Microsoft Alerts

[AplusWebMaster]

FYI...

Outlook 2010 (KB4011042)
- https://support.microsoft.com/en-us/...2010-kb4011042
Last Review: Jul 11, 2017 - Rev: 17
"Notice: Update 4011042 for Microsoft Outlook 2010 that was released on July 5, 2017, is not currently available. This article will be updated as soon as the update is available again..."

Outlook 2013 (KB3191849)
- https://support.microsoft.com/en-us/...2013-kb3191849
Last Review: Jul 11, 2017 - Rev: 19
"Notice: Update 3191849 for Microsoft Outlook 2013 that was released on June 27, 2017, is not currently available. This article will be updated as soon as the update is available again..."

Outlook 2016 (KB3213654)
- https://support.microsoft.com/en-us/...2016-kb3213654
Last Review: Jul 11, 2017 - Rev: 21
"Notice: Update 3213654 for Microsoft Outlook 2016 that was released on June 30, 2017, is not currently available. This article will be updated as soon as the update is available again..."

... as of July 17, 2017
___

Win7 SP1 and Windows Server 2008 R2 SP1
... 2017 July monthly rollup
- https://support.microsoft.com/en-us/...date-kb4025341
Last Review: Jul 14, 2017 - Rev: -40-
___

- https://www.askwoody.com/2017/micros...213654-401042/
July 15, 2017
- http://www.computerworld.com/article...54-401042.html
July 15, 2017 - "... earlier versions of the bad patches-of-patches had a nasty habit of crashing Outlook."
___

Win10: https://blogs.msmvps.com/bradley/201...s-another-way/
July 17, 2017 - "Next way to get 1703 on systems – again go back to that download page:
- https://www.microsoft.com/en-us/soft...load/windows10
and use the download tool to make the iso/media. Park the iso on a network share and expand it out.
Next use the command switches noted in this blog post:
– https://blogs.technet.microsoft.com/...line-switches/
Specifically you want to ensure that you do -not- trigger a 'clean install' but an upgrade."

Tracking known issues with Win10 1703:
> https://techcommunity.microsoft.com/...703/td-p/67122

[AplusWebMaster]

FYI...

Where we stand with MS Sept 2017 Windows and Office patches ...
- https://www.computerworld.com/articl...e-patches.html
Sep 26, 2017 - "... Recommendations: Assuming you don’t click “Enable Editing” in Word, there are no immediately pressing September patches. I say it’s wise to wait-and-see if any of the outstanding bugs get fixed — and wait to see if the patches-of-patches generate new problems of their own..."
(More detail at the computerworld URL above.)

> https://www.askwoody.com/
Sep 26, 2017 - "... Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it..."

[AplusWebMaster]

FYI...

Windows ASLR Vulnerability
> https://www.us-cert.gov/ncas/current...-Vulnerability
Nov 20, 2017 - "... released information on a vulnerability in Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system..."

Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard
- https://www.kb.cert.org/vuls/id/817544
19 Nov 2017 - "Overview: Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to properly randomize executables that do not opt in to ASLR.
Description: Address Space Layout Randomization (ASLR)
Starting with Windows Vista, a feature called ASLR was introduced to Windows that helps prevent code-reuse attacks. By loading executable modules at non-predictable addresses, Windows can help to mitigate attacks that rely on code being at predictable locations. Return-oriented programming (ROP) is an exploit technique that relies on code that is loaded to a predictable or discoverable location. One weakness with the implementation of ASLR is that it requires that the code is linked with the /DYNAMICBASE flag to opt in to ASLR.
Mandatory ASLR and Windows 8: Both EMET and Windows Defender Exploit Guard can enable mandatory ASLR for code that isn't linked with the /DYNAMICBASE flag. This can be done on a per-application or system-wide basis. Before Windows 8, system-wide mandatory ASLR was implemented using the HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\MoveImages registry value. By settings this value to 0xFFFFFFFF, Windows will automatically relocate code that has a relocation table, and the new location of the code will be different across reboots of the same system or between different systems. Starting with Windows 8, system-wide mandatory ASLR is implemented differently than with prior versions of Windows. With Windows 8 and newer, system-wide mandatory ASLR is implemented via the HKLM\System\CurrentControlSet\Control\Session Manager\Kernel\MitigationOptions binary registry value. The other change introduced with Windows 8 is that system-wide ASLR must have system-wide bottom-up ASLR enabled to supply entropy to mandatory ASLR.
The Problem: Both EMET and Windows Defender Exploit Guard enable system-wide ASLR without also enabling system-wide bottom-up ASLR. Although Windows Defender Exploit guard does have a system-wide option for system-wide bottom-up-ASLR, the default GUI value of "On by default" does not reflect the underlying registry value (unset). This causes programs without /DYNAMICBASE to get relocated, but without any entropy. The result of this is that such programs will be relocated, but to the same address every time across reboots and even across different systems.
Impact: Windows 8 and newer systems that have system-wide ASLR enabled via EMET or Windows Defender Exploit Guard will have non-DYNAMICBASE applications relocated to a predictable location, thus voiding any benefit of mandatory ASLR. This can make exploitation of some classes of vulnerabilities easier.
Solution: The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workaround:
Enable system-wide bottom-up ASLR on systems that have system-wide mandatory ASLR
To enable both bottom-up ASLR and mandatory ASLR on a system-wide basis on a Windows 8 or newer system, the following registry value should be imported:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00

Note that importing this registry value will overwrite any existing system-wide mitigations specified by this registry value. The bottom-up ASLR setting specifically is the second 01 in the binary string, while the mandatory ASLR setting is the first 01. Also note that in the past, enabling system-wide mandatory ASLR could cause problems if older AMD/ATI video card drivers are in use. This issue was addressed in the Catalyst 12.6 drivers released in June, 2012."

> https://www.kb.cert.org/vuls/id/458153

> https://support.amd.com/en-us/download
___

> https://www.bleepingcomputer.com/new...es-how-to-fix/
Nov 17, 2017 - "... Optionally, Bleeping Computer has created an ASLR-fix registry fix file that users only need to download and double-click."
> https://download.bleepingcomputer.com/reg/ASLR-fix.reg

[AplusWebMaster]

FYI...

Windows 10 - Dec 12, 2017 — KB4054517 (OS Build 16299.125)
... Applies to: Windows 10, Windows 10 version 1709
Windows 10 Version 1709 - KB4054517 (OS Build 16299.125)
- https://support.microsoft.com/en-us/...date-kb4054517
Last Updated: Dec 20, 2017
"... Windows Update History reports that KB4054517 failed to install because of Error 0x80070643.
Even though the update was successfully installed, Windows Update incorrectly reports that the update failed to install. To verify the installation, select the Check for Updates button to confirm that there are no additional updates available. You can also type 'About your PC' in the Search box on your taskbar to confirm that your device is using OS Build 16299.15.
Microsoft is working on a resolution and will provide an update in an upcoming release."
Also see: "Known issues in this update..."

- https://www.askwoody.com/2017/micros...lative-update/
Dec 21, 2017 - "Update on these bugs and two more — an Excel 2016 security patch bug from last month, and an Exchange Server security patch bug from this month..."

- https://www.computerworld.com/articl...-big-time.html
Dec 18, 2017

> https://www.computerworld.com/articl...b-4054517.html
Dec 21, 2017

Related:

Description of the security update for Excel 2016: November 14, 2017
> https://support.microsoft.com/en-us/...vember-14-2017
Last Updated: Dec 19, 2017
See: "Known issues..."

Microsoft Exchange: September 12, 2017
> https://support.microsoft.com/en-us/...ge-december-12
Last Updated: Dec 19, 2017
See: "Known issues..."
___

MS Dec Security Update KB4054518 breaks opening office documents
- https://www.symantec.com/connect/for...fice-documents
14 Dec 2017 - "After installation of the December KB4054518 (Monthly Rollup), opening Office documents from a encrypted fileshare is broken..."
>> https://www.symantec.com/connect/for...mment-11943651

> https://support.microsoft.com/en-us/...date-kb4054518
Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1
Last Updated: Dec 10, 2017

[AplusWebMaster]

FYI...

Get Windows Update locked down in preparation for this month’s problems
...If February turns out half as bad as January... make sure Windows Update is turned off. Temporarily, of course...
- https://www.computerworld.com/articl...-problems.html
Feb 12, 2018 - "... an unconscionable number of patches left bricked machines and busted programs in their wake. With the onslaught of February security patches due... you should take a few minutes to make sure Microsoft’s problems won’t immediately turn into your problems..."
___

Feb 2018 Security Updates
- https://portal.msrc.microsoft.com/en...1-000d3a33c573
Feb 13, 2018 - "The February security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
ChakraCore
Adobe Flash..."
___

- https://www.us-cert.gov/ncas/current...curity-Updates
Feb 13, 2018