Microsoft Alerts

[AplusWebMaster]

FYI...

- https://technet.microsoft.com/library/security/ms14-dec
Dec 9, 2014 - "This bulletin summary lists security bulletins released for December 2014...
(Total of -7-).

Microsoft Security Bulletin MS14-075 - Important
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)
- https://technet.microsoft.com/library/security/MS14-075
Important - Elevation of Privilege - May require restart - Microsoft Exchange

Microsoft Security Bulletin MS14-080 - Critical
Cumulative Security Update for Internet Explorer (3008923)
- https://technet.microsoft.com/library/security/ms14-080
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS14-081 - Critical
Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301)
- https://technet.microsoft.com/library/security/ms14-081
Critical - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS14-082 - Important
Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)
- https://technet.microsoft.com/library/security/ms14-082
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS14-083 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
- https://technet.microsoft.com/library/security/ms14-083

Microsoft Security Bulletin MS14-084 - Critical
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)
- https://technet.microsoft.com/library/security/ms14-084
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-085 - Important
Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)
- https://technet.microsoft.com/library/security/ms14-085
Important - Information Disclosure - May require restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/arch...4-updates.aspx
Dec 9, 2014 - "... we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange...
We re-released two Security Bulletins:
MS14-065 Cumulative Security Update for Internet Explorer
- http://support.microsoft.com/kb/3003057
MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution
- https://technet.microsoft.com/library/security/MS14-066
One Security Advisory was revised:
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)..."
- https://technet.microsoft.com/en-us/...curity/2755801
___

MS Advisories for Dec 2014:

Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/...curity/3009008
Oct 14, 2014 | Updated: Dec 9, 2014
V2.1

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/...curity/2755801
Updated: Dec 9, 2014
V33.0
___

- http://www.securitytracker.com/id/1031318 - MS14-075
- http://www.securitytracker.com/id/1031315 - MS14-080
- http://www.securitytracker.com/id/1031314 - MS14-081
- http://www.securitytracker.com/id/1031319 - MS14-082
- http://www.securitytracker.com/id/1031320 - MS14-083
- http://www.securitytracker.com/id/1031313 - MS14-084
- http://www.securitytracker.com/id/1031324 - MS14-085
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=19043
2014-12-09

.

[AplusWebMaster]

FYI...

"Crash Wednesday"...
- http://www.infoworld.com/article/285...l-defende.html
Dec 10, 2014 - "If yesterday was Black Tuesday, today must be Crash Wednesday. I'm seeing lots of reports of problems with KB 3004394, which modifies the Windows Root Certificate checker so that it looks for bad root certificates daily. As usual, there's no confirmation from Microsoft about the problem, no documentation that I can find, and no advice on how to proceed. Users with problems find they go away if they uninstall the patch.
Lead3 started a thread on the Microsoft Answers Forum on Tuesday that described two problems with KB 3004394: 'All MMC functions (Event Viewer, etc.) now require Administrator action, although in an Administrator account. Windows Defender service will not start. The Windows Defender Service Terminated with the following error %%-2147023113'
In the same thread, Thinger123 reported: 'After I install it, I can't install any other Windows Updates. I get an error message on Windows Update. I have already did some advanced troubleshooting and narrowed the problem down to KB3004394. The update itself installs fine, but after a reboot, no other Windows Updates will install. As soon as I clicked Install Updates on other updates, it goes right to a red X and error message. Removing the update and rebooting allows all other updates to complete as usual.'
And q454 posted: 'I'm also having problems with update KB3004394. everytime I try running taskmngr it kept asking that an unknown program wanted to make changes. I try going to msconfig and got the same thing, then went to UAC settings and got the same alert. basically everything that had to do with Microsoft UAC gave me an alert that an unknown program wanted to make changes to my pc'
Tim Birming said: 'MSE installation also aborts with error 8004ff91 after this patch. Error code reveals nothing.'
And KellyPratt noted: 'VirtualBox went back to working after I uninstalled this update. The AMD forum is alight with problems installing the AMD Catalyst Omega driver.'
Poster necrophyte said: 'with kb3004394 not installed (but all other patches from yesterdays patch tuesday installed), ran ddu, rebooted, installed 14.12 with no issues, rebooted, and now finally after 11h of hair tearing i have a functioning display driver again, even better, the omega one.. blame microsoft for this kb3004394 root certificate update, which almost made me do an OS repair install.. hope theyll read my technet thread where i first mentioned kb3004394 being the culprit'
The KB 3002339 problem, by contrast, is relatively innocuous. SnydrRydr posted on the Answers forum:
' have been installing the Update for Visual Studio 2012 (KB3002339) for over an hour now and it's still not done. I took a look at the support article and it looks like it's a small bug fix update. So why is it taking so long to install?'
W Jezewski offered a solution: 'I ran into the same issue with three machines. Manual download and install did the trick.'
You can download KB 3002339 directly from the Microsoft Download Center*."
* https://www.microsoft.com/en-us/down....aspx?id=44907
___

- https://support.microsoft.com/kb/3004394/en-us
Dec 9, 2014 - Rev: 1.0

Windows update KB3004394 issues
- https://answers.microsoft.com/en-us/...6907a18?page=1

- http://www.bleepingcomputer.com/foru...essages/page-2
Posted Today, 05:42 AM

[AplusWebMaster]

FYI...

MS on KB 3004394 patch: Uninstall it ...
- http://www.infoworld.com/article/285...b-3004394.html
Dec 11, 2014 - "... Microsoft has pulled the botched patch KB 3004394. That's the Windows Root Cert patch causing endless problems - Windows Defender wouldn't start, installing KB 3004394 blocked installing other Windows Updates, UAC prompts appeared in the weirdest places, MSE wouldn't install, VirtualBox stopped working, and on and on... Microsoft acknowledged the problem and told us what to do about it. Microsoft engineer and forum moderator Pinaki Mohanty*, writing on the Microsoft Answers forum, announced that you should uninstall KB 3004394, if you were unfortunate enough to get it. Here's the official advice:
'We encourage Windows 7 and Windows Server 2008 R2 customers who are impacted, to uninstall the updates/KB3004394. Once ready, we will re-release the updates.'* "
* https://answers.microsoft.com/en-us/...db57c1a?page=2
Pinaki Mohanty - Microsoft Forum Moderator Dec 11, 2014

- https://support.microsoft.com/kb/3004394
Last Review: Dec 11, 2014 - Rev: 2.0
___

- http://www.infoworld.com/article/285...root-cert.html
Dec 11, 2014 - "Overnight, Microsoft pulled two high-profile screwed-up patches: KB 3011970 and KB 3004394. Another patch, KB 2553154, is killing some Excel 2010 and 2013 macros, saying the ActiveX control "has stopped working in Excel." Admins are reporting that KB 3008923 has broken modal dialogs in IE. And the hang on installing KB 3002339 described yesterday* is still kicking...
I'm seeing reports of this problem with both Excel 2010 and Excel 2013. It isn't clear at this point if the same problem applies to other Office 2010 or 2013 programs, such as Word. It's also not clear if the same problem affects Office 2007, which is included in the security bulletin...
KB 2986475, the Exchange Server 2010 SP3 update rollup 8, was pulled yesterday, as reported. If you started rolling out the update, you need to roll it back (at least, if you want to connect to Outlook). I've seen no further official word as to the cause or the cure. KB 3002339 -- a patch of a .Net Framework 4.5.3 patch -- is still hanging on installation for some people. If the patch takes more than, oh, 30 minutes to install, kill the installer, then manually download it...
KB 3008923, the MS14-080 Internet Explorer rollup, is crashing Internet Explorer, although which versions of IE is unclear... At this point, I've seen reports of the problem with IE9 and IE11, but one report says it affects IE11 only, and not IE9 or IE10. As usual, there's no acknowledgment of the problem in the KB article (although the KB article does say there may be an installation error 8024001d with Windows 10 Technical Preview). No clue as to a workaround.
Finally, KB 3011970 -- the Silverlight patch -- crashed so spectacularly that Time Warner Cable issued an alert...
* http://www.infoworld.com/article/285...l-defende.html
Dec 10, 2014

[AplusWebMaster]

FYI...

MS releases 'Silver Bullet' patch KB 3024777 to eliminate KB 3004394
More information unfolds about the Windows Root Certification patch and its foibles
- http://www.infoworld.com/article/285...b-3004394.html
Dec 12, 2014 - "Another episode of the KB 3004394 saga is unfolding, as Microsoft releases a new patch, KB 3024777, specifically designed to take out this week's Black Tuesday fiasco, KB 3004394, on Windows 7 SP1 and Windows Server 2008 R2 SP1 machines. The story's a little more complicated... You'll recall this week's bête noire, KB 3004394. Issued on Tuesday, by Wednesday there were dozens of reports of problems with odd UAC prompts, Windows Diagnostic Tool error 8000706f7, failure on attempting to install the AMD Catalyst driver, Windows Defender error 2147023113, and several more. It's as if Microsoft didn't test the patch before releasing it. On Thursday, Microsoft yanked the patch and later advised in an Answers forum post that you should uninstall KB 3004394. Today's a new day, and we have a new explanation -- and marching orders.
Microsoft has updated its KB 3004394* article to say that the problems only occur on Windows 7 SP1 and Windows Server 2008 R2 SP1:
* http://support2.microsoft.com/kb/3004394/en-us
'... We have found that this update is causing additional problem on computers that are running Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This includes the inability to install future updates. The KB 3004394 update does not cause any known problems on the -other- systems for which it is released. We recommend that you install the update on the other systems.
If you have not yet deployed KB 3004394 on Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers, we recommend that you -delay- installation until a new version of this update becomes available.
If you have already installed KB 3004394 on Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers that were not restarted after the update was installed, we recommend that you -delay- the restart if it is possible until more information is added to this article about a method to remove the update.
If the installation of KB 3004394 is causing problems on these computers, -remove- the update, and then restart the computers. >> The ability to remove Windows Updates through Control Panel may no longer function on some Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers after KB 3004394 is installed...' ...

Reading between the lines - several of them, actually - it looks like this is what you should do:
On Windows 7 SP1/Server 2008 R2 SP1 machines: Crank up Windows Update. If KB 3024777 is listed, run it. If the installation fails, manually download the Silver Bullet and fire. Er, run it.
On Windows 8/8.1/Server 2012 machines: I wouldn't manually uninstall KB 3004394, if you have it, until Microsoft tells us more about potential conflicts..."

(More detail at the the infoworld URL at the top of this post.)
___

- http://support2.microsoft.com/kb/3024777
Last Review: Dec 12, 2014 - Rev: 6.0
___

[AplusWebMaster]

FYI...

MS14-080: https://support.microsoft.com/kb/3008923 - IE
Last Review: Dec 13, 2014 - Rev: 5.1

MS14-082: https://support.microsoft.com/kb/3017349 - Office
Last Review: Dec 13, 2014 - Rev: 3.0

[AplusWebMaster]

FYI...

Win7 hit by rash of -bogus- 'not genuine' reports, validation code 0x8004FE21
- http://www.infoworld.com/article/285...x8004fe21.html
Dec 15, 2014 - "... I see at least a hundred posts from people who are being told their copy of Windows 7 is disingenuous when, in fact, they know it's genuine. If you guessed that all of those problems were caused by a bad Black Tuesday patch, you win the small prize. If you guessed that the aberrant patch is KB 3004394, you get the big prize... Windows users started screaming about KB 3004394 within hours of it being rolled out of the Automatic Update chute last Tuesday: Bogus UAC prompts, MMC plug-ins refused to start, Windows Defender wouldn't start, Microsoft Security Essentials wouldn't install, VirtualBox wouldn't work, the AMD Catalyst Omega driver wouldn't install, and other Windows Updates wouldn't install after KB 3004394 infected those machines. On Thursday morning, Microsoft -pulled- the patch. On Thursday afternoon, Microsoft started advising in the Answers Forum that people infected with KB 3004394 should manually remove the patch, although the KB 3004394 article admonished, "The ability to remove Windows Updates through Control Panel may no longer function on some Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers after KB 3004394 is installed." Then we started hearing rumors that manually uninstalling KB 3004394 would, in fact, cause -more- problems... a whole lot of bad advice flowing around this problem. Even at this late date -- working all the way through the weekend, until late Sunday night -- I'm not sure that this fix will work in all cases..."

- https://support.microsoft.com/kb/3004394
Last Review: Dec 11, 2014 - Rev: 2.0

> https://support.microsoft.com/kb/3024777
Last Review: Dec 12, 2014 - Rev: 6.0
___

MS sends out KB 2920807, KB 2920738 for Office
- http://www.infoworld.com/article/285...or-office.html
Dec 12, 2014 - "... short version:
If you're using Office 2010 or Office 2013 and you installed the October Office update (MS14-061/KB 3000434), you've been living with a bug for the past couple of months. A new TechNet post explains:
Shortly after the release of the October Public Update, we received notification of a potential issue affecting Office 2010 and Office 2013 users. In some cases, users running Office 2013 or Office 2010 may not be able update Microsoft Word fields in a few scenarios after the October Public updates are installed. We have since corrected the issue in Office 2013 Click-to-Run build 15.0.4675.1002.
If you have Office Click-to-Run (one component of Office 365), you're already fixed. But if you use an installed version of Office 2010 or Office 2013, this bug has been lurking for a couple of months: When you print or print preview a document in Word that has the Print Markup option enabled, the page numbers of the document may be displayed incorrectly. No idea why it's taken months to articulate the bug or squash it. The patch for Office 2013 is listed as KB 2920738. The patch for Office 2010 SP2 is KB 2920807..."

- https://support.microsoft.com/kb/3000434 - MS14-061

- https://support.microsoft.com/kb/2920738 - Office 2013
Last Review: Dec 15, 2014 - Rev: 4.0

- https://support.microsoft.com/kb/2920807 - Office 2010 SP2
Last Review: Dec 15, 2014 - Rev: 4.0
___

- http://www.theinquirer.net/inquirer/...-patch-tuesday
Dec 15 2014

[AplusWebMaster]

FYI...

MS14-080: Cumulative security update for I/E ...
- https://support.microsoft.com/kb/3008923
Last Review: Dec 13, 2014 - Rev: 5.1
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
Microsoft Internet Explorer 6.0

> patchmanagement.org - Message 39536
16 Dec 2014 - "The KB article lists known issues of IE9 crashing and IE11 dialog box errors..."
___

MS14-082: Office 2013 ...
- https://support.microsoft.com/kb/2726958
Last Review: Dec 16, 2014 - Rev: 4.0

[AplusWebMaster]

FYI...

MS ships KB 3025390 to fix IE11 screwups in KB 3008923
As of noon Wednesday, MS still hasn't pulled -or- updated the botched patch MS 14-080 / KB 3008923
- http://www.infoworld.com/article/286...b-3008923.html
Dec 17, 2014 - "... the link in the Windows Update description doesn't work, but you can find detailed information at support2.microsoft.com (note the "support2" in the link). Here's what that KB article says:
'You install MS14-080: Cumulative security update for Internet Explorer: December 9, 2014 ( https://support.microsoft.com/kb/3008923 ) on a computer that's running Internet Explorer 11 or the Internet Explorer 11 Web Browser control. However, after you do this, you may experience unexpected behavior when you interact with sites that use one or more web application modal dialog boxes. Any data or information that's provided in the modal dialog box may not be returned to the application window or to the dialog box that created the data or information. Therefore, the application that created the dialog box may exhibit errors or lack specific functionality that was dependent on that dialog box data...'
German sites report that the patch appears in the English language, though their patches normally appear in German. I talked about the original problem with KB 3008923 last week, and Microsoft has since updated the KB 3008923 article (now at version 5.1) with this explanation:
'We are aware of some reports of functional issues on sites that use nested modal dialog boxes on Internet Explorer 11 that occur after you install this security update…
We are aware of some limited reports of Internet Explorer 9 crashing after you apply this security update.
Microsoft is researching this issue and will post more information in this article when the information becomes available.'
Many people haven't been able to -find- the KB article, and they're cautious about installing a patch simply because it magically appeared in Windows Update, with -no- explanation..."
(More detail and links at the infoworld URL at the top of this post.)

- https://support.microsoft.com/kb/3008923
Last Review: Dec 17, 2014 - Rev: 6.0

- https://support.microsoft.com/kb/3025390
Last Review: Dec 17, 2014 - Rev: 1.0
___

- http://www.forbes.com/sites/jasoneva...dows-defender/
12/13/2014 - "... If you have Windows 7 set to automatically update every Tuesday, it may be time to permanently -disable- that feature. Microsoft has just confirmed that a recent update — specifically KB 3004394 — is causing a range of serious problems and recommends removing it... Unfortunately this newest update isn’t limited to graphics driver problems. Redmond hasn’t directly divulged each and every issue, but Microsoft’s Answer Forum is littered with tech-savvy users reporting that USB 3.0 drivers are broken and User Account Control (UAC) prompts have gone haywire. Microsoft has acknowledged that it even prevents the installation of future Windows Updates..."

Install KB3024777 to fix an issue with KB3004394...
- http://support.microsoft.com/kb/3024777/en-us
Last Review: Dec 12, 2014 - Rev: 6.0

[AplusWebMaster]

FYI...

MS14-080: I/E...
- https://support.microsoft.com/kb/3008923
Last Review: Dec 18, 2014 - Rev: 7.0
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
Microsoft Internet Explorer 6.0
___

For IE 11: Some web application modal dialog boxes don't work correctly in Internet Explorer 11 after you install update 3008923
- https://support.microsoft.com/kb/3025390
Last Review: Dec 17, 2014 - Rev: 1.0

[AplusWebMaster]

FYI...

Install KB3024777 to fix an issue with KB3004394 on Windows 7 and Windows Server 2008 R2
- https://support.microsoft.com/kb/3024777/en-us
Last Review: Dec 22, 2014 - Rev: 7.0
The KB 3004394 update that was dated December 10, 2014 can cause additional problems on computers that are running Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This includes the inability to install future updates. This new update is available to remove KB 3004394 from your computer.
For more information about the KB 3004394 update, see the following Microsoft Knowledge Base article:

Dec 2014 update for Windows Root Certificate Program in Windows
- https://support.microsoft.com/kb/3004394
Last Review: Dec 11, 2014 - Rev: 2.0