Archive

Archive for March, 2015

RSA Conference 2015: Enhancing Cloud Trust

March 31st, 2015 No comments

RSA Conference USA 2015 is just a few weeks away (April 20-24) in San Francisco. Given the numerous noteworthy cybersecurity events that have occurred over the last 12 months, I expect this conference to be well attended, yet again!

Once more, Microsoft is a Diamond sponsor, and Scott Charney, Corporate Vice President, Trustworthy Computing, will deliver a keynote at the conference. His keynote, entitled “Enhancing Cloud Trust,” will be delivered Tuesday, April 21st at 8:50 AM PT.

On Tuesday, April 21st at 1:10 PM PT, I will be delivering a speaker session, “Exploitation Trends: from potential risk to actual risk” as part of the Breaking Research track. Microsoft researchers have studied some of the exploits discovered over the past several years and the specific vulnerabilities in Microsoft software that were targeted. The goal of this of study is to understand which vulnerabilities are exploited, who exploits them, the timing of exploitation attempts relative to when security updates are available, and how these vulnerabilities were introduced into code. These findings are key in helping security professionals more accurately assess the risk vulnerabilities pose.

I’m excited to be joined by two exploit researchers Matt Miller, Principal Security Software Engineer from the Microsoft Security Response Center and David Weston, Principal Program Manager from the Microsoft One Protection Team. Together, we will be discussing the long-term trend data and our brand new research.

And finally, we will examine how exploits are monetized through exploit kits that are sold as commercial software or as a service as well as development practices that can help minimize such vulnerabilities.

There are several Microsoft speakers at the conference this year; below is a full list of their sessions.

MICROSOFT SPEAKER SESSIONS

Title Date Time (PT)
License to Kill: Malware Hunting with the Sysinternals Tools – Mark Russinovich Tuesday, 4/21 1:10 PM
Exploitation Trends: from potential risk to actual risk – Tim Rains, Matt Miller, David Weston Tuesday, 4/21 1:10 PM
Security and Privacy in the Cloud:  How Far Have We Come? – Bret Arsenault (Panel Discussion) Tuesday, 4/21 4:40 PM
Assume Breach: An Inside Look at Cloud Service Provider Security – Mark Russinovich Wednesday, 4/22 8:00 AM
Doing Security Response with your Cloud Service Provider – Jerry Cochran (Peer-to-Peer Session) Wednesday, 4/22 8:00 AM
License to Kill: Malware Hunting with the Sysinternals Tools – Mark Russinovich Wednesday, 4/22 9:10 AM
Enterprise Cloud: Advancing SaaS Security and Trust – Chang Kawaguchi Wednesday, 4/22 10:20 AM
The Legal Pitfalls of Failing to Develop Secure Cloud Services – Cristin Goodwin Thursday, 4/23 10:20 AM
Pass-the-Hash II: The Wrath of Hardware – Nathan Ide Thursday, 4/23 10:20 AM

 Microsoft is also hosting a booth on the expo floor where we will host a number of theater sessions. To find session descriptions and times, as well as details on the Microsoft party (Wednesday, April 22nd, 8:00 PM PT), please visit http://rsa2015.microsoft.com.

One other session that I think you should check out is being delivered by a longtime colleague, Nicole Miller, Senior Vice President, Cybersecurity & Issues Management, Waggener Edstrom. Nicole has been working with companies on cybersecurity for many years, and it’s a rare treat to hear her speak in public. Her session is called “From the Battlefield: Managing Customer Perceptions in a Security Crisis” and is scheduled on Tuesday, April 21, 2015 at 3:30 PM PT.

I hope to see you at the conference!

3050995 – Improperly Issued Digital Certificates Could Allow Spoofing – Version: 2.0

Revision Note: V2.0 (March 26, 2015): Advisory rereleased to announce that the update for supported editions of Windows Server 2003 is now available. See Microsoft Knowledge Base Article 3050995 for more information and download links.
Summary: Microsoft is aware of improperly issued digital certificates coming from the subordinate CA, MCS Holdings, which could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The improperly issued certificates cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows.

Categories: Uncategorized Tags:

MS15-022 – Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (March 26, 2015): Bulletin revised to correct the update replacement entry for Microsoft Excel 2007 Service Pack 3 in the Affected Software table. This is an informational change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Categories: Uncategorized Tags:

3050995 – Improperly Issued Digital Certificates Could Allow Spoofing – Version: 2.0

Revision Note: V2.0 (March 26, 2015): Advisory rereleased to announce that the update for supported editions of Windows Server 2003 is now available. See Microsoft Knowledge Base Article 3050995 for more information and download links.
Summary: Microsoft is aware of improperly issued digital certificates coming from the subordinate CA, MCS Holdings, which could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The improperly issued certificates cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows.

Categories: Uncategorized Tags:

MS15-022 – Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (March 26, 2015): Bulletin revised to correct the update replacement entry for Microsoft Excel 2007 Service Pack 3 in the Affected Software table. This is an informational change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Categories: Uncategorized Tags:

3050995 – Improperly Issued Digital Certificates Could Allow Spoofing – Version: 2.0

Revision Note: V2.0 (March 26, 2015): Advisory rereleased to announce that the update for supported editions of Windows Server 2003 is now available. See Microsoft Knowledge Base Article 3050995 for more information and download links.
Summary: Microsoft is aware of improperly issued digital certificates coming from the subordinate CA, MCS Holdings, which could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The improperly issued certificates cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows.

Categories: Uncategorized Tags:

MS15-031 – Important: Vulnerability in Schannel Could Allow Security Feature Bypass (3046049) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (March 24, 2015): Revised bulletin to add an FAQ directing customers to Microsoft Knowledge Base Article 3050509 for instructions on how to disable EXPORT ciphers after installing the update on Windows Server 2003 systems.
Summary: This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection. Any Windows system using Schannel to connect to a remote TLS server with an exploitable cipher suite is affected.

Categories: Uncategorized Tags:

3050995 – Improperly Issued Digital Certificates Could Allow Spoofing – Version: 1.0

Revision Note: V1.0 (March 24, 2015): Advisory published.
Summary: Microsoft is aware of improperly issued digital certificates coming from the subordinate CA, MCS Holdings, which could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The improperly issued certificates cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows.

Categories: Uncategorized Tags:

MS15-031 – Important: Vulnerability in Schannel Could Allow Security Feature Bypass (3046049) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (March 24, 2015): Revised bulletin to add an FAQ directing customers to Microsoft Knowledge Base Article 3050509 for instructions on how to disable EXPORT ciphers after installing the update on Windows Server 2003 systems.
Summary: This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection. Any Windows system using Schannel to connect to a remote TLS server with an exploitable cipher suite is affected.

Categories: Uncategorized Tags:

3046310 – Improperly Issued Digital Certificates Could Allow Spoofing – Version: 2.0

Revision Note: V2.0 (March 19, 2015): Advisory rereleased to announce that the update for supported editions of Windows Server 2003 is now available. See Knowledge Base Article 3046310 for more information and download links.
Summary: Microsoft is aware of an improperly issued SSL certificate for the domain “live.fi” that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

Categories: Uncategorized Tags:

3046310 – Improperly Issued Digital Certificates Could Allow Spoofing – Version: 2.0

Revision Note: V2.0 (March 19, 2015): Advisory rereleased to announce that the update for supported editions of Windows Server 2003 is now available. See Knowledge Base Article 3046310 for more information and download links.
Summary: Microsoft is aware of an improperly issued SSL certificate for the domain “live.fi” that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

Categories: Uncategorized Tags:

3046310 – Improperly Issued Digital Certificates Could Allow Spoofing – Version: 2.0

Revision Note: V2.0 (March 19, 2015): Advisory rereleased to announce that the update for supported editions of Windows Server 2003 is now available. See Knowledge Base Article 3046310 for more information and download links.
Summary: Microsoft is aware of an improperly issued SSL certificate for the domain “live.fi” that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

Categories: Uncategorized Tags:

VOTE for Microsoft Crowdsourced RSA Sessions

March 18th, 2015 No comments

RSA Conference is trying something a little different this year to form a full track of sessions that are voted on directly by you. Anyone can vote, but registered delegate votes count a bit more. Microsoft has proposed seven additional sessions – so click on the title below and vote!


A pragmatic approach to evaluate cloud security

Placing data in the cloud doesn’t have be same as losing control over the data. How can I approach risk evaluation of a cloud service?

Speaker: Vikas Malhotra, Senior Solution Architect, Microsoft


Data Driven Cyber-Offense Data driven offense

Big data and machine learning aren’t just for defenders.

Speaker: Sacha Faust, Senior Security Developer, Microsoft


Dropping the hammer on malware threats with Windows 10’s Device Guard

The tables have been turned. Device Guard is the “zero day” threat to malware on Windows. Come join us to learn more.

Speaker: Chris Hallum, Senior Product Manager, Microsoft


Love Thy Attacker: Bounties, Red Teams and Getting Cozy with Maliciousness

When you treat your attacker as a precious information resource, you will find yourself happily funding constructive maliciousness.

Speaker: Travis Rhodes, Senior Security Software Engineer Manager, Microsoft


Responding to Security Threats @ Cloud Scale

Responding to Security Threats @ Cloud Scale digs into the business of security response for a large cloud service provider.

Speaker: Jerry Cochran, Principal Security Engineering Manager, Microsoft


Windows 10-Disrupting the Revolution of Threats with Revolutionary Security

Windows 10 includes revolutionary features that decisively address the biggest challenges faced on devices today. Join us to learn more.

Speaker: Chris Hallum, Senior Product Manager, Microsoft


Windows 10 – The End Game for Passwords and Credential Theft?

Windows 10 delivers the end game solution for passwords, one that’s easy to deploy, multi-factor, and phish proof. Join us to learn more.

Speaker: Chris Hallum, Senior Product Manager, Microsoft


Hope to see you there, Jeff (@securityjones)

KB: HTTPS inspection in Forefront Threat Management Gateway 2010 doesn’t use the full URL path for URL categorization

March 18th, 2015 No comments

KB7334333232

When HTTPS inspection is enabled, Microsoft Forefront Threat Management Gateway 2010 (TMG 2010) uses only the host part of the URL for URL filtering. For example, consider the following scenario:

– Assume that www.contoso.com belongs in the Education category.

  • – You set a URL category override for www.contoso.com/poker to the Gambling category, and a deny rule exists for that category.

When you browse to http://www.contoso.com/poker in this scenario, TMG blocks this URL because the category is evaluated as Gambling, however when you browse to https://www.contoso.com/poker, the page loads.

This behavior occurs because for HTTPS inspection, TMG passes only the host domain (www.contoso.com) to the categorization service. In the example above, the host domain falls into the Education category.

For additional details please see the following:

KB3041871HTTPS inspection in Forefront Threat Management Gateway 2010 doesn't use the full URL path for URL categorization (http://support.microsoft.com/en-us/kb/3041871)

J.C. Hornbeck | Solution Asset PM | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

Main System Center blog: http://blogs.technet.com/b/systemcenter/

Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
Data Protection Manager Team blog: http://blogs.technet.com/dpm/
Orchestrator Team blog: http://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: http://blogs.technet.com/momteam/
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Microsoft Intune: http://blogs.technet.com/b/microsoftintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
RMS blog: http://blogs.technet.com/b/rms/
App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

Forefront Endpoint Protection blog: http://blogs.technet.com/b/clientsecurity/
Forefront Identity Manager blog: http://blogs.msdn.com/b/ms-identity-support/
Forefront TMG blog: http://blogs.technet.com/b/isablog/
Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/
Application Proxy blog: http://blogs.technet.com/b/applicationproxyblog/
The Surface Team blog: http://blogs.technet.com/b/surface/

ConfigMgr 2012 R2

Categories: Uncategorized Tags:

KB: HTTPS inspection in Forefront Threat Management Gateway 2010 doesn’t use the full URL path for URL categorization

March 18th, 2015 No comments

KB7334333232

When HTTPS inspection is enabled, Microsoft Forefront Threat Management Gateway 2010 (TMG 2010) uses only the host part of the URL for URL filtering. For example, consider the following scenario:

– Assume that www.contoso.com belongs in the Education category.

  • – You set a URL category override for www.contoso.com/poker to the Gambling category, and a deny rule exists for that category.

When you browse to http://www.contoso.com/poker in this scenario, TMG blocks this URL because the category is evaluated as Gambling, however when you browse to https://www.contoso.com/poker, the page loads.

This behavior occurs because for HTTPS inspection, TMG passes only the host domain (www.contoso.com) to the categorization service. In the example above, the host domain falls into the Education category.

For additional details please see the following:

KB3041871HTTPS inspection in Forefront Threat Management Gateway 2010 doesn't use the full URL path for URL categorization (http://support.microsoft.com/en-us/kb/3041871)

J.C. Hornbeck | Solution Asset PM | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

Main System Center blog: http://blogs.technet.com/b/systemcenter/

Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
Data Protection Manager Team blog: http://blogs.technet.com/dpm/
Orchestrator Team blog: http://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: http://blogs.technet.com/momteam/
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Microsoft Intune: http://blogs.technet.com/b/microsoftintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
RMS blog: http://blogs.technet.com/b/rms/
App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

Forefront Endpoint Protection blog: http://blogs.technet.com/b/clientsecurity/
Forefront Identity Manager blog: http://blogs.msdn.com/b/ms-identity-support/
Forefront TMG blog: http://blogs.technet.com/b/isablog/
Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/
Application Proxy blog: http://blogs.technet.com/b/applicationproxyblog/
The Surface Team blog: http://blogs.technet.com/b/surface/

ConfigMgr 2012 R2

Categories: Uncategorized Tags:

KB: HTTPS inspection in Forefront Threat Management Gateway 2010 doesn’t use the full URL path for URL categorization

March 18th, 2015 No comments

KB7334333232

When HTTPS inspection is enabled, Microsoft Forefront Threat Management Gateway 2010 (TMG 2010) uses only the host part of the URL for URL filtering. For example, consider the following scenario:

– Assume that www.contoso.com belongs in the Education category.

  • – You set a URL category override for www.contoso.com/poker to the Gambling category, and a deny rule exists for that category.

When you browse to http://www.contoso.com/poker in this scenario, TMG blocks this URL because the category is evaluated as Gambling, however when you browse to https://www.contoso.com/poker, the page loads.

This behavior occurs because for HTTPS inspection, TMG passes only the host domain (www.contoso.com) to the categorization service. In the example above, the host domain falls into the Education category.

For additional details please see the following:

KB3041871HTTPS inspection in Forefront Threat Management Gateway 2010 doesn't use the full URL path for URL categorization (http://support.microsoft.com/en-us/kb/3041871)

J.C. Hornbeck | Solution Asset PM | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

Main System Center blog: http://blogs.technet.com/b/systemcenter/

Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
Data Protection Manager Team blog: http://blogs.technet.com/dpm/
Orchestrator Team blog: http://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: http://blogs.technet.com/momteam/
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Microsoft Intune: http://blogs.technet.com/b/microsoftintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
RMS blog: http://blogs.technet.com/b/rms/
App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

Forefront Endpoint Protection blog: http://blogs.technet.com/b/clientsecurity/
Forefront Identity Manager blog: http://blogs.msdn.com/b/ms-identity-support/
Forefront TMG blog: http://blogs.technet.com/b/isablog/
Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/
Application Proxy blog: http://blogs.technet.com/b/applicationproxyblog/
The Surface Team blog: http://blogs.technet.com/b/surface/

ConfigMgr 2012 R2

Categories: Uncategorized Tags:

Transparency & Trust in the Cloud Series: Cincinnati, Cleveland, Detroit

March 17th, 2015 No comments
 Customers at the Transparency & Trust in the Cloud Series event in Detroit

Customers at the Detroit “Transparency & Trust in the Cloud” event.

I had the opportunity to speak at three additional Transparency & Trust in the Cloud events last week in Cincinnati, Cleveland, and Detroit. These were the latest in the series that Microsoft is hosting, inviting customers to participate in select cities across the US.

For me personally, these events provide the opportunity to connect with customers in each city and learn which security and privacy challenges are top of mind for them. In addition, I get to hear first-hand, how customers have been using the Cloud to drive their businesses forward, or, if they haven’t yet adopted Cloud services, what’s holding them back. I feel very fortunate as the participating CIOs, their in-house lawyers, CISOs, and IT operations leaders haven’t been shy about sharing the expectations they have for prospective Cloud Providers, specifically around security, privacy, and compliance.

I was joined by other Microsoft Cloud subject matter experts: Microsoft’s Assistant General Counsel, Dennis Garcia, Principal IT Solution Manager, Maya Davis, Director of Audit and Compliance, Gabi Gustaf, and Cloud Architect, Delbert Murphy. This diverse cast helped provide an overview of the Microsoft Trustworthy Cloud Initiative from their unique perspectives and answer a range of technology, business process, and legal questions from attendees.

Here are just some of the types of questions these events garner, most recently in these three cities:

  • How does eDiscovery work in Microsoft’s Cloud? (see related posts)
  • What data loss prevention capabilities does Microsoft offer for Office 365, OneDrive and Microsoft Azure?
  • What data does Microsoft share with customers during incident response investigations?
  • Which audit reports does Microsoft provide to its Cloud customers?
  • What terms does Microsoft include in its Cloud contracts to help customers manage regulatory compliance obligations in EU nations?
  • What does the new ISO 27018 privacy certification that Microsoft has achieved for its four major Cloud solutions provide to Microsoft’s Cloud customers (and Microsoft is the only major Cloud provider to achieve ISO 27018 certification)?

These are great conversations! Thank you to all of the customers that have attended and participated in recent events.

There are still a few more scheduled in different cities across the country. If you are a customer and would like to learn more about the Microsoft approach to building the industry’s most trustworthy Cloud, please reach out to your account team to find out if one of these events is coming to your area.

I’m looking forward to seeing customers in Omaha and Des Moines in just a couple of weeks.

Experts: Don’t blame the victims of youth ‘selfies’

It’s a mistake to blame young people who take sexually explicit photos or videos of themselves when those images end up being redistributed over the Internet, according to experts who gathered in London this week to discuss a new study by the U.K.-based Internet Watch Foundation (IWF).

It’s also a mistake to assume that the images, sometimes referred to as “selfies,” were taken voluntarily by the children who appear in them.

Researchers analyzed sexually explicit pictures taken and supposedly shared by young people, and found that 89.9 percent of the images had been “harvested” from their original upload location and posted to other public sites. Moreover, 100 percent of the images the IWF analyzed depicting children 15 and younger were harvested and posted somewhere else.

The IWF study, which was conducted late last year and funded by Microsoft, analyzed 3,803 photos and videos that were believed to be of children and youth ranging from infants to 20 years old.

“What the IWF went to seek and what they found are quite different,” said Tink Palmer, Chief Executive Officer of the Marie Collins Foundation and moderator of a panel discussion about the emotional and behavioral aspects of producing such images. “We need to focus on definitions and understand that every picture tells a story about what’s happening to the children.”

Microsoft funded the IWF to repeat and expand similar research done three years ago. IWF’s 2012 study found that of the 12,000-plus images taken and shared by youth and examined by the IWF, 88.15 percent had migrated to “parasite websites” where people sometimes paid to download them. As part of our child online protection strategy, Microsoft was interested in learning whether the 2012 trend was continuing, and whether there was more to be gleaned regarding the content’s commercial availability.

What the IWF learned from the new study, however, was very different. The 2014 set of supposed selfies featured much younger children, thus making it all but impossible to refer to the images as “self-produced.” Indeed, experts agreed the latest content could be divided into three categories: (1) truly self-generated, (2) by-products of online “grooming,” and (3) results of outright coercion or “sextortion.”

“With the under 10 (year olds), we have to believe something coercive is going on,” said Professor Sonia Livingstone of the Department of Media and Communications at the London School of Economics. “It’s just another way that an already at-risk group is being further victimized.”

IWF was unable to ascertain (nor was such a determination in scope) the category into which each image might fall. The latest results are shocking and disturbing because of the younger-aged children and the heightened explicit sexual nature of the acts. In 2012, not a single image included a child believed to be 13 or younger, IWF said.

The London event, co-hosted by IWF and Microsoft, featured a second panel where experts discussed guidance for parents and educators, as well as ongoing technological efforts. The group offered advice for parents about webcams and how they operate, noting they’re no longer “a device that balances on top of a computer monitor.” They also called out simple messages for children, including “privates are private” and “speak up and tell someone” if something or someone makes them uncomfortable online or elsewhere. The event brought together 100 policymakers, child safety advocates, technology industry representatives and others to discuss the findings and to begin to chart a way forward.

All agreed the research indicated that different analyses and potential mitigation paths were required for the images involving older children versus those featuring children under 13. IWF agreed. “It is indisputable that coercion of young people to produce and/or share sexual content online must be referred to as a form of child sexual abuse,” said Sarah Smith, IWF’s lead researcher on the project. The content produced by the older age groups, meanwhile, could be regarded as more traditional “sexting.”

For our part, Microsoft will seek to create and deploy appropriate technology to help address the issue. In fact, as part of the U.K. government’s #WePROTECT Children Online initiative, Microsoft is leading a technology project about self-generated indecent images among youth. In addition, we will continue to raise awareness, help educate the public, and continue to partner with organizations like the IWF to ensure strategies and proposed “solutions” are research-based. Microsoft has agreed to again sponsor similar research by the IWF this year.

To read Part 1 of this two-part blog, which focuses on the study results and some Microsoft suggested guidance for parents, click here. To learn more about staying safer online generally, see this website.

 

 

 

 

MS15-027 – Important: Vulnerability in NETLOGON Could Allow Spoofing (3002657) – Version: 2.0

Severity Rating: Important
Revision Note: V2.0 (March 16, 2015): To address a connectivity issue with update 3002657 when installed on supported editions of Windows Server 2003, Microsoft released update 3002657-v2 for all supported editions of Windows Server 2003. Customers who have not already installed the 3002657 update should install update 3002657-v2 to be fully protected from this vulnerability. To avoid the possibility of future detection logic problems, Microsoft recommends that customers running Windows Server 2003 who have already successfully installed the 3002657 update also apply update 3002657-v2 even though they are already protected from this vulnerability. Customers running other Microsoft operating systems are not affected by this rerelease and do not need to take any action. See Microsoft Knowledge Base Article 3002657 for more information.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker who is logged on to a domain-joined system runs a specially crafted application that could establish a connection with other domain-joined systems as the impersonated user or system. The attacker must be logged on to a domain-joined system and be able to observe network traffic.

Categories: Uncategorized Tags:

MS15-025 – Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680) – Version: 2.0

Severity Rating: Important
Revision Note: V2.0 (March 16, 2015): To address a packaging issue for customers who are repeatedly reoffered security update 3033395 when installed on systems running supported editions of Windows Server 2003, Microsoft released update 3033395-v2 for all supported editions of Windows Server 2003. Customers who have not already installed the 3033395 update should install update 3033395-v2 to be fully protected from this vulnerability. To avoid the possibility of future detection logic problems, Microsoft recommends that customers running Windows Server 2003 who have already successfully installed the 3033395 update also apply update 3033395-v2 even though they are already protected from this vulnerability. Customers running other Microsoft operating systems are not affected by this rerelease and do not need to take any action. See Microsoft Knowledge Base Article 3033395 for more information.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited the vulnerability could run arbitrary code in the security context of the account of another user who is logged on to the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts potentially with full user rights.

Categories: Uncategorized Tags: