[ENGLISH] Device Guard notes from the Field…


 

1. Hardware Prerequisite

Support HYPERV et SLAT + Secure Boot + UEFI

2. Software Prerequisite

Only for the Windows 10 Enterprise version!

HyperV (the platform, not necessarily the management tools)

Isolated user mode

3. Create GPO/GPO Pack

a. Create a GPO for device Guard

clip_image002

clip_image003

clip_image004

Make appropriate choices in accordance with material capacity and desired configuration. Confirm and link the GPO on a test O.U. Then do a GPUPDATE / FORCE.

In this case, I used a local GPEDIT.MSC, but the system stays the same…

b. Creating a GPOPack

GPO Pack ‘s system allows you to deploy the exact same settings on non-domain joined PCs, through a script or from a TS MDT/SCCM.

In my case the purpose was to deploy automatically that GPOPack during MDT deployment.

To do so, you’ll have to export those settings with LocalGPO tool (included in SCM 3.0):

Cscript localgpo.wsf /Path:D: /export /GPOPack

This creates a file, on D, containing the included settings in the local GPO created here

Exporting Local Policy… this process can take a few moments.

Local Policy Exported to D:\{5179D33A-64A1-4432-AD76-D5D1BAE898FE}

Rename the file (for example WINGPOPACK1), then copy it in your MDT tree view

(C:\DeploymentShare\Templates\GPOPacks)

You’re good to go! You’ll just have to list it in CS.INI:

ApplyGPOPack=YES

GPOPackPath=WINGPOPACK1

During TS, there is a step called Apply Local GPO Packs that will apply your GPO Pack in deployment.

We can also produce a commandline as to manage/deploy several GPOPacks in a much more granular way:

cscript localgpo.wsf /Path:D:\{5179D33A-64A1-4432-AD76-D5D1BAE898FE}

4. Create a basic rule (certificate based)

Administrator mode in Windows PowerShell

New-CIPolicy -Level PcaCertificate -FilePath C:\ScanDeBase.xml -userPEs 3> C:\ScanDeBaseLog.txt

Checking for Catalog Signers…

Generating Rules…

Unable to generate rules for all scanned files at the requested level. A list of files not covered by the current policy can be found at C:\Users\Administrateur\AppData\Local\Temp\tmp550C.tmp. A more complete policy may be created using the -fallback switch

5. Convert in binary format

ConvertFrom-CIPolicy C:\ScanDeBase.xml C:\CIPolicydeBase.bin

6. Copy in CodeIntegrity folder

xcopy C:\CIPolicydeBase.bin C:\Windows\System32\CodeIntegrity\SIPolicy.p7b /y

7. Restart your computer and test

8. Audit Device Guard mode

Eventvwr : CodeIntegrity Events 3076

9. Create the rule based on the audit (hash on detected exceptions)

New-CIPolicy -Audit -Level Hash -FilePath C:\ScanAuditBase.xml -UserPEs 3> CIAuditPolicylog.txt

10. Merging both rules

Merge-CIPolicy -PolicyPaths C:\ScanDeBase.xml, C:\ScanAuditBase.xml -OutputFilePath C:\ScanMerged.xml

11. Convert, copy…and restart

ConvertFrom-CIPolicy C:\ScanMerged.xml C:\ScanMerged.bin

xcopy C:\ ScanMerged.bin C:\Windows\System32\CodeIntegrity\SIPolicy.p7b /y

Restart once again.

12. Second audit for verification

13. If conclusive: go on mode PROD.

To do so, you must uncheck the audit strategy option:

Set-ruleoption -Option 3 -delete C:\ScanMerged.xml

Compile and copy the file, then restart.

To deploy it with MDT/SCCM, you’ll just have to insert a copy stage of your SIPolicy.p7b in your TS MDT/SCCM if necessary:

(ex : xcopy \\DC01\DeviceGuard\ScanMerged.bin C:\Windows\System32\CodeIntegrity\SIPolicy.p7b /y)

14. Conclusions

Device Guard allows you to achieve optimum security for your sensitive machines. It is not a tool you would apply on all machines, only on those you really want to secure!

@RioJoubert


Publié dans ENGLISH, Formation, Ransomeware, Security, Windows10 | Laisser un commentaire

Patch Tuesday ! ! ! et il est chargé…


Tout d’abord, les nouvelles releases du mois….beaucoup sont importantes, donc Patchez ! ! !

This summary lists security updates released for June 2017.
Complete information for the June 2017 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.
Critical Security Updates
============================
Critical        Adobe Flash Player
Critical        Internet Explorer 9
Critical        Internet Explorer 10
Critical        Internet Explorer 11
Critical        Microsoft Edge
Critical        Microsoft Office 2007 Service Pack 3
Critical        Microsoft Office 2010 Service Pack 2 (32-bit editions)
Critical        Microsoft Office 2010 Service Pack 2 (64-bit editions)
Critical        Microsoft Office 2013 RT Service Pack 1
Critical        Microsoft Office 2013 Service Pack 1 (32-bit editions)
Critical        Microsoft Office 2013 Service Pack 1 (64-bit editions)
Critical        Microsoft Office 2016 (32-bit edition)
Critical        Microsoft Office 2016 (64-bit edition)
Critical        Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Critical        Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Critical        Microsoft Office Compatibility Pack Service Pack 3
Critical        Microsoft Office Web Apps 2010 Service Pack 2
Critical        Microsoft Office Web Apps 2013 Service Pack 1
Critical        Microsoft Office Word Viewer
Critical        Microsoft Excel 2013 RT Service Pack 1
Critical        Microsoft Outlook 2007 Service Pack 3
Critical        Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Critical        Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Critical        Microsoft Outlook 2013 RT Service Pack 1
Critical        Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Critical        Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Critical        Microsoft Outlook 2016 (32-bit edition)
Critical        Microsoft Outlook 2016 (64-bit edition)
Critical        Microsoft Outlook 2016 for Mac
Critical        Microsoft PowerPoint 2007 Service Pack 3
Critical        Microsoft PowerPoint 2013 RT Service Pack 1
Critical        Microsoft PowerPoint 2016 for Mac
Critical        Microsoft PowerPoint for Mac 2011
Critical        Microsoft Project Server 2013 Service Pack 1
Critical        Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Critical        Microsoft SharePoint Enterprise Server 2016
Critical        Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions)
Critical        Microsoft SharePoint Server 2013 Service Pack 1
Critical        Microsoft Word 2007 Service Pack 3
Critical        Microsoft Word 2010 Service Pack 2 (32-bit editions)
Critical        Microsoft Word 2010 Service Pack 2 (64-bit editions)
Critical        Microsoft Word 2013 RT Service Pack 1
Critical        Microsoft Word 2013 Service Pack 1 (32-bit editions)
Critical        Microsoft Word 2013 Service Pack 1 (64-bit editions)
Critical        Microsoft Word 2016 (32-bit edition)
Critical        Microsoft Word 2016 (64-bit edition)
Critical        Microsoft Word 2016 for Mac
Critical        Microsoft Word for Mac 2011
Critical        Skype for Business 2016 (32-bit)
Critical        Skype for Business 2016 (64-bit)
Critical        Microsoft Lync 2013 Service Pack 1 (32-bit)
Critical        Microsoft Lync 2013 Service Pack 1 (64-bit)
Critical        Microsoft Silverlight 5 Developer Runtime when installed on
Microsoft Windows (32-bit)
Critical        Microsoft Silverlight 5 Developer Runtime when installed on
Microsoft Windows (x64-based)
Critical        Microsoft Silverlight 5 when installed on Microsoft Windows (32-
bit)
Critical        Microsoft Silverlight 5 when installed on Microsoft Windows (x64-
based)
Critical        Windows 7 for 32-bit Systems Service Pack 1
Critical        Windows 7 for x64-based Systems Service Pack 1
Critical        Windows 8.1 for 32-bit systems
Critical        Windows 8.1 for x64-based systems
Critical        Windows RT 8.1
Critical        Windows 10 for 32-bit Systems
Critical        Windows 10 for x64-based Systems
Critical        Windows 10 Version 1511 for 32-bit Systems
Critical        Windows 10 Version 1511 for x64-based Systems
Critical        Windows 10 Version 1607 for 32-bit Systems
Critical        Windows 10 Version 1607 for x64-based Systems
Critical        Windows Server 2008 for 32-bit Systems Service Pack 2
Critical        Windows Server 2008 for 32-bit Systems Service Pack 2
(Server Core installation)
Critical        Windows Server 2008 for Itanium-Based Systems Service
Pack 2
Critical        Windows Server 2008 for x64-based Systems Service
Pack 2
Critical        Windows Server 2008 for x64-based Systems Service
Pack 2 (Server Core installation)
Critical        Windows Server 2008 R2 for Itanium-Based Systems
Service Pack 1
Critical        Windows Server 2008 R2 for x64-based Systems Service
Pack 1
Critical        Windows Server 2008 R2 for x64-based Systems Service
Pack 1 (Server Core installation)
Critical        Windows Server 2012
Critical        Windows Server 2012 (Server Core installation)
Critical        Windows Server 2012 R2
Critical        Windows Server 2012 R2 (Server Core installation)
Critical        Windows Server 2016
Critical        Windows Server 2016 (Server Core installation)

Puis 2 révisions, critiques encore une fois…..

The following CVEs have undergone a major revision increment.
* CVE-2017-0167
* CVE-2016-3326
Revision Information:
=====================
CVE-2017-0167
– Title: CVE-2017-0167 | Windows Kernel Information Disclosure
Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2017-0167,
Microsoft has released security update 4022887 for supported
editions of Windows Server 2008, and Monthly Rollup 4015549 and
Security Update 4015546 for supported editions of Windows 7 and
Windows Server 2008 R2. Microsoft recommends that customers
running any of these affected editions of Windows should install
the applicable update to be fully protected from this
vulnerability. See Microsoft Knowledge Base Article 4022887,
Microsoft KB4015549 Release Notes, or KB4015546 Release Notes
for more information.
– Originally posted: April 11, 2017
– Updated: June 13, 2017
– CVE Severity Rating: Important
– Version: 2.0
CVE-2016-3326
– Title: CVE-2016-3326 | Microsoft Browser Information
Disclosure Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2016-3326,
Microsoft is releasing June security updates for all affected
Microsoft browsers. Microsoft recommends that customers running
affected Microsoft browsers should install the applicable June
security update to be fully protected from this vulnerability.
See the applicable Release Notes or Microsoft Knowledge Base
article for more information.
– Originally posted: Autust 09, 2016
– Updated: June 13, 2017
– CVE Severity Rating: Important
– Version: 2.0

et pour finir les autres révisions majeures – Major Revisions …

The following bulletins have undergone a major revision increment.
* MS16-095
* MS16-AUG
Revision Information:
=====================
MS16-095
– Title: Cumulative Security -Update for Internet Explorer (3177356)
https:https://technet.microsoft.com/en-us/library/security/
ms16-095.aspx
– Reason for Revision: To comprehensively address CVE-2016-3326,
Microsoft is releasing June security updates for all affected
Microsoft browsers. Microsoft recommends that customers running
affected Microsoft browsers should install the applicable June
security update to be fully protected from this vulnerability.
See the applicable Release Notes or Microsoft Knowledge Base
article for more information.
– Originally posted: August 9, 2016
– Updated: June 13, 2017
– CVE Severity Rating: Critical
– Version: 2.0
MS16-AUG
– Title: Microsoft Security Bulletin Summary for August 2016
https:https://technet.microsoft.com/en-us/library/security/
ms16-aug.aspx
– Reason for Revision: To comprehensively address CVE-2016-3326,
Microsoft is releasing June security updates for all affected
Microsoft browsers. Microsoft recommends that customers running
affected Microsoft browsers should install the applicable June
security update to be fully protected from this vulnerability.
See the applicable Release Notes or Microsoft Knowledge Base
article for more information.
– Originally posted: August 09, 2016
– Updated: June 13, 2017
– CVE Severity Rating: N/A
– Version: 2.0

 

et

The following CVE has been revised in the May 2017 Security Updates.
* CVE-2017-0222
Revision Information:
=====================
CVE-2017-0222
– Title: CVE-2017-0222 | Internet Explorer Memory Corruption
Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised Affected Products table to include
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems
Service Pack 2, and Internet Explorer 9 on Windows Server 2008
for x64-based Systems Service Pack 2. This is an informational
change only.
– Originally posted: May 9, 2017
– CVE Severity Rating: Critical
– Version: 2.1

 

Alors Express Files ou pas…. à vos WSUS/SCCM….Patchez !

PierrE

Publié dans 2008R2, 2012R2, 2016, Audit, Deployment, Ransomeware, Security, System Center, Windows 7, Windows 8, Windows 8.1, Windows10, WS 2012, WS2015TP, WSUS | Laisser un commentaire

Update 1705 (TP) de SCCM disponible…


News from Yvette, encore une fois….et cette fois-ci j’avais raté l’information Smile

Hello everyone! We are happy to let you know that update 1705 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. This month’s new preview features include:

Configuration Manager Console

  • High DPI console support – With this release, issues with how the Configuration Manager console scales and displays different parts of the UI when viewed on high DPI devices (like a Surface Book) should be fixed.

Application Lifecycle and Content

  • Removing Network Access Account (NAA) requirement for Client Peer Cache – In this release, we are removing the NAA requirement, so that peer cache source computers no longer use the NAA to authenticate download requests from peers.

Clients and User Discovery

  • Azure Active Directory (AD) Onboarding – Create a connection between Configuration Manager and Azure AD. Install and register Configuration Manager clients with Azure AD identity. Enable Configuration Manager on-premises services like Management Point or cloud services like Cloud Management Gateway to have the capability to authenticate with devices and user identities in Azure Active Directory. By using Azure AD, devices will not need client authentication certificates for HTTPS.
  • Azure Active Directory (AD) User Discovery – Now you can enable user object discovery from Azure AD.

Software Updates and Compliance

  • Configure and deploy Windows Defender Application Guard policies – You can now create and deploy Windows Defender Application Guard policies to Windows 10 clients that help protect your users by opening untrusted web sites in a secure container.
  • Improved end user experience for Office Updates – Improvements have been made to the end user experience for Office updates which includes improved toast notifications, business bar notifications, and an enhanced countdown experience.

Core Infrastructure

  • Configuration Manager Update Reset Tool – We are adding a new tool to reset and restart in-console updates when they have problems downloading or replicating.
  • SQL Always On asynchronous-commit mode replica support – Configuration Manager now supports SQL Always On secondary replicas that run under asynchronous-commit mode for disaster recovery scenarios.
  • Operations Management Suite (OMS) added to Azure Services Wizard – You can now use Azure Services Wizard to connect Configuration Manager to Log Analytics in OMS to sync device collection data.

Update 1705 for Technical Preview Branch is available in the Configuration Manager console. For new installations please use the 1703 baseline version of Configuration Manager Technical Preview Branch available on TechNet Evaluation Center.

We would love to hear your thoughts about the latest Technical Preview! To provide feedback or report any issues with the functionality included in this Technical Preview, please use Connect. If there’s a new feature or enhancement you want us to consider for future updates, please use the Configuration Manager UserVoice site.

Thanks,

The System Center Configuration Manager team

Configuration Manager Resources:

Documentation for System Center Configuration Manager Technical Previews

Try the System Center Configuration Manager Technical Preview Branch

Documentation for System Center Configuration Manager

System Center Configuration Manager Forums

System Center Configuration Manager Support

Download the Configuration Manager Support Center

Afficher l’article…

Bonne mise à jour!

Pierre@Thessaloniki!

Publié dans Uncategorized | Laisser un commentaire

[English] HP Conexant Keylogger! Urgent!


Some HP laptops are vulnerable due to a now known bug that has an enormous security fail:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8360

In simple words, Conexant the sound driver in the machines, keeps track of all the keystrokes in a text file named: MicTray.log

keyloggerhp

This file contains all the keystrokes that the user typed… It only takes to transcribe the key code to read it. You can find the codes that matches the keys here:

https://msdn.microsoft.com/fr-fr/library/windows/desktop/dd375731(v=vs.85).aspx

Example:

sample_conexant

and:

clip_image005

Here, the affected laptops:

  • § HP EliteBook 820 G3 Notebook PC
  • § HP EliteBook 828 G3 Notebook PC
  • § HP EliteBook 840 G3 Notebook PC
  • § HP EliteBook 848 G3 Notebook PC
  • § HP EliteBook 850 G3 Notebook PC
  • § HP ProBook 640 G2 Notebook PC
  • § HP ProBook 650 G2 Notebook PC
  • § HP ProBook 645 G2 Notebook PC
  • § HP ProBook 655 G2 Notebook PC
  • § HP ProBook 450 G3 Notebook PC
  • § HP ProBook 430 G3 Notebook PC
  • § HP ProBook 440 G3 Notebook PC
  • § HP ProBook 446 G3 Notebook PC
  • § HP ProBook 470 G3 Notebook PC
  • § HP ProBook 455 G3 Notebook PC
  • § HP EliteBook 725 G3 Notebook PC
  • § HP EliteBook 745 G3 Notebook PC
  • § HP EliteBook 755 G3 Notebook PC
  • § HP EliteBook 1030 G1 Notebook PC
  • § HP ZBook 15u G3 Mobile Workstation
  • § HP Elite x2 1012 G1 Tablet
  • § HP Elite x2 1012 G1 with Travel Keyboard
  • § HP Elite x2 1012 G1 Advanced Keyboard
  • § HP EliteBook Folio 1040 G3 Notebook PC
  • § HP ZBook 17 G3 Mobile Workstation
  • § HP ZBook 15 G3 Mobile Workstation
  • § HP ZBook Studio G3 Mobile Workstation
  • § HP EliteBook Folio G1 Notebook PC

All this to say that taking advantage of this bug is as easy as it is dangerous.

HP has put at disposal a new hotfix: SP80323.exe

If your laptop appears in this list, please urgently update it!

Another way of doing it is deleting the executable, the log and all kind of automatic launch to prevent from this fail. To do so, delete MicTray.exe or MicTray64.exe, MicTray.xml or MicTray64.xml (both can be found under System32), delete the log in the Public repertoire and restart the machine!

This link will show you a PowerShell script cleaning the system!

https://github.com/jolegape/RemoveConexantKeylogger/blob/master/Remove_Conexant_Keylogger.ps1

Have a blast with this patch,

Security first!

@RioJoubert

Publié dans ENGLISH, Security | Laisser un commentaire

[SPANISH] ¡HP Conexant Keylogger! ¡Urgente!


 

Por causa de un ‘bug’ hoy en día conocido, una falla de seguridad enorme vulnera algunos portátiles de HP:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8360

En pocas palabras: Conexant, el driver del sonido presente en estas máquinas, lista todas las introducciones de datos del teclado en un archivo de texto llamado: MicTray.log

keyloggerhp

El archivo MicTray.log contiene todas las teclas que el usuario de la máquina introdujo… basta con transcribir el código de la tecla para leerlo. Los códigos correspondientes a las teclas se consiguen aquí:

https://msdn.microsoft.com/fr-fr/library/windows/desktop/dd375731(v=vs.85).aspx

Ejemplo:

sample_conexant

y, en el archivo:

clip_image005

Las computadoras afectadas son las siguientes:

  • § HP EliteBook 820 G3 Notebook PC
  • § HP EliteBook 828 G3 Notebook PC
  • § HP EliteBook 840 G3 Notebook PC
  • § HP EliteBook 848 G3 Notebook PC
  • § HP EliteBook 850 G3 Notebook PC
  • § HP ProBook 640 G2 Notebook PC
  • § HP ProBook 650 G2 Notebook PC
  • § HP ProBook 645 G2 Notebook PC
  • § HP ProBook 655 G2 Notebook PC
  • § HP ProBook 450 G3 Notebook PC
  • § HP ProBook 430 G3 Notebook PC
  • § HP ProBook 440 G3 Notebook PC
  • § HP ProBook 446 G3 Notebook PC
  • § HP ProBook 470 G3 Notebook PC
  • § HP ProBook 455 G3 Notebook PC
  • § HP EliteBook 725 G3 Notebook PC
  • § HP EliteBook 745 G3 Notebook PC
  • § HP EliteBook 755 G3 Notebook PC
  • § HP EliteBook 1030 G1 Notebook PC
  • § HP ZBook 15u G3 Mobile Workstation
  • § HP Elite x2 1012 G1 Tablet
  • § HP Elite x2 1012 G1 with Travel Keyboard
  • § HP Elite x2 1012 G1 Advanced Keyboard
  • § HP EliteBook Folio 1040 G3 Notebook PC
  • § HP ZBook 17 G3 Mobile Workstation
  • § HP ZBook 15 G3 Mobile Workstation
  • § HP ZBook Studio G3 Mobile Workstation
  • § HP EliteBook Folio G1 Notebook PC

En definitiva, sacar provecho de este bug es muy fácil y el riesgo de este es elevadísimo.

HP ha proporcionado un nuevo hotfix: SP80323.exe

¡Si su portátil está en la lista, procure ponerlo al día con carácter de urgencia!

Otra forma de hacerlo, es suprimiendo el ejecutable, el historial, así como de todo lanzamiento automático para protegerse de esta falla: por lo cual suprima MicTray.exe o MicTray64.exe, MicTray.xml o MicTray64.xml (ambos se encuentran bajo el repertorio System32), suprima el historial que se encuentra en el repertorio Publico y reinicialice

¡En este enlace podrá ver como un script de PowerShell se encarga de depurar el sistema!

https://github.com/jolegape/RemoveConexantKeylogger/blob/master/Remove_Conexant_Keylogger.ps1

Deseándoles el mejor parche posible,

¡Seguridad a la vista!

@RioJoubert

Publié dans Security, SPANISH | Laisser un commentaire

HP Conexant Keylogger !!! Urgent!


Certains portables HP sont vulnérables à cause d’ un « bug » qui est maintenant connu et présente une faille de sécurité énorme :

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8360

Explication grossière: le pilote son CONEXANT, présent sur ces PCs, logue toutes les saisies clavier dans un fichier texte : MicTray.log

keyloggerhp

Ce fichier MicTray.log contient toutes les touches que les utilisateurs de la machine ont utilisé… Il suffit de transcrire le code de la touche pour le lire en allant chercher les correspondances ici :

https://msdn.microsoft.com/fr-fr/library/windows/desktop/dd375731(v=vs.85).aspx

Exemple :

sample_conexant

clip_image005

Les PCs ciblés sont :

  • HP EliteBook 820 G3 Notebook PC
  • HP EliteBook 828 G3 Notebook PC
  • HP EliteBook 840 G3 Notebook PC
  • HP EliteBook 848 G3 Notebook PC
  • HP EliteBook 850 G3 Notebook PC
  • HP ProBook 640 G2 Notebook PC
  • HP ProBook 650 G2 Notebook PC
  • HP ProBook 645 G2 Notebook PC
  • HP ProBook 655 G2 Notebook PC
  • HP ProBook 450 G3 Notebook PC
  • HP ProBook 430 G3 Notebook PC
  • HP ProBook 440 G3 Notebook PC
  • HP ProBook 446 G3 Notebook PC
  • HP ProBook 470 G3 Notebook PC
  • HP ProBook 455 G3 Notebook PC
  • HP EliteBook 725 G3 Notebook PC
  • HP EliteBook 745 G3 Notebook PC
  • HP EliteBook 755 G3 Notebook PC
  • HP EliteBook 1030 G1 Notebook PC
  • HP ZBook 15u G3 Mobile Workstation
  • HP Elite x2 1012 G1 Tablet
  • HP Elite x2 1012 G1 with Travel Keyboard
  • HP Elite x2 1012 G1 Advanced Keyboard
  • HP EliteBook Folio 1040 G3 Notebook PC
  • HP ZBook 17 G3 Mobile Workstation
  • HP ZBook 15 G3 Mobile Workstation
  • HP ZBook Studio G3 Mobile Workstation
  • HP EliteBook Folio G1 Notebook PC

Autant dire que l’exploitation du bug est simple et présente un risque plus qu’élevé.

HP a mis à disposition un nouveau hotfix : SP80323.exe

Il faut mettre à jour de toute urgence vos machines si ces dernières sont sur la liste!!!

Une autre solution est de supprimer l’exécutable et le log, et tout lancement automatique afin de se prémunir contre cette faille : pour cela, suprimez MicTray.exe ou MicTray64.exe, MicTray.xml ou MicTray64.xml (Ils sont tous deux sous le répertoire System32) et le log qui est dans le repertoire Public et redémarrez!

regardez ici: https://github.com/jolegape/RemoveConexantKeylogger/blob/master/Remove_Conexant_Keylogger.ps1 pour un script powershell faisant le ménage!

Bon patch à tous….

Sacré Weekend pour la sécurité!!!

PierrE

Publié dans Audit, Scripting, Security | Tagué , , , , , , | Laisser un commentaire

Microsoft Security Advisory Notificaion


********************************************************************

Title: Microsoft Security Advisory Notification

Issued: May 11, 2017

********************************************************************

Security Advisories Released or Updated Today ==============================================

* Microsoft Security Advisory 4021279

– Title: Vulnerabilities in .NET Core, ASP.NET Core Could Allow

Elevation of Privilege

https://technet.microsoft.com/library/security/4021279.aspx

– Reason for Revision: Advisory revised to include a table of

issue CVEs and their descriptions. This is an informational

change only.

– Originally posted: May 9, 2017

– Updated: May 11, 2017

– Bulletin Severity Rating: N/A

– Version: 1.1

Rappellez vous de maintenir vos serveurs à jour … Votre sécurité en dépend!

PierrE.

Publié dans Uncategorized | Laisser un commentaire

Patch Tuesday, Mai 2017


Une bonne dose de patchs aujourd’hui Smile

This summary lists security updates released for May 2017.

Complete information for the May 2017 security update release can Be found at <https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical Security Updates

============================

Critical Adobe Flash Player

Critical Internet Explorer 10

Critical Internet Explorer 11

Critical Internet Explorer 9

Critical Microsoft Edge

Critical Microsoft Business Productivity Servers 2010

Critical Microsoft Office 2007 Service Pack 3

Critical Microsoft Office 2010 Service Pack 2 (32-bit editions)

Critical Microsoft Office 2010 Service Pack 2 (64-bit editions)

Critical Microsoft Office 2013 RT Service Pack 1

Critical Microsoft Office 2013 Service Pack 1 (32-bit editions)

Critical Microsoft Office 2013 Service Pack 1 (64-bit editions)

Critical Microsoft Office 2016 (32-bit edition)

Critical Microsoft Office 2016 (64-bit edition)

Critical Microsoft Office 2016 for Mac

Critical Microsoft Office Compatibility Pack Service Pack 3

Critical Microsoft Office for Mac 2011

Critical Microsoft Office Web Apps 2010 Service Pack 2

Critical Microsoft Office Web Apps 2013 Service Pack 1

Critical Microsoft Office Word Viewer

Critical Microsoft Office Web Apps Server 2013

Critical Microsoft Office Online Server

Critical Microsoft Project Server 2013

Critical Microsoft SharePoint Enterprise Server 2016

Critical Microsoft SharePoint Foundation 2013 Service Pack 1

Critical Microsoft SharePoint Server 2010

Critical Microsoft SharePoint Foundation 2013

Critical Microsoft SharePoint Enterprise Server 2013

Critical Word Automation Services

Critical Microsoft Word 2007 Service Pack 3

Critical Microsoft Word 2010 Service Pack 2 (32-bit editions)

Critical Microsoft Word 2010 Service Pack 2 (64-bit editions)

Critical Microsoft Word 2013 RT Service Pack 1

Critical Microsoft Word 2013 Service Pack 1 (32-bit editions)

Critical Microsoft Word 2013 Service Pack 1 (64-bit editions)

Critical Microsoft Word 2016 (32-bit edition)

Critical Microsoft Word 2016 (64-bit edition)

Critical Skype for Business 2016

Critical Windows 7 for 32-bit Systems Service Pack 1

Critical Windows 7 for x64-based Systems Service Pack 1

Critical Windows 8.1 for 32-bit systems

Critical Windows 8.1 for x64-based systems

Critical Windows RT 8.1

Critical Windows 10 for 32-bit Systems

Critical Windows 10 for x64-based Systems

Critical Windows 10 Version 1511 for 32-bit Systems

Critical Windows 10 Version 1511 for x64-based Systems

Critical Windows 10 Version 1607 for 32-bit Systems

Critical Windows 10 Version 1607 for x64-based Systems

Critical Windows 10 Version 1703 for 32-bit Systems

Critical Windows 10 Version 1703 for x64-based Systems

Critical Windows Server 2008 for 32-bit Systems Service Pack 2

Critical Windows Server 2008 for 32-bit Systems Service Pack 2

(Server Core installation)

Critical Windows Server 2008 for Itanium-Based Systems Service

Pack 2

Critical Windows Server 2008 for x64-based Systems Service

Pack 2

Critical Windows Server 2008 for x64-based Systems Service

Pack 2 (Server Core installation)

Critical Windows Server 2008 R2 for Itanium-Based Systems

Service Pack 1

Critical Windows Server 2008 R2 for x64-based Systems Service

Pack 1

Critical Windows Server 2008 R2 for x64-based Systems Service

Pack 1 (Server Core installation)

Critical Windows Server 2012

Critical Windows Server 2012 (Server Core installation)

Critical Windows Server 2012 R2

Critical Windows Server 2012 R2 (Server Core installation)

Critical Windows Server 2016

Critical Windows Server 2016 (Server Core installation)

Important Security Updates

============================

Important Microsoft .NET Framework 2.0 Service Pack 2

Important Microsoft .NET Framework 3.5

Important Microsoft .NET Framework 3.5.1

Important Microsoft .NET Framework 4.5.2

Important Microsoft .NET Framework 4.6

Important Microsoft .NET Framework 4.6.1

Important Microsoft .NET Framework 4.6.2

Important Microsoft .NET Framework 4.6/4.6.1

Important Microsoft .NET Framework 4.7

 

et si vous avez encore du temps, il y a aussi:

********************************************************************

Title: Microsoft Security Advisory Notification

Issued: May 8, 2017

********************************************************************

Security Advisories Released or Updated Today ==============================================

* Microsoft Security Advisory 4022344

– Title: Security Update for Microsoft Malware Protection Engine

https://technet.microsoft.com/library/security/4022344.aspx

– Reason for Revision: Microsoft is releasing this security advisory

to inform customers that an update to the Microsoft Malware

Protection Engine addresses a security vulnerability that was

reported to Microsoft.

– Originally posted: May 8, 2017

– Updated: N/A

– Version: 1.0

 

patchez vite vos systèmes, la faille est publiée….

PierrE.

Publié dans Security, WSUS | Laisser un commentaire

SCCM CB 1702 disponible en téléchargement (Stand Alone)


Si vous vous apprêtez à installer une nouvelle plateforme SCCM, ce post est pour vous Smile

Les binaires d’installation complète sont disponibles sur MSDN depuis ce jour!

image

Bonnes installations!

PierrE.

Publié dans System Center | Tagué , , , | Laisser un commentaire

5 jours, 5 challenges, 5 opportunités d’apprendre, Gratuitement!


Voilà une superbe opportunité, 5 jours de training gratuit, enfin, une vidéo, un cours et un challenge par jour, depuis le confort de votre bureau, offerts par Paula Januszkiewicz , experte en sécurité. Et suivez-la sur twitter: @PaulaCqure

Ywa8WXJy

Merci Paula ! ! !

PierrE.

Publié dans ENGLISH, Event, Formation, Security | Tagué , , , , , , , | Laisser un commentaire