Microsoft Alerts

[AplusWebMaster]

FYI...

MS Silverlight 5 - July 2014 update
- http://support.microsoft.com/kb/2977218
Last Review: July 23, 2014 - Rev: 1.0 - "... This update offers a new build (version 5.1.30514.0) that is an upgrade to earlier versions of Silverlight. This update is included in current Silverlight installers... fixed by this update:
A Silverlight application that uses tab-switched controls exhibits a memory leak when you switch between tabs or pages in the application..."
Applies to:
Microsoft Silverlight 5
Microsoft Silverlight for Macintosh
Microsoft Silverlight for Windows
___

Glitches - July Windows/Office updates
- http://windowssecrets.com/patch-watc...ffice-updates/
July 24, 2014
> MS14-037 (2962872)
> MS14-039 (2975685)

[AplusWebMaster]

FYI...

Microsoft Security Advisory 2915720
Changes in Windows Authenticode Signature Verification
- https://technet.microsoft.com/en-us/...curity/2915720
December 10, 2013 | Updated: July 29, 2014 - "... This advisory was revised on July 29, 2014 to announce that the stricter Windows Authenticode signature verification behavior described here will be enabled on an opt-in basis and not made a default behavior in supported releases of Microsoft Windows...
V1.4 (July 29, 2014): Revised advisory to announce that Microsoft no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. It remains available as an opt-in feature. See the Advisory FAQ section for more information.

[AplusWebMaster]

FYI...

- https://technet.microsoft.com/library/security/ms14-aug
August 12, 2014 - "This bulletin summary lists security bulletins released for August 2014...
(Total of -9-)

Microsoft Security Bulletin MS14-051 - Critical
Cumulative Security Update for Internet Explorer (2976627*)
- https://technet.microsoft.com/library/security/MS14-051
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
> https://support.microsoft.com/kb/2976627
Aug 12, 2014 - Rev: 2.0 - "This security update 2976627 resolves one -publicly- disclosed and -25- privately reported vulnerabilities in Internet Explorer..."
* https://support.microsoft.com/kb/2976627
Last Review: Aug 15, 2014 - Rev: 4.0

Microsoft Security Bulletin MS14-043 - Critical
Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742)
- https://technet.microsoft.com/library/security/ms14-043
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-048 - Important
Vulnerability in OneNote Could Allow Remote Code Execution (2977201)
- https://technet.microsoft.com/library/security/MS14-048
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS14-044 - Important
Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340)
- https://technet.microsoft.com/library/security/MS14-044
Important - Elevation of Privilege - May require restart - Microsoft SQL Server

Microsoft Security Bulletin MS14-045 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
- https://technet.microsoft.com/library/security/MS14-045
Important - Elevation of Privilege - Requires restart - Microsoft Windows
V2.0 (August 15, 2014): Bulletin revised to -remove- Download Center links for Microsoft security update 2982791. Microsoft recommends that customers -uninstall- this update. See the Update FAQ for details.
V3.0 (August 27, 2014): Bulletin rereleased to announce the replacement of the 2982791 update with the 2993651 update* for all supported releases of Microsoft Windows. See the Update FAQ for details.

Microsoft Security Bulletin MS14-049 - Important
Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490)
- https://technet.microsoft.com/library/security/MS14-049
Important - Elevation of Privilege - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-050 - Important
Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202)
- https://technet.microsoft.com/library/security/MS14-050
Important - Elevation of Privilege - May require restart - Microsoft Server Software

Microsoft Security Bulletin MS14-046 - Important
Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)
- https://technet.microsoft.com/library/security/MS14-046
Important - Security Feature Bypass - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS14-047 - Important
Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)
- https://technet.microsoft.com/library/security/MS14-047
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/arch...y-updates.aspx
12 Aug 2014

Deployment Priority, Severity, and Exploit Index
- http://blogs.technet.com/cfs-file.as...entAug2014.jpg
___

August 2014 Office Update Release
- http://blogs.technet.com/b/office_su...e-release.aspx
12 Aug 2014 - "... There are 3 security updates (3 bulletins) and 25 non-security updates..."
Aug 13, 2014 - "UPDATE: An issue has been discovered in the non-security Outlook 2013 update (KB 2881011) that prevents some users from opening archive folders. We have removed this update from availability and released a new update, KB2889859 that fixes the issue. Additionally, KB2992644, has more information on the specific issue. We apologize for any inconvenience."
___

- http://www.securitytracker.com/id/1030714 - MS14-043
- http://www.securitytracker.com/id/1030716 - MS14-044
- http://www.securitytracker.com/id/1030718 - MS14-045
- http://www.securitytracker.com/id/1030721 - MS14-046
- http://www.securitytracker.com/id/1030722 - MS14-047
- http://www.securitytracker.com/id/1030717 - MS14-048
- http://www.securitytracker.com/id/1030719 - MS14-049
- http://www.securitytracker.com/id/1030720 - MS14-050
- http://www.securitytracker.com/id/1030715 - MS14-051
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18521
2014-08-12

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory 2755801
- https://technet.microsoft.com/en-us/...curity/2755801
Updated: August 12, 2014 - Version: 27.0 - "... Microsoft released an update (2982794*) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-18**. For more information about this update, including download links, see Microsoft Knowledge Base Article 2982794*.
Note: Updates for Windows RT and Windows RT 8.1 are available via Windows Update***..."
* https://support.microsoft.com/kb/2982794

** http://helpx.adobe.com/security/prod...APSB14-18.html

*** https://www.update.microsoft.com/windowsupdate/

[AplusWebMaster]

FYI...

BSOD - Blue Screen Stop 0x050 error reported for systems installing KB2976897, KB2982791, and KB2970228
Two of Microsoft's kernel-mode driver updates - which often cause problems -- are triggering a BSOD error message on some Windows systems
- http://www.infoworld.com/t/microsoft...2970228-248363
Aug 14, 2014 - "Details at this point are sparse, but it looks like three different patches from this week's Black Tuesday crop are causing Blue Screens with a Stop 0x50 error on some systems. If you're hitting a BSOD, you can help diagnose the problem (and perhaps prod Microsoft to find a solution) by adding your voice to the Microsoft Answers Forum thread* on the subject. Problematic kernel-mode driver updates aren't unusual at all. Now that Microsoft is releasing more of them, problems seem to be cropping up more frequently.
In this case, two MS14-045/KB 2984615 kernel-mode driver patches, KB2976897 and KB2982791, have been implicated in triggering Blue Screen Stop 0x50 messages. Oddly, that Windows 8.1 "Update 2" fix that adds the ruble character as an official currency marker in Win 8.x and Win7, KB 2970228, seems to be causing the problem, too. At this point there's no word on possible causes, although several people have identified their operating systems as 64-bit Windows 7..."
* http://answers.microsoft.com/en-us/w...2-a78fe68766fd

> https://technet.microsoft.com/library/security/MS14-045

[AplusWebMaster]

FYI...

MS14-045 - See "Known issues" ...
- https://support.microsoft.com/kb/2982791
Last Review: August 19, 2014 - Revision: 4.2 - "... Status:
Microsoft has -removed- the download links to these updates while these issues are being investigated...
Mitigations: Open the Programs and Features item in Control Panel, and then click View installed updates. Find and then -uninstall- any of the following update that are currently installed:
KB2982791
KB2970228
KB2975719
KB2975331 ..."
(More detail at the URL above.)

- https://technet.microsoft.com/library/security/ms14-045
V2.0 (August 15, 2014): Bulletin revised to -remove- Download Center links for Microsoft security update 2982791. Microsoft recommends that customers -uninstall- this update. See the Update FAQ for details.
V3.0 (August 27, 2014): Bulletin rereleased to announce the replacement of the 2982791 update with the 2993651 update* for all supported releases of Microsoft Windows. See the Update FAQ for details.

[AplusWebMaster]

FYI...

August 2014 Security Bulletin Webcast Q&A
- http://blogs.technet.com/b/msrc/arch...d-q-amp-a.aspx
18 Aug 2014 - "Today, we published the August 2014 Security Bulletin webcast questions and answers page*... We answered ten questions on air, with the majority focusing on the update for Internet Explorer... We are aware of some issues related to the recent updates and are working on a fix. For more information please read KB 2982791**..."

* http://blogs.technet.com/b/msrc/p/au...letin-q-a.aspx
Aug 13, 2014

** https://support.microsoft.com/kb/2982791
Last Review: Aug 19, 2014 - Rev: 4.2

[AplusWebMaster]

FYI...

Internet Explorer may become slow or unresponsive when web applications implement consecutive modal dialog boxes
- https://support.microsoft.com/kb/2991509
Last Review: Aug 21, 2014 - Rev: 2.0 - "After you apply the MS14-037 or MS14-051 cumulative security update for Internet Explorer, web applications that implement consecutive modal dialog boxes may cause Internet Explorer to become slow and unresponsive over time. This issue occurs in Internet Explorer versions 7 through 11..."

- https://support.microsoft.com/kb/2991509#prerequisites
"Prerequisites: You -must- have MS14-051* Cumulative security update for Internet Explorer installed to apply this hotfix... You -must- restart the computer after you apply this update..."

* https://support.microsoft.com/kb/2976627

MS14-051 Issue fix KB2991509 not available for Windows 8 x64
- http://social.technet.microsoft.com/...tprocurrentver
___

- http://blogs.msmvps.com/bradley/2014...e-4th-tuesday/
August 25th, 2014 - "With no hint of a re-release of the kernel updates that caused the bsod’s. On the one hand it’s good to only release it when it’s ready, on the other hand, it’s a bit concerning that it’s talking this long to come out with a rereleased version."

[AplusWebMaster]

FYI...

MS14-045 rereleased
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
- https://technet.microsoft.com/en-us/.../ms14-045.aspx
V3.0 (August 27, 2014): Bulletin rereleased to announce the replacement of the 2982791 update with the 2993651 update* for all supported releases of Microsoft Windows. See the Update FAQ for details.

* https://support.microsoft.com/kb/2993651
Last Review: Aug 28, 2014 - Rev: 3.0

- http://blogs.technet.com/b/msrc/arch...ereleased.aspx
27 Aug 2014
___

- http://www.infoworld.com/t/microsoft...wn-bugs-249342
Aug 28, 2014 - "... As of early this morning, one Windows 8 user was reporting black screens* with the -new- patch, KB 2993651. Answers Forum posters pacman10, JohnBurgessUK, and chadlan can't get Windows Update to check for new updates after installing KB 2993651 (although rseiler reports all's well). It's too early to tell for sure, but there may be more problems with the -new- patch..."
* http://answers.microsoft.com/en-us/w...8766fd?page=56
___

- http://www.computerworld.com/article...crippling.html
Aug 22, 2014 - "... end users and IT administrators alike, who have all tried to explain what they see as a -decline- in the quality of Microsoft's software updates. Some of that speculation has revolved around the July job cuts \ Microsoft made in the U.S., where according to many accounts a large number of software test engineers were let go..."


'Maybe just made it -worse- re: the "Dear Mr. Ballmer" open letter:

- http://blogs.msmvps.com/bradley/2013...y-email-today/
>> Sep 12th, 2013

[AplusWebMaster]

FYI...

- https://technet.microsoft.com/library/security/ms14-sep
Sep 9, 2014 - "This bulletin summary lists security bulletins released for September 2014...
(Total of -4-)

Microsoft Security Bulletin MS14-052 - Critical
Cumulative Security Update for Internet Explorer (2977629)
- https://technet.microsoft.com/library/security/MS14-052
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- http://support.microsoft.com/kb/2977629
Last Review: Sep 16, 2014 - Rev: 2.0
"... This security update resolves 1 publicly disclosed and 36 privately reported vulnerabilities..."

Microsoft Security Bulletin MS14-053 - Important
Vulnerability in .NET Framework Could Allow Denial of Service (2990931)
- https://technet.microsoft.com/library/security/MS14-053
Important - Denial of Service - May require restart - Microsoft Windows, Microsoft .NET Framework
V1.1 (Sep 17, 2014): Bulletin revised to clarify language in the Executive Summary, Mitigating Factors, and Vulnerability FAQ sections that describes the attack vector for CVE-2014-4072. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-4072 - 5.0

Microsoft Security Bulletin MS14-054 - Important
Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948)
- https://technet.microsoft.com/library/security/MS14-054
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-055 - Important
Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)
- https://technet.microsoft.com/library/security/MS14-055
Important - Denial of Service - Does not require restart - Microsoft Lync Server
V2.0 (Sep 15, 2014): Bulletin revised to -remove- Download Center links for Microsoft security update 2982385 for Microsoft Lync Server 2010...
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-4068 - 5.0
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-4070 - 5.0
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-4071 - 5.0
___

- http://blogs.technet.com/b/msrc/arch...y-updates.aspx

Deployment Priority, Severity, Exploit Index
- http://blogs.technet.com/cfs-file.as...deployment.jpg
___

September 2014 Office Update Release
- http://blogs.technet.com/b/office_su...e-release.aspx
9 Sep 2014 - "... There are no security updates. There are 18 non-security updates..."
___

- http://www.securitytracker.com/id/1030818 - MS14-052
- http://www.securitytracker.com/id/1030819 - MS14-053
- http://www.securitytracker.com/id/1030820 - MS14-054
- http://www.securitytracker.com/id/1030821 - MS14-055
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18627
2014-09-09
___

MS Security Advisories - Sep 2014

Update to Improve Credentials Protection and Management
- https://technet.microsoft.com/en-us/...curity/2871997
V3.0 (September 9, 2014): Rereleased advisory to announce the release of update 2982378 to provide additional protection for users’ credentials when logging into a Windows 7 or Windows Server 2008 R2 system...

Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/...curity/2905247
V2.0 (September 9, 2013): Advisory rereleased to announce the offering of the security update via Microsoft Update, in addition to the Download-Center-only option that was provided when this advisory was originally released. Additionally, some of the updates were reissued to improve their quality...

Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/...curity/2755801
V28.0 (September 9, 2014): Added the 2987114 update to the Current Update section.

.