Page 20 of 47 FirstFirst ... 1016171819202122232430 ... LastLast
Results 191 to 200 of 467

Thread: Microsoft Alerts

  1. #191
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Update for OneDrive for Business KB2889866

    FYI...

    Update for OneDrive for Business (KB2889866)
    - https://support.microsoft.com/kb/2889866
    Last Review: Sep 10, 2014 - Rev: 2.0
    "Notice: We are investigating an issue that is affecting the September 2014 update for Microsoft OneDrive for Business. Therefore, we have removed the update from availability for now..."

    - http://blogs.technet.com/b/office_su...e-release.aspx
    10 Sep 2014 - "UPDATE - We have discovered an issue with update KB 2889866. We have removed the update from availability while we investigate."
    ___

    - http://www.infoworld.com/t/microsoft...tuesday-250304
    Sep 11, 2014
    ___

    September 2014 Security Bulletin Webcast Q&A
    - http://blogs.technet.com/b/msrc/arch..._q_2d00_a.aspx
    12 Sep 2014 - "Today we’re publishing the September 2014 Security Bulletin Webcast Questions & Answers page*..."
    * http://blogs.technet.com/b/msrc/p/se...bcast-q-a.aspx

    Last edited by AplusWebMaster; 2014-09-16 at 00:01.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #192
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS14-055 revised ...

    FYI...

    MS14-055 revised - Vulnerabilities in Lync could allow denial of service ...
    - https://technet.microsoft.com/library/security/MS14-055
    V2.0 (September 15, 2014): Bulletin revised to remove* Download Center links for Microsoft security update 2982385 for Microsoft Lync Server 2010...
    * Update FAQ
    Why was this bulletin revised on September 15, 2014?
    Microsoft revised this bulletin to address a known issue that prevented users from successfully installing security update 2982385 for Microsoft Lync Server 2010. Microsoft is investigating behavior associated with the installation of this update, and will update this bulletin when more information becomes available. As an added precaution, Microsoft has removed the download links to the 2982385 security update...

    Related: https://support.microsoft.com/kb/2990928
    Last Review: Sep 16, 2014 - Rev: 2.0

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #193
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS14-046: revised ...

    FYI...

    MS14-046: Description of the security update for the .NET Framework 3.5
    on Windows 8 and Windows Server 2012: Aug 12, 2014
    * https://support.microsoft.com/kb/2966827
    Last Review: Sep 19, 2014 - Rev: 3.0

    Bulletin Information:
    MS14-046 - Important
    - https://technet.microsoft.com/library/security/ms14-046
    - Reason for Revision: V1.2 (Sep 19, 2014): Bulletin
    revised with a change to the 'Known Issues' entry in the Knowledge
    Base Article section from "None" to "Yes".
    - Originally posted: August 12, 2014
    - Updated: September 19, 2014
    - Bulletin Severity Rating: Important
    - Version: 1.2
    ___

    Enabling the Microsoft .NET Framework 3.5 optional Windows feature on Windows 8
    and Windows Server 2012 may -fail- after you install security update 2966827
    - https://support.microsoft.com/kb/3002547
    Last Review: Sep 19, 2014 - Rev: 2.0

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #194
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Ms14-055 - v3 ...

    FYI...

    Microsoft Security Bulletin MS14-055 - Important
    Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)
    - https://technet.microsoft.com/en-us/...urity/MS14-055
    V3.0 (September 23, 2014): Bulletin rereleased to announce the re-offering of the 2982385 security update file (server.msp) for Microsoft Lync Server 2010...
    Why was this bulletin revised on September 23, 2014?
    Microsoft re-released this bulletin to announce the re-offering of the 2982385 security update file (server.msp) for Microsoft Lync Server 2010. The re-released update addresses an issue in the original offering that prevented users from successfully installing the server.msp file. Customers who attempted to install the original update will be re-offered the 2982385* update and are encouraged to apply it at the earliest opportunity...

    * https://support.microsoft.com/kb/2982385
    Sep 23, 2014 - Rev: 2.0

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #195
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation IE10/IE11 in Win8/8.1 - Flash Player update

    FYI...

    IE10/IE11 in Win8/8.1 - Flash Player update
    - https://technet.microsoft.com/en-us/...curity/2755801
    Sep 23, 2014
    V29.0 (Sep 23, 2014): Added the 2999249* update to the Current Update section.

    Update for Adobe Flash Player in Internet Explorer
    * https://support.microsoft.com/kb/2999249
    Sep 23, 2014 - Rev: 1.0 - "An issue was found in which some videos may not play, or you may receive an error message, when you try to watch video from certain websites. Microsoft has released an update for this issue for IT professionals. This release contains a fix that will significantly reduce the prevalence of video playback failures on sites where this problem previously occurred.
    Known issues with this update: Windows Update will not offer this update to Windows RT-based computers until update 2808380 is installed. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 2808380** Windows RT-based device cannot download software updates or Windows Store apps."
    ** https://support.microsoft.com/kb/2808380
    Mar 7, 2013 - Rev: 3.0

    [ Hat tip to dvk01: http://myonlinesecurity.co.uk/micros...windows-8-8-1/ ]

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #196
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - October 2014

    FYI...

