Microsoft Alerts

[AplusWebMaster]

FYI...

MS14-012: Cumulative security update for Internet Explorer
- https://support.microsoft.com/kb/2925418
Last Review: Mar 14, 2014 - Rev. 2.0

[AplusWebMaster]

FYI...

An important fix for SharePoint Foundation 2013 SP1 has just been released
- http://blogs.technet.com/b/stefan_go...-released.aspx
20 Mar 2014 - "When looking in the last couple of days at the KB article for SP1 for SharePoint Foundation 2013* you might have seen the following comment:
Notice: A known issue in SharePoint Foundation 2013 SP1 can affect the functionality of the Search WebPart. We encourage you to limit production installations of SharePoint Foundation 2013 SP1 until a fix is available. SharePoint Server 2013 is not affected by this issue.

Today we have released March 2014 Public Update (PU) for SharePoint Foundation 2013** which fixes this problem. Be aware that this fix is only necessary for SharePoint Foundation 2013 installations. SharePoint Server 2013 is not affected by the problem..."
(More detail at the technet URL above.)
Tags: SharePoint 2013, Hotfix Info

* http://support.microsoft.com/kb/2817439
Last Review: Mar 1, 2014 - Rev: 3.0

** http://support.microsoft.com/kb/2760625
Last Review: Mar 20, 2014 - Rev: 1.0
___

- http://windowssecrets.com/patch-watc...ws-xp-support/
Mar 13, 2014 Susan Bradley - "... I plan to post alerts of security issues you might face come April 9. Because Windows Server 2003 will still get updates for another year, we’ll have a better idea of what vulnerabilities XP users face and what’s not getting patched..."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2953095)
Vulnerability in Microsoft Word Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/...visory/2953095
Mar 24, 2014 - "Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Applying the Microsoft Fix it solution*, "Disable opening RTF content in Microsoft Word," prevents the exploitation of this issue through Microsoft Word... The vulnerability is a remote code execution vulnerability. The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code. The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer. Note that by default, Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013. On completion of investigation for this vulnerability, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
• V1.1 (March 27, 2014): Updated Advisory FAQ to clarify that Microsoft WordPad is not affected by the issue and to help explain how the issue is specific to Microsoft Word.
* https://support.microsoft.com/kb/2953095#FixItForMe
Microsoft Fix it 51010

- http://blogs.technet.com/b/srd/archi...etections.aspx
24 Mar 2014
___

- https://secunia.com/advisories/57577/
Criticality: Extremely Critical
Where: From remote
Impact: System access...
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-1761 - 9.3 (HIGH)
"... as exploited in the wild in March 2014."
Reported as a 0-Day...
Original Advisory: https://technet.microsoft.com/en-us/...visory/2953095

0-Day Exploit Targeting Word, Outlook
- http://krebsonsecurity.com/2014/03/m...-2010-exploit/
Mar 24, 2014

- https://www.computerworld.com/s/arti..._unpatched_bug
Mar 24, 2014 - "... exploits are triggered just by -previewing- malicious messages in Outlook 2007, 2010 and 2013..."

[AplusWebMaster]

FYI...

- https://technet.microsoft.com/en-us/...letin/ms14-apr
April 08, 2014 - "This bulletin summary lists security bulletins released for April 2014...
(Total of -4-)

Microsoft Security Bulletin MS14-017 - Critical
Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...letin/ms14-017
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps

Microsoft Security Bulletin MS14-018 - Critical
Cumulative Security Update for Internet Explorer (2950467)
- http://technet.microsoft.com/en-us/s...letin/ms14-018
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS14-019 - Important
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...letin/ms14-019
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-020 - Important
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)
- http://technet.microsoft.com/en-us/s...letin/ms14-020
Important - Remote Code Execution - May require restart - Microsoft Office
___

- http://blogs.technet.com/b/msrc/arch...y-updates.aspx

Deployment Priority, Severity, and Exploit Index
- http://blogs.technet.com/cfs-file.as...deployment.jpg
[ Open link target in IE ]
___

MS14-019 - MSRD info:
- http://blogs.technet.com/b/srd/archi...-bat-file.aspx
8 Apr 2014
___

April 2014 Office Update Release
- http://blogs.technet.com/b/office_su...e-release.aspx
8 Apr 2014 - "... There are 13 security updates (2 bulletins) and 28 non-security updates..."
MS14-017, MS14-020
___

- https://secunia.com/advisories/57577/ - MS14-017
- https://secunia.com/advisories/57586/ - MS14-018
- https://secunia.com/advisories/57642/ - MS14-019
- https://secunia.com/advisories/57652/ - MS14-020
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17923
Last Updated: 2014-04-08 20:23:09 UTC - Version: 3

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2953095)
Vulnerability in Microsoft Word Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2953095
Last Updated: April 8, 2014 - "... We have issued MS14-017* to address this issue..."
* http://technet.microsoft.com/en-us/s...letin/ms14-017

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/s...visory/2755801
Last Updated: April 8, 2014 - V22.0

[AplusWebMaster]

FYI...

Windows 8.1 Update woes continue with errors 80070020, 80073712, 800F081F, 80242FFF, and 800F0922
WSUS is still down, as general update failures and complaints pile up in the two days since the release of Windows 8.1 Update
- http://www.infoworld.com/t/microsoft...00f0922-240249
April 10, 2014

- http://support.microsoft.com/kb/2919355
Last Review: April 11, 2014 - Rev: 9.0

- http://blogs.technet.com/b/wsus/arch...-over-ssl.aspx
8 Apr 2014 - "There is a -known- issue which causes some PCs updated with the Windows 8.1 Update (KB 2919355) to stop scanning against Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2 or WSUS 3.2) servers which are configured to use SSL and have not enabled TLS 1.2... we recommend that you -suspend- deployment of this update in your organization until we release the update that resolves this issue..."

- http://www.infoworld.com/t/microsoft...servers-240129
April 08, 2014 - "... Microsoft has -blocked- Windows 8.1 Update from WSUS servers, so it is no longer available for iT admins to distribute to their users. Individuals can still download the update directly through Windows Update..."
___

MS yanks SharePoint 2013 SP1, KB 2817429
... Microsoft has pulled the two-week-old SP1 for SharePoint 2013
- http://www.infoworld.com/t/microsoft...2817429-239969
Apr 07, 2014

- http://support.microsoft.com/kb/2817429
Last Review: April 3, 2014 - Rev: 4.0
"Notice: We have recently uncovered an issue with this Service Pack 1 package that may prevent customers who have Service Pack 1 from deploying future public or cumulative updates. As a precautionary measure, we have deactivated the download page until a new package is published."

[AplusWebMaster]

FYI...

April 2014 Office Update ...
- http://blogs.technet.com/b/office_su...e-release.aspx
"... Update for Microsoft Visio 2013 (KB2837632)*
*NOTE: Visio 2013 KB http://support.microsoft.com/kb/2837632 has been updated to correct a targeting issue. -Prior- to April 11 the update incorrectly targeted Visio 2013 -and- Office 2013. The update has now been corrected and will only target Visio 2013 installs. We apologize for any inconvenience this may have caused..."

- http://support.microsoft.com/kb/2837632
Last Review: April 11, 2014 Rev: 1.0 (?)
Applies to
• Microsoft Visio Professional 2013
• Microsoft Visio Standard 2013
___

481MB Visio 2013 patch ... ?
- http://www.infoworld.com/t/patch-man...ch-joke-240140
April 09, 2014

[AplusWebMaster]

FYI...

MS info regarding the latest Update for Win 8.1
- http://blogs.technet.com/b/gladiator...ndows-8-1.aspx
12 Apr 2014 - "Microsoft has been listening to customer feedback. Much of this feedback has been received and some of the results are being given back to our users of Windows 8.1 in the form of updates. Recently, a very big update for Windows 8.1 was released... Since Microsoft wants to ensure that customers benefit from the best support and servicing experience and to coordinate and simplify servicing across both Windows Server 2012 R2, Windows 8.1 RT and Windows 8.1, this update will be considered a new servicing/support baseline. What this means is those users who have elected to install updates manually will have 30 days to install Windows 8.1 Update on Windows 8.1 devices; after this 30-day window - and beginning with the May Patch Tuesday, Windows 8.1 user's devices without the update installed will no longer receive security updates. This means that Windows 8.1 users - starting patch Tuesday in May 2014 and beyond - will require this update to be installed. If the Windows 8.1 Update is not installed, those newer updates will be considered “not applicable”..."

- http://support.microsoft.com/kb/2919355
Last Review: April 14, 2014 - Rev: 10.0
___

- http://www.infoworld.com/t/microsoft...support-240407
April 14, 2014

[AplusWebMaster]

FYI...

MS14-018 ...
- http://support.microsoft.com/kb/2936068
Last Review: April 16, 2014 - Rev: 3.0
___

Microsoft fixes Windows 8.1 Update for corporate WSUS servers
- http://www.infoworld.com/t/microsoft...servers-240654
April 16, 2014 - "... it will continue to make Windows 8.1 security patches available to WSUS customers until August's Patch Tuesday. Previous announcements said that patches to Windows 8.1 would be cut off in May. This stay of execution for this patch applies only to those who receive security patches through WSUS. Windows 8.1 customers who get their patches through Windows Update (or Microsoft Update) have to install the Windows 8.1 Update/KB 2919355 patch by May 13 if they wish to continue receiving security patches for their machines..."

- http://blogs.technet.com/b/wsus/arch...-over-ssl.aspx
16 Apr 2014

- https://support.microsoft.com/kb/2919355
Apr 16, 2014 - Rev: 11.0
Apr 17, 2014 - Rev: 12.0
Apr 18, 2014 - Rev: 13.0
Last Review: Apr 25, 2014 - Rev: 16.0

- https://support.microsoft.com/kb/2959977
Last Review: April 17, 2014 - Rev: 3.0

[AplusWebMaster]

FYI...

MS KB 2952664 ...
... scarce details from Microsoft...
- http://www.infoworld.com/t/microsoft...2952664-241047
Apr 24, 2014 - "... Windows 7 users are wondering what's up with KB 2952664*, an "important" patch that arrived unannounced... there appears to be no compelling reason to install the patch."

Compatibility update for upgrading Windows 7
* https://support.microsoft.com/kb/2952664
Last Review: Apr 22, 2014 - Rev: 1.0