DeepSec, TECHNET,

More information

I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich

I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation Mathias Payer, ETH Zurich Motivation Applications often vulnerable to security exploits Solution: restrict application

More information

============================================================= =============================================================

============================================================= ============================================================= Stephan Lantos Subject: FW: @RISK: The Consensus Security Vulnerability Alert: Vol. 13, Num. 23 In partnership with SANS and Sourcefire, Qualys is pleased to provide you with the @RISK Newsletter. This

More information

APPLICATION SECURITY RESPONSE: WHEN HACKERS COME A-KNOCKING

APPLICATION SECURITY RESPONSE: WHEN HACKERS COME A-KNOCKING APPLICATION SECURITY RESPONSE: WHEN HACKERS COME A-KNOCKING Katie Moussouris Senior Security Strategist Microsoft Security Response Center http://twitter.com/k8em0 (that s a zero) Session ID: ASEC-T18

More information

Small Business Anti-Virus Protection

Small Business Anti-Virus Protection Small Business Anti-Virus Protection JANUARY - MARCH 2014 Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This report aims to compare the effectiveness of anti-malware

More information

Small Business Anti-Virus Protection

Small Business Anti-Virus Protection Small Business Anti-Virus Protection JULY - SEPTEMBER 2013 Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This report aims to compare the effectiveness of anti-malware

More information

Operational security for online services overview

Operational security for online services overview Operational security for online services overview Microsoft Trustworthy Computing October 21, 2013 Trustworthy Computing Operational security for online services overview Legal disclaimer This document

More information

SENSE Security overview 2014

SENSE Security overview 2014 SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2

More information

Microsoft Security Bulletins

Microsoft Security Bulletins September 2014 Microsoft Security Bulletins Jonathan Ness Security Development Manager Dial-in Information 1 (888) 320-3858 Pin: 309915439 Dustin Childs Group Manager Response Communications What We Will

More information

The introduction covers the recent changes is security threats and the effect those changes have on how we protect systems.

The introduction covers the recent changes is security threats and the effect those changes have on how we protect systems. 1 Cyber-attacks frequently take advantage of software weaknesses unintentionally created during development. This presentation discusses some ways that improved acquisition practices can reduce the likelihood

More information

Ziv Mador Senior Program Manager and Response Coordinator. Jeff Williams Principal Group Manager. Microsoft Malware Protection Center

Ziv Mador Senior Program Manager and Response Coordinator. Jeff Williams Principal Group Manager. Microsoft Malware Protection Center Ziv Mador Senior Program Manager and Response Coordinator Jeff Williams Principal Group Manager Microsoft Malware Protection Center Trend of Malware and Potentially Unwanted Software becoming more regional

More information

Small Business Anti-Virus Protection

Small Business Anti-Virus Protection Small Business Anti-Virus Protection OCT - DEC 2014 Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This report aims to compare the effectiveness of anti-malware

More information

Web 2.0 and Data Protection. Paul Tsang Security Consultant McAfee

Web 2.0 and Data Protection. Paul Tsang Security Consultant McAfee Web 2.0 and Data Protection Paul Tsang Security Consultant McAfee Criminal Motivators For Profit Targeted Attacks Cyber Warfare (Credit Cards, PII, Criminal Infrastructure) (Nation-State Secrets, Trade

More information

Sandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers

Sandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security

More information

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents

More information

Some Anti-Worm Efforts at Microsoft. Acknowledgements

Some Anti-Worm Efforts at Microsoft. Acknowledgements Some Anti-Worm Efforts at Microsoft Helen J. Wang System and Networking Research Group Microsoft Research Oct 29, 2004 1 Acknowledgements Matt Braverman, Opher Dubrovsky, John Dunagan, Louis Lafreniere,

More information

Operating System Security

Operating System Security Operating System Security Klaus Schütz Windows OS Security Microsoft Redmond Before I start My VP love(d) me A frustrated friend 1 Agenda Evolution of Threats Client vs. Server Security Operating System

More information

Migrating to Red Hat Enterprise Linux 4:

Migrating to Red Hat Enterprise Linux 4: Migrating to Red Hat Enterprise Linux 4: Upgrading to the latest Red Hat release By Donald Fischer Abstract Red Hat Enterprise Linux subscribers may choose to deploy any of the supported versions of the

More information

Anti-Virus Protection and Performance

Anti-Virus Protection and Performance Anti-Virus Protection and Performance ANNUAL REPORT 2015 Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com CONTENTS Annual Report 2015... 1 Contents... 2 Introduction...

More information

Key Benefits. Core Technologies and Technical Features. Advanced threat prevention

Key Benefits. Core Technologies and Technical Features. Advanced threat prevention Advanced threat prevention Malwarebytes Endpoint Security is an innovative platform that delivers powerful multilayered defense for smart endpoint protection. Malwarebytes Endpoint Security enables small

More information

Dell Client BIOS: Signed Firmware Update

Dell Client BIOS: Signed Firmware Update Dell Client BIOS: Signed Firmware Update An Implementation and Deployment Guide to NIST SP800-147 BIOS Protections for Dell Client BIOS Rick Martinez Dell Client BIOS This white paper is for informational

More information

Citect and Microsoft Windows XP Service Pack 2

Citect and Microsoft Windows XP Service Pack 2 Citect and Microsoft Windows XP Service Pack 2 Citect and Windows XP Spk 2 White Paper Page 1 About Citect Citect Pty Ltd is a worldwide leader in industrial automation and information management. Its

More information

Windows XP Support stops on 8. April 2014

Windows XP Support stops on 8. April 2014 Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats 1 Windows XP Support stops on 8. April 2014 Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats

More information

Network Access Control ProCurve and Microsoft NAP Integration

Network Access Control ProCurve and Microsoft NAP Integration HP ProCurve Networking Network Access Control ProCurve and Microsoft NAP Integration Abstract...2 Foundation...3 Network Access Control basics...4 ProCurve Identity Driven Manager overview...5 Microsoft

More information

風 水. Heap Feng Shui in JavaScript. Alexander Sotirov. asotirov@determina.com

風 水. Heap Feng Shui in JavaScript. Alexander Sotirov. asotirov@determina.com 風 水 Heap Feng Shui in JavaScript Alexander Sotirov asotirov@determina.com Black Hat Europe 2007 Introduction What is Heap Feng Shui? the ancient art of arranging heap blocks in order to redirect the program

More information

ICTN 4040. Enterprise Database Security Issues and Solutions

ICTN 4040. Enterprise Database Security Issues and Solutions Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of

More information

The Security Development Lifecycle. Steven B. Lipner, CISSP SLipner@microsoft.com Senior Director Security Engineering Strategy Microsoft Corp.

The Security Development Lifecycle. Steven B. Lipner, CISSP SLipner@microsoft.com Senior Director Security Engineering Strategy Microsoft Corp. The Security Development Lifecycle Steven B. Lipner, CISSP SLipner@microsoft.com Senior Director Security Engineering Strategy Microsoft Corp. 2 Overview Introduction A look back Trustworthy Computing

More information

The Value of Vulnerability Management*

The Value of Vulnerability Management* The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda

More information

Home Anti-Virus Protection

Home Anti-Virus Protection Home Anti-Virus Protection APRIL - JUNE 2013 Dennis Technology Labs www.dennistechnologylabs.com This report aims to compare the effectiveness of anti-malware products provided by well-known security companies.

More information

ESET Endpoint Security 6 ESET Endpoint Antivirus 6 for Windows

ESET Endpoint Security 6 ESET Endpoint Antivirus 6 for Windows ESET Endpoint Security 6 ESET Endpoint Antivirus 6 for Windows Products Details ESET Endpoint Security 6 protects company devices against most current threats. It proactively looks for suspicious activity

More information

IT Risk Management: Guide to Software Risk Assessments and Audits

IT Risk Management: Guide to Software Risk Assessments and Audits IT Risk Management: Guide to Software Risk Assessments and Audits Contents Overview... 3 Executive Summary... 3 Software: Today s Biggest Security Risk... 4 How Software Risk Enters the Enterprise... 5

More information

Kevin Dean Technology Strategist Education Southeast Microsoft Corporation

Kevin Dean Technology Strategist Education Southeast Microsoft Corporation Kevin Dean Technology Strategist Education Southeast Microsoft Corporation Security Exploits History The Threat landscape today Microsoft Security Development Lifecycle State of Security today Trends in

More information

Total Protection for Compliance: Unified IT Policy Auditing

Total Protection for Compliance: Unified IT Policy Auditing Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.

More information

Getting Ahead of Malware

Getting Ahead of Malware IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,

More information

Using Windows Update for Windows 95/98

Using Windows Update for Windows 95/98 Using Windows Update for Windows 95/98 Contents Introduction... 1 Before You Begin... 2 Downloading and Installing the Windows Update Components... 2 Maintaining a Secure Computing Environment... 6 Introduction

More information

Penetration Test Report

Penetration Test Report Penetration Test Report Acme Test Company ACMEIT System 26 th November 2010 Executive Summary Info-Assure Ltd was engaged by Acme Test Company to perform an IT Health Check (ITHC) on the ACMEIT System

More information

Cutting Edge Practices for Secure Software Engineering

Cutting Edge Practices for Secure Software Engineering Cutting Edge Practices for Secure Software Engineering Kanchan Hans Amity Institute of Information Technology Amity University, Noida, 201301, India khans@amity.edu Abstract Security has become a high

More information

Payment Card Industry (PCI) Terminal Software Security. Best Practices

Payment Card Industry (PCI) Terminal Software Security. Best Practices Payment Card Industry (PCI) Terminal Software Security Best Version 1.0 December 2014 Document Changes Date Version Description June 2014 Draft Initial July 23, 2014 Core Redesign for core and other August

More information

Windows Phone 7 Internals and Exploitability

Windows Phone 7 Internals and Exploitability Windows Phone 7 Internals and Exploitability (abridged white paper) Tsukasa Oi Research Engineer 目 次 1. Abstract... 3 2. Introduction: Windows Phone 7 and Analysis... 3 3. Security Analysis Windows Phone

More information

Small Business Anti-Virus Protection

Small Business Anti-Virus Protection Small Business Anti-Virus Protection APRIL - JUNE 2013 Dennis Technology Labs www.dennistechnologylabs.com This report aims to compare the effectiveness of anti-malware products provided by well-known

More information

The Security Development Lifecycle

The Security Development Lifecycle The Security Development Lifecycle Steven B. Lipner Director of Security Engineering Strategy Security Business and Technology Unit Microsoft Corporation Context and History 1960s penetrate and patch 1970s

More information

CPA SECURITY CHARACTERISTIC MIKEY-SAKKE SECURE VOIP GATEWAY

CPA SECURITY CHARACTERISTIC MIKEY-SAKKE SECURE VOIP GATEWAY 3166116 CPA SECURITY CHARACTERISTIC MIKEY-SAKKE SECURE VOIP GATEWAY Version 2.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 MIKEY-SAKKE Secure VoIP gateway About this document This document

More information

UNCLASSIFIED CPA SECURITY CHARACTERISTIC REMOTE DESKTOP. Version 1.0. Crown Copyright 2011 All Rights Reserved

UNCLASSIFIED CPA SECURITY CHARACTERISTIC REMOTE DESKTOP. Version 1.0. Crown Copyright 2011 All Rights Reserved 18570909 CPA SECURITY CHARACTERISTIC REMOTE DESKTOP Version 1.0 Crown Copyright 2011 All Rights Reserved CPA Security Characteristics for CPA Security Characteristic Remote Desktop 1.0 Document History

More information

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses 2004 Microsoft Corporation. All rights reserved. This document is for informational purposes only.

More information