    - https://technet.microsoft.com/library/security/ms14-oct
    Oct 14, 2014 - "This bulletin summary lists security bulletins released for October 2014...
    (Total of -8-)

    Microsoft Security Bulletin MS14-056 - Critical
    Cumulative Security Update for Internet Explorer (2987107)
    - https://technet.microsoft.com/library/security/ms14-056
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
    - https://support.microsoft.com/kb/2987107
    "... resolves -14- privately reported vulnerabilities in Internet Explorer. This security update helps protect Internet Explorer from being attacked when you view a specially crafted webpage..."
    - https://support.microsoft.com/kb/2987107
    Last Review: Oct 20, 2014 - Rev: 3.0

    Microsoft Security Bulletin MS14-057 - Critical
    Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)
    - https://technet.microsoft.com/library/security/ms14-057
    Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework

    Microsoft Security Bulletin MS14-058 - Critical
    Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)
    - https://technet.microsoft.com/library/security/ms14-058
    Critical - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS14-059 - Important
    Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)
    - https://technet.microsoft.com/library/security/ms14-059
    Important - Security Feature Bypass - May require restart - Microsoft Developer Tools
    - https://support2.microsoft.com/kb/2990942
    Last Review: Oct 16, 2014 - Rev: 2.0

    Microsoft Security Bulletin MS14-060 - Important
    Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)
    - https://technet.microsoft.com/library/security/ms14-060
    Important - Remote Code Execution - May require restart - Microsoft Windows
    - http://www.isightpartners.com/2014/10/cve-2014-4114/
    Oct 14, 2014
    - https://support.microsoft.com/kb/3000869
    Last Review: Oct 14, 2014 - Rev: 1.1

    Microsoft Security Bulletin MS14-061 - Important
    Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)
    - https://technet.microsoft.com/library/security/ms14-061
    Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps
    - https://support.microsoft.com/kb/3000434
    Last Review: Oct 14, 2014 - Revision: 1.1

    Microsoft Security Bulletin MS14-062 - Important
    Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)
    - https://technet.microsoft.com/library/security/ms14-062
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS14-063 - Important
    Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)
    - https://technet.microsoft.com/library/security/ms14-063
    Important - Elevation of Privilege - Requires restart - Microsoft Windows
    ___

    - http://blogs.technet.com/b/msrc/arch...4-updates.aspx

    Deployment Priority, Severity, and Exploit Index
    - http://blogs.technet.com/cfs-file.as...s-overview.png
    ___

    - http://www.securitytracker.com/id/1031018 - MS14-056
    CVE Reference: CVE-2014-4123, CVE-2014-4124, CVE-2014-4126, CVE-2014-4127, CVE-2014-4128, CVE-2014-4129, CVE-2014-4130, CVE-2014-4132, CVE-2014-4133, CVE-2014-4134, CVE-2014-4137, CVE-2014-4138, CVE-2014-4140, CVE-2014-4141
    Oct 14 2014
    Impact: Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 6, 7, 8, 9, 10, 11 ...
    - http://www.securitytracker.com/id/1031021 - MS14-057
    - http://www.securitytracker.com/id/1031022 - MS14-058
    - http://www.securitytracker.com/id/1031023 - MS14-059
    - http://www.securitytracker.com/id/1031017 - MS14-060
    CVE Reference: CVE-2014-4114
    Oct 14 2014
    Impact: Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs ...
    This vulnerability is being actively exploited via PowerPoint files.
    The original advisory is available at: http://www.isightpartners.com/2014/10/cve-2014-4114/
    iSIGHT Partners reported this vulnerability...
    - http://www.securitytracker.com/id/1031024 - MS14-061
    - http://www.securitytracker.com/id/1031025 - MS14-062
    - http://www.securitytracker.com/id/1031027 - MS14-063
    ___

    October 2014 Office Update Release
    - http://blogs.technet.com/b/office_su...e-release.aspx
    14 Oct 2014 - "... There are 6 security updates (1 bulletin) and 21 non-security updates..."
    ___

    MSRT October 2014 – Hikiti
    - http://blogs.technet.com/b/mmpc/arch...14-hikiti.aspx
    Oct 14, 2014 - "The October release of the Malicious Software Removal Tool (MSRT) is directly related to a Coordinated Malware Eradication (CME) initiative led by Novetta and with the help of many other security partners: F-Secure, ThreatConnect, ThreatTrack Security, Volexity, Symantec, Tenable, Cisco, and iSIGHT. Collaboration across private industry is crucial to addressing advanced persistent threats. The target in this campaign is an advanced persistent threat that served as the infrastructure of actors that launched targeted attacks against multiple organizations around the world. This month, the MSRT along with all of the partners in our Virus Information Alliance program are releasing new coverage for this infrastructure: Win32/Hikiti and some of the related malware families, Win32/Mdmbot, Win32/Moudoor, Win32/Plugx, Win32/Sensode, and Win32/Derusbi. Novetta has released an executive summary* on this threat..."
    * http://www.novetta.com/operationsmn
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=18819
    2014-10-14 - "... only -8- instead of the promised 9 bulletins. Also, of particular interest is MS14-060 which was pre-announced by iSight Partners. iSight has seen this vulnerability exploited in some "APT" style attacks against NATO/US military interests and attributes these attacks to Russia..."
    ___

    MS Advisories for October 2014

    Microsoft Security Advisory 2755801
    Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
    - https://technet.microsoft.com/en-us/...curity/2755801
    Updated: Oct 14, 2014 - v30.0

    Microsoft Security Advisory 2949927
    Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2
    - https://technet.microsoft.com/en-us/...curity/2949927
    Oct 14, 2014
    V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. Microsoft recommends that customers experiencing issues -uninstall- this update. Microsoft is investigating behavior associated with this update, and will update the advisory when more information becomes available.
    - https://support.microsoft.com/kb/2949927
    Last Review: Oct 21, 2014 - Rev: 6.1

    Microsoft Security Advisory 2977292
    Update for Microsoft EAP Implementation that Enables the Use of TLS
    - https://technet.microsoft.com/en-us/...curity/2977292
    Oct 14, 2014

    Microsoft Security Advisory 3009008
    Vulnerability in SSL 3.0 Could Allow Information Disclosure
    - https://technet.microsoft.com/en-us/...y/3009008.aspx
    V1.1 Oct 15, 2014: Advisory revised to include a workaround for disabling the SSL 3.0 protocol in Windows.

    .
    Last edited by AplusWebMaster; 2014-10-23 at 06:46.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #197
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation KB2952664 problems ...

    FYI...

    KB2952664 problems ...
    - http://myonlinesecurity.co.uk/micros...2664-problems/
    15 Oct 2014 - "Once again the October 2014 windows updates are causing problems on many computers. The biggest problem this month appears to be KB2952664 update for Windows 7. Do -not- install KB 2952664 update for Windows 7 unless you intend to update the windows 7 computer to either Windows 8 or the windows 10 preview. Various forums, including Microsoft help forums* are full of posts complaining about it failing. There is absolutely no need for the majority of users to install this update on their computer. If you have installed it, it will appear in the update history as -failed-. Go to programs & features, all updates and select KB2952664, press uninstall, reboot the computer and all will be OK. Then go to windows update, press check for updates, when the KB2952664 appears in the window, right click the entry and select -hide- update. You might then get a prompt asking for your admin account password if you are running as a standard user or a normal UAC prompt to continue with hiding the update. This KB 2952664 update for Windows 7 has been continually pushed out by Microsoft almost every month since April 2014 with various tweaks and revisions. Most have had some degree of install problems or have caused some degree of system instabilities. The October 2014 version appears to be the most problematic. It isn’t needed so don’t install it..."
    * http://answers.microsoft.com/en-us/w...f-edcf9ac1347b

    Compatibility update for upgrading Windows 7
    - https://support.microsoft.com/kb/2952664

    > http://www.infoworld.com/article/283...-80242016.html
    Oct 15, 2014

    Last edited by AplusWebMaster; 2014-10-16 at 06:22.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #198
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down More botched MS patches ...

    FYI...

    Four more botched MS patches: KB 3000061, KB 2984972, KB 2949927, KB 2995388
    Windows users are reporting significant problems with four more October Black Tuesday patches
    - http://www.infoworld.com/article/283...b-2995388.html
    Oct 16, 2014 - "... Black Tuesday problems continue to pile up. Yesterday brought to light problems with KB 2952664*, the seventh patch with that name, which fails to install on a large number of Windows 7 machines. Now there are reports of four more botched patches. It's too early to tell exactly what's causing the problems, but if you're having headaches, you aren't alone - and there are solutions.
    * http://www.infoworld.com/article/283...-80242016.html
    KB 3000061**... is a kernel mode driver update, MS 14-058. It's one of Microsoft's zero-day patches this month - there are very limited but identified attacks in the wild that use this security hole.
    ** https://support.microsoft.com/kb/3000061
    TechNet has a thread*** about failure to install on Server 2012 machines. Poster jcs916 describes a problem with installing KB 3000061 on a Windows 8.1 machine...
    *** https://social.technet.microsoft.com...=winserver8gen
    Microsoft released seven separately identified security patches that weren't associated with Security Bulletins. One of them, KB 2984972, isn't faring well... AndrewKelly, posting on the TechNet forum[4], says he has had problems with Autodesk packages after applying the patch:
    4] https://social.technet.microsoft.com...forum=mdopappv
    ... Finally, a nonsecurity update rollup, KB 2995388[5] - also distributed Tuesday - is causing problems with VMware. After installing the patch, every time you try to boot a virtual machine, you get a message: "Not enough physical memory is available to power on this virtual machine with its configured settings." The VMware folks[6] recommend you -not- install KB 2995388; if you have, they recommend that you -uninstall- it."
    5] http://support.microsoft.com/kb/2995388

    6] http://blogs.vmware.com/workstation/...-1-update.html
    ___

    - http://blogs.msmvps.com/bradley/2014...eep-an-eye-on/
    Oct 15, 2014

    Last edited by AplusWebMaster; 2014-10-17 at 03:33.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #199
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation M$ yanks botched patch KB 2949927, re-issues KB 2952664

    FYI...

    M$ yanks botched patch KB 2949927, re-issues KB 2952664
    Windows 7 upgrade compatibility patch gets a tweaked installer, while the SHA-2 hashing patch is summarily removed without explanation
    - http://www.infoworld.com/article/283...b-2952664.html
    Oct 17, 2014 - "Tell me if you've heard this one before: Microsoft has pulled a patch - KB 2949927*, a patch so important it rated its own Security Advisory - and there's no official notification that the patch was yanked, no explanation as to why it's been pulled, and no instructions for removing (or keeping) the patch if it did somehow get installed... Take-away lesson: Ignore Windows error messages. Aunt Martha can handle that. The more disconcerting patch, KB 2949927, was one of the -four- botched patches I mentioned yesterday. It adds SHA-2 hash signing and verification capability to Windows 7. Trying to install it on some machines led to multiple reboots failing with error 80004005 - a nice way to spend your Tuesday afternoon. And Wednesday. And Thursday morning... What should you do if the patch was installed? I have no idea, and Microsoft isn't saying a thing. Still -no- word on the other bad patches..."
    * https://support.microsoft.com/kb/2949927
    Last Review: Oct 21, 2014 - Rev: 6.1

    Last edited by AplusWebMaster; 2014-10-21 at 22:44.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #200
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory 3010060 released

    FYI...

    Security Advisory 3010060 released
    - http://blogs.technet.com/b/msrc/arch...-released.aspx
    21 Oct 2014 - "Today, we released Security Advisory 3010060* to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file. As part of this Security Advisory, we have included an easy, one-click Fix it** solution to address the known cyberattack. Please review the "Suggested Actions" section of the Security Advisory for additional guidance. Applying the Fix it does not require a reboot. We suggest customers apply this Fix it to help protect their systems..."

    Microsoft Security Advisory 3010060
    Vulnerability in Microsoft OLE Could Allow Remote Code Execution
    * http://technet.microsoft.com/en-us/s...visory/3010060
    21 Oct 2014 - "... we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint..."

    ** https://support.microsoft.com/kb/3010060#FixItForMe
    Last Review: Oct 22, 2014 - Rev: 2.0
    Enable this fix it - Microsoft Fix it 51026

    - http://www.securitytracker.com/id/1031097
    CVE Reference:
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-6352 - 9.3 (HIGH)
    Last revised: 10/23/2014 "... as exploited in the wild in October 2014 with a crafted PowerPoint document."
    Impact: Execution of arbitrary code via network, User access via network
    Vendor Confirmed: Yes
    Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs...
    > https://support.microsoft.com/kb/3010060#FixItForMe
    ___

    - http://www.symantec.com/connect/blog...-vulnerability
    22 Oct 2014 - "At least two groups of attackers are continuing to take advantage of the recently discovered Sandworm vulnerability in Windows by using an exploit that bypasses the patch... Microsoft is aware of the vulnerability and has issued a -new- security advisory warning users of possible attacks. The company has yet to release a patch for this latest issue, which is being tracked as the Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2014-6352*)... The -new- vulnerability affects all supported releases of Microsoft Windows, excluding Windows Server 2003. Microsoft has produced a Fix it** solution to address -known- exploits. Windows users are advised to exercise caution when opening Microsoft PowerPoint files or other files from -untrusted- sources. It is also recommended that the User Account Control (UAC) be enabled, if it is not already..."
    * https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-6352 - 9.3 (HIGH)

    ** https://support.microsoft.com/kb/3010060#FixItForMe

    - http://atlas.arbor.net/briefs/index#973033948
    Elevated Severity
    23 Oct 2014

    Last edited by AplusWebMaster; 2014-10-24 at 15:53.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •