Page 18 of 47 FirstFirst ... 814151617181920212228 ... LastLast
Results 171 to 180 of 467

Thread: Microsoft Alerts

  1. #171
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down IE 11 users - no update - no security fixes ...

    FYI...

    For IE 11 users, no update now means no security fixes
    - http://arstechnica.com/information-t...-new-features/
    June 16 2014 - "When Microsoft released the Windows 8.1 Update, IT feathers were ruffled by Microsoft's decision to make it a compulsory update: without it, Windows 8.1 systems would no longer receive security fixes. As spotted by Computerworld's Gregg Keizer*, Microsoft is applying the same rules, at least in part, to Windows 7. Windows 7 users who've installed Internet Explorer 11 are required to install the KB2929437 update. This is the Internet Explorer 11 update that corresponds to the Windows 8.1 Update; it doesn't just include security fixes for Microsoft's browser. There are also some new and improved features, including a more capable WebGL implementation and some additional high performance JavaScript features. If users don't install the update, Windows Update will not provide any more security fixes for their browser..."
    * http://www.infoworld.com/d/microsoft...44338?page=0,0
    June 16, 2014

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #172
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory 2974294

    FYI...

    Microsoft Security Advisory 2974294
    Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service
    - https://technet.microsoft.com/library/security/2974294
    June 17, 2014 - "Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted... See the Affected Software section for a list of affected products. Updates to the Microsoft Malware Protection Engine are installed along with the updated malware definitions for the affected products... automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration..."

    - https://www.us-cert.gov/ncas/current...are-Protection
    June 17, 2014
    ___

    - http://www.securitytracker.com/id/1030438
    CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-2779
    Jun 17 2014
    Impact: Denial of service via local system, Denial of service via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 1.1.10600.0 and prior...
    Solution: The vendor has issued a fix (1.1.10701.0).
    The vendor's advisory is available at:
    - https://technet.microsoft.com/en-us/...curity/2974294
    ___

    - https://atlas.arbor.net/briefs/
    High Severity
    June 20, 2014
    Analysis: If the engine scans a specially crafted file, the vulnerability could be exploited to cause a denial of service condition, stopping the engine from monitoring affected systems. A specially crafted file could be delivered via email or instant messenger, or by visiting a site hosting a malicious file; alternatively, a malicious attacker could use a website that hosts user-provided content to upload a malicious file, which would be scanned by the engine running on the hosting server. [ https://technet.microsoft.com/library/security/2974294 ] Microsoft has updates for affected products, which will automatically be pushed to Microsoft Malware Protection Engine...

    Last edited by AplusWebMaster; 2014-06-22 at 22:18.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #173
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory 2960358 v1.1

    FYI...

    Microsoft Security Advisory 2960358
    Update for Disabling RC4 in .NET TLS
    - https://technet.microsoft.com/en-us/...curity/2960358
    V1.1 (June 19, 2014): Added link to Microsoft Knowledge Base Article 2978675* under Known Issues in the Executive Summary.
    * https://support.microsoft.com/kb/2978675
    June 19, 2014 - Rev: 1.0

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #174
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS14-019 updated ...

    FYI...

    Microsoft Security Bulletin MS14-019 - Critical
    Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229)
    - https://technet.microsoft.com/en-us/...urity/MS14-019
    V1.1 (June 27, 2014) Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".

    - https://support.microsoft.com/kb/2922229
    Last Review: June 24, 2014 - Rev: 2.0

    - https://technet.microsoft.com/library/security/ms14-jun
    V1.1 (June 17, 2014): For MS14-035, added an Exploitability Assessment in the Exploitability Index for CVE-2014-2782. This is an informational change only.

    MS14-035
    - https://technet.microsoft.com/library/security/ms14-035
    V1.1 (June 17, 2014): Corrected the severity table and vulnerability information to add CVE-2014-2782 as a vulnerability addressed by this update. This is an informational change only...

    MS14-036
    - https://technet.microsoft.com/library/security/ms14-036
    V1.1 (June 17, 2014): Clarified in the Update FAQ for Microsoft Office section what updates will be offered to systems that are running Microsoft Office 2010. This is an informational change only...

    Last edited by AplusWebMaster; 2014-07-01 at 12:28.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #175
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MS Security Notifications ...

    FYI...

    - https://isc.sans.edu/diary.html?storyid=18319
    2014-06-28
    "... Microsoft Security Notifications
    Issued: June 27, 2014
    Notice to IT professionals:
    As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is -suspending- the use of -email- notifications that announce the following:
    * Security bulletin advance notifications
    * Security bulletin summaries
    * New security advisories and bulletins
    * Major and minor revisions to security advisories and bulletins
    In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website. For more information, or to sign up for an RSS feed, visit the Microsoft Technical Security Notifications webpage at:
    - http://technet.microsoft.com/security/dd252948 "
    ___

    - http://www.theregister.co.uk/2014/07..._mailing_list/
    1 Jul 2014 - "... In an email last night Microsoft said it would resume the mailing list on 3 July.
    'On June 27, 2014, Microsoft notified customers that we were suspending Microsoft Security Notifications due to changing governmental policies concerning the issuance of automated electronic messaging. We have reviewed our processes and will resume these security notifications with our monthly Advanced Notification Service on July 3, 2014'..."

    Last edited by AplusWebMaster; 2014-07-01 at 12:38.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #176
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - July 2014

    FYI...

    - https://technet.microsoft.com/library/security/ms14-jul
    July 8, 2014 - "This bulletin summary lists security bulletins released for July 2014...
    (Total of -6-)
    V1.1 (July 29, 2014): For MS14-037, added an Exploitability Assessment in the Exploitability Index for CVE-2014-4066. This is an informational change only.

    Microsoft Security Bulletin MS14-037 - Critical
    Cumulative Security Update for Internet Explorer (2975687)
    - https://technet.microsoft.com/library/security/ms14-037
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
    V1.1 (July 29, 2014): Corrected the severity table and vulnerability information to add CVE-2014-4066 as a vulnerability addressed by this update. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
    - https://cve.mitre.org/cgi-bin/cvenam...=CVE-2014-4066

    Microsoft Security Bulletin MS14-038 - Critical
    Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689)
    - https://technet.microsoft.com/library/security/ms14-038
    Critical - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS14-039 - Important
    Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege (2975685)
    - https://technet.microsoft.com/library/security/ms14-039
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS14-040 - Important
    Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684)
    - https://technet.microsoft.com/library/security/ms14-040
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS14-041 - Important
    Vulnerability in DirectShow Could Allow Elevation of Privilege (2975681)
    - https://technet.microsoft.com/library/security/ms14-041
    Important - Elevation of Privilege - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS14-042 - Moderate
    Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621)
    - https://technet.microsoft.com/library/security/ms14-042
    Moderate - Denial of Service - Does not require restart - Microsoft Server Software
    ___

    - http://blogs.technet.com/b/msrc/arch...n-release.aspx
    8 Jul 2014

    Deployment Priority, Severity, Exploit Index
    - http://blogs.technet.com/cfs-file.as...deployment.jpg
    ___

    July 2014 Office Update Release
    - http://blogs.technet.com/b/office_su...e-release.aspx
    8 Jul 2014 - "... There are no security updates. There are 36 non-security updates..."
    ___

    - http://www.securitytracker.com/id/1030532 - MS14-037
    - http://www.securitytracker.com/id/1030531 - MS14-038
    - http://www.securitytracker.com/id/1030535 - MS14-039
    - http://www.securitytracker.com/id/1030536 - MS14-040
    - http://www.securitytracker.com/id/1030537 - MS14-041
    - http://www.securitytracker.com/id/1030538 - MS14-042
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=18359
    2014-07-08

    .
    Last edited by AplusWebMaster; 2014-08-05 at 04:13.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #177
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisories - 7.08.2014

    FYI...

    Microsoft Security Advisory 2871997
    Update to Improve Credentials Protection and Management
    - https://technet.microsoft.com/en-us/...curity/2871997
    Published: May 13, 2014 | Updated: July 8, 2014 Version: 2.0 - "Microsoft is announcing the availability of updates for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 that improve credential protection and domain authentication controls to reduce credential theft..."

    Microsoft Security Advisory 2960358
    Update for Disabling RC4 in .NET TLS
    - https://technet.microsoft.com/en-us/...curity/2960358
    Published: May 13, 2014 | Updated: July 8, 2014 Version: 1.2 - "Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.
    Recommendation. Microsoft recommends that customers download and test the update before deploying it in their environments as soon as possible. Please see the Suggested Actions section of this advisory for more information.
    Known Issues. Microsoft Knowledge Base Article 2978675* documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues..."
    * https://support.microsoft.com/kb/2978675

    Microsoft Security Advisory 2755801
    Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
    - https://technet.microsoft.com/en-us/...curity/2755801
    Published: September 21, 2012 | Updated: July 8, 2014 Version: 26.0 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11.
    Current Update: Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #178
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory 2982792 - 7.10.2014

    FYI...

    Microsoft Security Advisory 2982792
    Improperly Issued Digital Certificates Could Allow Spoofing
    - https://technet.microsoft.com/en-us/...y/2982792.aspx
    July 10, 2014 - "Executive Summary: Microsoft is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The SSL certificates were improperly issued by the National Informatics Centre (NIC), which operates subordinate CAs under root CAs operated by the Government of India Controller of Certifying Authorities (CCA), which are CAs present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. The subordinate CA has been misused to issue SSL certificates for multiple sites, including Google web properties. These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against web properties. The subordinate CAs may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks...
    Recommendation: An automatic updater of revoked certificates is included in supported editions of Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, and Windows Server 2012 R2, and for devices running Windows Phone 8 or Windows Phone 8.1. For these operating systems or devices, customers do not need to take any action because the CTL will be updated automatically.
    For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 that are using the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070* for details), customers do not need to take any action because the CTL will be updated automatically.
    For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2, and that do -not- have the automatic updater of revoked certificates installed, this update is not available. To receive this update, customers must install the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070* for details). Customers in disconnected environments and who are running Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 can install update 2813430** to receive this update (see Microsoft Knowledge Base Article 2813430** for details)..."
    * https://support.microsoft.com/kb/2677070

    ** https://support.microsoft.com/kb/2813430

    - https://technet.microsoft.com/en-us/...curity/2982792
    V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for supported editions of Windows Server 2003. For more information, see the Suggested Actions section of this advisory.
    ___

    - http://atlas.arbor.net/briefs/index#1956386183
    High Severity
    July 10, 2014
    Four fake certificates have been identified posing as Google and Yahoo, putting Internet Explorer users at risk.
    Analysis: The certificates were issued by the National Informatics Centre (NIC) in India, whose certificate issuance process was reportedly compromised. NIC is trusted by CCA India, who in turn is trusted by Microsoft. Other fake certificates were likely issued as well, though details on the full scope of the breach have not been released. While the identified certificates have been revoked by CCA, they could nonetheless affect Windows users: real-time revocation checks performed by security measures using certificate revocation list and online certificate status protocol do not sufficiently prevent attacks, as seen following certificate revocations after disclosure of the OpenSSL Heartbleed vulnerability earlier this year. Firefox, Thunderbird, and Chrome users on Windows are -not- at risk, as the applications' root stores are independent of Windows. Users running Mac OS X, Linux, and other platforms are also not at risk. Until Microsoft has addressed the issue, Windows users should use applications other than Internet Explorer to access domains using TLS. [ http://arstechnica.com/security/2014...windows-users/ ]

    - http://www.securitytracker.com/id/1030548
    Updated: Jul 17 2014
    Impact: Modification of authentication information
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2; and prior service packs
    Description: A vulnerability was reported in Microsoft Windows. A remote user may be able to spoof SSL certificates.
    The operating system includes invalid subordinate certificates issued by National Informatics Centre (NIC), which operates subordinate certificate authorities (CAs) under root CAs operated by the Government of India Controller of Certifying Authorities (CCA)...
    Impact: A remote user may be able to spoof SSL certificates.
    Solution: The vendor has issued a fix, available via automatic update for Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows Phone 8, and Windows Phone 8.1.
    The vendor has issued a fix for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 systems that use the automatic updater of revoked certificates (see KB2677070)...
    Vendor URL: https://technet.microsoft.com/en-us/...curity/2982792

    Last edited by AplusWebMaster; 2014-07-19 at 06:09.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #179
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS14-037 KB2962872 issues ...

    FYI...

    MS14-037 KB2962872 issues ...
    - http://www.infoworld.com/t/microsoft...owdowns-246112
    July 14, 2014 - "... Posters on the Microsoft Answers forum report that uninstalling KB 2962872 solves the problem.
    Flexerasoft has posted a limited workaround:
    Moving the .htm files to a backup folder has been shown to reduce the impact of the issue for some InstallShield customers. Please note that by taking these steps, the InstallShield Start Page and inline help will be limited and navigating to some views may still trigger a crash. Those using this method should save their projects frequently.
    Steps to implement this limited workaround:
    Move *.htm from
    \<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>
    To a new folder
    \<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>\HTM-Backup\
    Move *.htm from
    \<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>Express\
    To a new folder
    \<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>Express\HTM-Backup\

    The workaround lets InstallShield start and run normally, but reports say it crashes on exit. There are also sporadic reports of additional problems with KB 2962872, particularly slowdowns..."
    - https://community.flexerasoftware.co...oft-KB-2962872
    07-11-2014
    Microsoft security update KB2962872 (MS14-037) may cause the InstallShield or InstallShield for AdminStudio application to crash...
    - http://www.flexerasoftware.com/landi...KB2962872.html
    ___

    MS patches crash Dell Data Protection-Encryption and CMGShield
    Black Tuesday patches cause blue screens of death on DDP-E encrypted machines, black recovery screens for CMGShield
    - http://www.infoworld.com/t/microsoft...gshield-246108
    July 14, 2014 - "... a group of patches in this month's Black Tuesday crop causes BSODs on PCs encrypted with Dell Data Protection-Encryption or forces CMGShield-protected PCs into a lockup, with a black recovery screen. Although Dell posted information identifying the problem late Thursday in Quick Tip 653764*, there's still no word on precisely which Black Tuesday patches trigger the anti-tampering lockout. There's a fix, but it's complex..."
    * http://www.dell.com/support/troubles...=&docid=653764
    2014-07-10
    ___

    MS14-037: Customers who use PTC Windchill 10.x solutions have
    > reported instability and crashes after the installation of this
    > security update.
    - http://communities.ptc.com/message/250228#250228
    Jul 22, 2014
    ___

    July 2014 Security Bulletin Webcast Q&A
    - http://blogs.technet.com/b/msrc/p/ju...letin-q-a.aspx

    Last edited by AplusWebMaster; 2014-07-24 at 12:53.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #180
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Office 365 - July 2014 update

    FYI...

    Issue when launching Office apps after applying July 2014 update for Office 365 ProPlus
    - http://blogs.technet.com/b/odsupport...5-proplus.aspx
    23 Jul 2014 - "Shortly after the release of the July Public Update, we received notification of a potential issue affecting a subset of Office 365 ProPlus users. In some cases, users running Office may not be able to launch Office products after the July 2014 updates are installed.
    We have since corrected the issue and will be releasing an updated build 15.0.4631.1004 scheduled to go live by Thursday July 24th. Once the update is available, you can click on “Update Now” from the backstage to get the latest fix.
    If you still have issues, then please reboot your computer and try “Update Now.” If you still have issues launching Office applications, as a last resort, please run the Fix It located at [ http://support.microsoft.com/kb/2739501 ] to uninstall and reinstall the latest bits.
    Note: This issue doesn’t affect Volume License customers."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •