FYI...

Microsoft Security Advisory 3050995
Improperly Issued Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/library/security/3050995?f=255&MSPPError=-2147217396
March 24, 2015 - "Microsoft is aware of digital certificates that were improperly issued from the subordinate CA, MCS Holdings, which could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The improperly issued certificates cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. To help protect customers from the potentially fraudulent use of these improperly issued certificates, Microsoft is updating the Certificate Trust list (CTL) to remove the trust of the subordinate CA certificate. The trusted root Certificate Authority, the China Internet Network Information Center (CNNIC), has also revoked the certificate of the subordinate CA. Microsoft is working on an update for Windows Server 2003 customers and will release it once fully tested..."
- https://support.microsoft.com/en-us/kb/3050995
Last Review: Mar 24, 2015 - Rev: 1.0
(See "Applies to...")
___

Microsoft Security Bulletin MS15-031 - Important
Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)
- https://technet.microsoft.com/en-us/library/security/MS15-031
V1.1 (March 24, 2015): Revised bulletin to add an FAQ directing customers to Microsoft Knowledge Base Article 3050509* for instructions on how to disable EXPORT ciphers after installing the update on Windows Server 2003 systems.
* https://support.microsoft.com/en-us/kb/3050509
Last Review: Mar 24, 2015 - Rev: 1.0
Applies to:
Microsoft Windows Server 2003 SP2
___

Compatibility update for upgrading Windows 7
- https://support.microsoft.com/en-us/kb/2952664
Last Review: Mar 24, 2015 - Rev: 6.0
Applies to:
Windows 7 SP1, when used with:
Windows 7 Enterprise
Windows 7 Home Basic
Windows 7 Home Premium
Windows 7 Professional
Windows 7 Starter
Windows 7 Ultimate
___

Compatibility update for Windows 7 RTM
- https://support.microsoft.com/en-us/kb/2977759
Last Review: Mar 24, 2015 - Rev: 6.0
Applies to:
Windows 7 Enterprise
Windows 7 Home Premium
Windows 7 Home Basic
Windows 7 Professional
Windows 7 Starter
Windows 7 Ultimate
___

Compatibility update for Windows 8.1 and Windows 8
- https://support.microsoft.com/en-us/kb/2976978
Last Review: Mar 24, 2015 - Rev: 7.0
Applies to:
Windows 8.1 Enterprise
Windows 8.1
Windows 8.1 Pro
Windows 8 Enterprise
Windows 8
Windows 8 Pro
___

An update to enable an automatic update from Windows 8 to Windows 8.1
- https://support.microsoft.com/en-us/kb/3008273
Last Review: Mar 24, 2015 - Rev: 5.0
Applies to:
Windows 8 Pro
Windows 8 Pro N
Windows 8
Windows RT

:fear::fear:

FYI...

KB 2876229 can hijack your browser
Microsoft's patch installs Skype, which by default makes MSN your home page and Bing your search engine
- http://www.infoworld.com/article/2901898/microsoft-windows/tuesdays-optional-windows-patch-kb-2876229-can-hijack-your-browser.html
March 25, 2015 - "If you were somehow possessed to install the "optional" KB 2876229 patch, make sure you -uncheck- the correct installer boxes, or your Internet Explorer home page will be hijacked and the default search engine changed. That's the default behavior of this boorish Microsoft KB-numbered installer, pushed through the Windows Update chute.
Yesterday's fourth-Tuesday patch round included a rather special patch. Identified as "Skype for Windows desktop 7.0 (KB2876229)," it's an -unchecked- patch offered up for systems that don't already have Skype installed:
> http://core0.staticworld.net/images/article/2015/03/wl-2015-03-25-skype-optional-update-100575390-medium.idge.jpg
While you might expect Windows Update to include, uh, Windows updates, this is a patch of a different color. If you check the box and install KB 2876229, Microsoft runs the Windows-based Skype installer. It's the plain vanilla Skype installer, not an update or a patch. Which might not be too bad, but the Skype installer asks if you want to make MSN your home page and if you want to make Bing your default search engine. Unless you uncheck the requisite boxes in the installer, your browser gets taken over.
Welcome to the kind of garbage you would expect to see from Oracle, which still rigs the Java installer to add the Ask toolbar and reset your search engine to Ask."

:fear::fear:

FYI...

Update enables additional capabilities for Windows Update notifications in Windows 8.1 and Windows 7 SP1
- https://support.microsoft.com/en-us/kb/3035583
Last Review: Mar 27, 2015 - Rev: 1.0 - "This update enables additional capabilities for Windows Update notifications when new updates are available to the user. It applies to a computer that is running Windows 8.1 or Windows 7 Service Pack 1 (SP1)...
Prerequisites: To install this update, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) installed in Windows 8.1. Or, install Windows 7 SP1...
Applies to:
Windows 8.1 Pro
Windows 8.1
Windows 7 Service Pack 1, when used with:
Windows 7 Ultimate
Windows 7 Professional
Windows 7 Home Premium
Windows 7 Home Basic
Windows 7 Starter

Mystery patch ...
- http://www.infoworld.com/article/2903005/operating-systems/what-we-don-t-know-about-mystery-windows-patch-kb-3035583.html
Mar 30, 2015
___

March 26, 2015 update for Outlook 2010
- https://support.microsoft.com/en-us/kb/2965290
Last Review: Mar 26, 2015 - Rev: 1.0 - "This update fixes the following issues:
After you migrate from Microsoft Exchange Server 2010 or Microsoft Exchange Server 2007 to Microsoft Exchange Server 2013, a user's Offline Address Book does not download.
When a user opens an .eml file in cached mode, a Reply, Reply All, or Forward operation results in an empty header block in the body instead of correctly propagating the To and Cc fields.
Mail Tips cannot be retrieved when an item is opened by using an add-in before a connection to the server that is running Exchange Server is established.
Accessibility in the Recover Deleted Items dialog box is poor.
In configurations in which many people use shared folders, members are removed from a large, shared personal distribution when you modify the contents of the distribution...
Applies to:
Microsoft Office 2010 Service Pack 2, when used with:
Microsoft Outlook 2010

:fear::fear:

FYI...

KB3035583 is a Win10 prompter/downloader that nags users about upgrading to Win 10 ...
- http://www.infoworld.com/article/2906002/operating-systems/mystery-patch-kb-3035583-for-windows-7-and-8-revealed-it-s-a-windows-10-prompter-downloader.html
Apr 6, 2015 - "... KB 3035583 is a shill for Windows 10. As poster rugk on the eset Security Forum says, it's "an adware/PUA/PUS/PUP for Windows 10 upgrade." Aldershoff goes into detail:
'Once the update is downloaded it adds a folder to System32 called "GWX" which contains 9 files and a folder called "Download". One of the four .EXE files reveals what the update really is, the description of GWXUXWorker.EXE states, "Download Windows 10?. This explains the X in the name, the X is the Romanian [sic] number 10.'
The folder also contains "config.xml" which contains some URLs that at the moment of writing didn't work. The config file mentions "OnlineAdURL" that points to https://go.microsoft.com/fwlink/?LinkID=526874 and Telemetry BaseURL pointing to http://g.bing.com/GWX/ .
Dudau adds:
'In the same system folder, users can find a config XML file that goes through the program's behavior depending on what "phase" Windows 10 is in. For example, currently the program doesn't display any notifications or act in any way because we're currently in the "None" phase. But as we get to the "RTM" phase of Windows 10, users will likely see a new Live Tile show up on their Start Screen, pointing to the upcoming OS. Similarly, taskbar notifications will also be displayed when Windows 10 launches, prompting users to update.'
Is the patch an -unwanted- intrusion or just a convenient way to let Windows 7, 8, and 8.1 users upgrade to the (free) Windows 10?"

- http://www.infoworld.com/article/2907472/operating-systems/windows-10-upgrade-nagware-patch-kb-3035583-now-marked-important-on-some-win7-pcs.html
Apr 8, 2015

:fear::fear:

FYI...

- https://technet.microsoft.com/library/security/ms15-apr
April 14, 2015 - "This bulletin summary lists security bulletins released for April 2015...
(Total of -11-)

Microsoft Security Bulletin MS15-032 - Critical
Cumulative Security Update for Internet Explorer (3038314)
- https://technet.microsoft.com/library/security/MS15-032
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-033 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)
- https://technet.microsoft.com/library/security/MS15-033
Critical - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-034 - Critical
Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
- https://technet.microsoft.com/library/security/MS15-034
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-035 - Critical
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306)
- https://technet.microsoft.com/library/security/MS15-035
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-036 - Important
Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044)
- https://technet.microsoft.com/library/security/MS15-036
Important - Elevation of Privilege - May require restart - Microsoft Server Software, Productivity Software

Microsoft Security Bulletin MS15-037 - Important
Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269)
- https://technet.microsoft.com/library/security/MS15-037
Important - Elevation of Privilege - Does not require restart - Microsoft Windows

Microsoft Security Bulletin MS15-038 - Important
Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576)
- https://technet.microsoft.com/library/security/MS15-038
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-039 - Important
Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482)
- https://technet.microsoft.com/library/security/MS15-039
Important - Security Feature Bypass - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-040 - Important
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711)
- https://technet.microsoft.com/library/security/MS15-040
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-041 - Important
Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)
- https://technet.microsoft.com/library/security/MS15-041
Important - Information Disclosure - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS15-042 - Important
Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234)
- https://technet.microsoft.com/library/security/MS15-042
Important - Denial of Service - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/archive/2015/04/14/april-2015-updates.aspx
14 Apr 2015 - "... we released 11 security bulletins... We released one new Security Advisory:
Update to Improve PKU2U Authentication (3045755)
- https://technet.microsoft.com/en-us/library/security/3045755.aspx
One Security Advisory was revised:
SSL 3.0 Update (3009008): https://technet.microsoft.com/en-us/library/security/3009008.aspx

- https://technet.microsoft.com/library/security/2755801
V39.0 (April 15, 2015): Added the 3049508 update* to the Current Update section.
Update for vulnerabilities in Adobe Flash
* https://support.microsoft.com/en-us/kb/3049508
Last Review: April 15, 2015 - Rev: 3.0
___

Exploitability Index:
- https://technet.microsoft.com/en-us/library/security/ms15-apr.aspx#ID0EPEAC
___

April 2015 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2015/04/14/april-2015-office-update-release.aspx
14 Apr 2015 - "... There are 13 security updates (2 bulletins) and 42 non-security updates...
Security Bulletin MS15-033: https://technet.microsoft.com/en-us/security/ms15-033
Security Bulletin MS15-036: https://technet.microsoft.com/en-us/security/ms15-036 ..."
___

- http://www.securitytracker.com/id/1032108 - MS15-032
- http://www.securitytracker.com/id/1032104 - MS15-033
- http://www.securitytracker.com/id/1032109 - MS15-034
- http://www.securitytracker.com/id/1032110 - MS15-035
- http://www.securitytracker.com/id/1032111 - MS15-036
- http://www.securitytracker.com/id/1032112 - MS15-037
- http://www.securitytracker.com/id/1032113 - MS15-038
- http://www.securitytracker.com/id/1032114 - MS15-039
- http://www.securitytracker.com/id/1032115 - MS15-040
- http://www.securitytracker.com/id/1032116 - MS15-041
- http://www.securitytracker.com/id/1032117 - MS15-042
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=19577
2015-04-14

.

FYI...

Microsoft woes: Re-issued patch KB 3013769 crashes, Skype for Business rolls, Windows 10 nagware resurfaces
Several of this month's Black Tuesday patches are already showing signs of trouble
- http://www.infoworld.com/article/2909525/security/re-issued-patch-kb-3013769-crashes-skype-for-business-rolls-win10-nagware-kb-2990214-resurfaces.html
Apr 15, 2015 - "Microsoft usually releases a list of non-security patches several days before the Black Tuesday rollout, but this month there was no information until several hours after the patches hit. That's a problem for users, particularly because Microsoft's track record with patches is so bad -- and this month is no exception. Yesterday Microsoft released dozens of patches for Windows in 11 bulletins covering 26 individually identified CVEs (common vulnerabilities and exposures), including 10 in Internet Explorer, four re-released security changes, and nine changes to non-security patch installers. The .Net security bulletin alone gives rise to 10 different downloadable patches... Not to be outdone, the Office team released a bewildering array of updates for Office 2013, including 13 security patches, two bulletins, and 42 non-security patches. Note that you must have Office 2013 SP1 before you can install any of these patches. There's also a Security Advisory about Public Key Cryptography User-to-User (PKU2U), called KB 3045755. It's still early in the game, but here are the problems I saw that cropped up overnight. KB 3013769, the December 2014 update rollup for Windows 8.1 and Server 2012 R2, has been re-released as an optional update. Many people using Kaspersky Antivirus report that installing the patch triggers a blue screen..."
(More detail at the infoworld URL above.)

:fear::fear:

FYI...

MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution - PATCH NOW
- https://isc.sans.edu/diary.html?storyid=19583
Last Updated: 2015-04-16 18:05:38 UTC - "Denial of Service (DoS) exploits are widely available to exploit CVE-2015-1635, a vulnerability in HTTP.sys, affecting Internet Information Server(IIS). The patch was released on Tuesday (April 14th) as part of Microsoft's Patch Tuesday. Due to the ease with which this vulnerability can be exploited, we recommend that you expedite patching this vulnerability.
Update: We are seeing active exploits hitting our honeypots from 78.186.123.180. We will be going to Infocon Yellow as these scans use the DoS version, not the "detection" version of the exploit. The scans appear to be "Internet wide"... Based on posts on Twitter, 171.13.14.0/24 is also sending the exploit code in 'somewhat targeted' scans..."

Microsoft Security Bulletin MS15-034 - Critical
Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
* https://technet.microsoft.com/library/security/MS15-034
April 14, 2015
> https://support.microsoft.com/en-us/kb/3042553
Last Review: April 14, 2015 - Rev: 1.0
(SEE: 'Applies to...")

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1635 - 10.0 (HIGH)
"... HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability..."

- http://news.netcraft.com/archives/2015/04/16/critical-windows-vulnerability-affects-at-least-70-million-websites.html
16 April, 2015

- http://blog.trendmicro.com/trendlabs-security-intelligence/iis-at-risk-the-http-protocol-stack-vulnerability/
Apr 22, 2015
___

KB 2965295, KB 2965270 freeze Calendar and syncing, cause lockouts
- http://www.infoworld.com/article/2911093/patch-management/kb-2965295-kb-2965270-freeze-calendar-and-syncing-cause-lockouts.html
Apr 16, 2015 - "... more and more reports of problems with two new patches: KB 2965295, the 'April 14, 2015 update for Outlook 2010' and KB 2965270, descriptively entitled 'April 14, 2015 update for Outlook 2013'. I'm also hearing new rumblings about our old friends KB 2956128 - the February Outlook 2010 update rollup (with problems that Microsoft promised to fix 'by the 3rd week of April') - and its successor of sorts, KB 2956203, the 'March 10, 2015 update for Outlook 2010'..."
(More detail at the infoworld URL above.)

:fear::fear:

FYI...

MS Windows 0-day - in-the-wild ...
- http://www.securitytracker.com/id/1032155
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1701 - 7.2 (HIGH)
Apr 20 2015
Impact: Root access via local system
Vendor Confirmed: Yes
Description: A vulnerability was reported in Microsoft Windows. A local user can obtain system privileges on the target system. A local user can run a specially crafted program to execute a callback to use data from the system token and execute code with System privileges.
Microsoft Windows 8 and later are reportedly not affected.
This vulnerability is being actively exploited.
The original advisory is available at:
- https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
Apr 18, 2015
"FireEye reported this vulnerability..."

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1701 - 7.2 (HIGH)
Last revised: 04/21/2015 - "... as exploited in the wild in April 2015..."
___

- http://www.theinquirer.net/inquirer/news/2404757/russian-hacker-group-apt28-is-exploiting-flaws-in-adobe-flash-and-windows
Apr 20 2015 - "... Microsoft is aware of the outstanding local privilege escalation vulnerability in Windows, named CVE-2015-1701, but has -not- yet issued a patch... updating Adobe Flash to the latest version will render the exploit -harmless- because it has seen CVE-2015-1701 in use -only- in conjunction with the Adobe Flash exploit for CVE-2015-3043. The Flash exploit is served from unobfuscated HTML/JS. The launcher page picks one of two Flash files to deliver depending on the target's platform... The APT28 attackers relied heavily on the CVE-2014-0515 Metasploit module to conduct these new exploits..."
___

MS15-051...
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)
- https://technet.microsoft.com/library/security/ms15-051
May 12, 2015
- https://support.microsoft.com/en-us/kb/3057191
Last Review: May 13, 2015 - Rev: 2.0

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1701
Last revised: 05/13/2015
7.2 (HIGH)

:fear::fear:

FYI...

'Optional' Windows 8.1 update KB 3022345 fails to install with error 800F0922
- http://www.infoworld.com/article/2912629/operating-systems/optional-windows-8-1-update-kb-3022345-fails-to-install-with-error-800f0922.html
Apr 22, 2015 - "At least one of the optional Windows updates Microsoft released yesterday is running into problems. Messages are popping up in every corner of the Web that patch KB 3022345 -- an "Update to enable the Diagnostics Tracking Service in Windows 8.1 and Windows Server 2012 R2" -- triggers an installation failure 800F0922..."
* https://support.microsoft.com/en-us/kb/3022345
Last Review: Apr 21, 2015 - Rev: 2.0
___

Microsoft to release massive set of 34 non-security patches Tuesday
- http://www.infoworld.com/article/2911702/operating-systems/massive-round-of-34-optional-non-security-patches-coming-this-tuesday.html
Apr 20, 2015 - "The official list of Windows Update patches was updated over the weekend to show that 34 patches rated "optional" are headed for the Automatic Update chute this Tuesday, April 21...
For those Windows users with Automatic Update turned on, who automatically install optional updates, this could prove to be a rocky Tuesday."
(More detail at the infoworld URL above.)
___

IE11 patch KB 3038314 blocks search engines and may fail with error 80092004
The latest IE11 patch prevents some Windows users from adding Google as a search provider - if it finishes installing at all
- http://www.infoworld.com/article/2911704/microsoft-windows/ie-11-patch-kb-3038314-blocks-adding-search-providers-install-may-fail-with-error-80092004.html
Apr 20, 2015 - "We don't know the full extent of the problem yet, but it appears the latest Internet Explorer patch prevents Internet Explorer 11 - and possibly other versions of IE - from installing Google and other search engines. And the problem may go beyond Windows 7 SP1 and Windows 8.1 Update 1 PCs. Many IE11 customers are reporting on the Microsoft Answers Forum* (and elsewhere**) that the latest IE11 patch rollup, MS15-032 KB 3038314***, reports that it failed to install with error 80092004. Others say the download on that patch -stalls- at 11 percent and doesn't budge, or that the download kicks out at 11 percent with the same failed-to-install error message, code 80092004... No response yet from Microsoft, of course."
(More detail at the infoworld URL above.)
* http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/kb3038314-will-not-install-error-code-is-80092004/f2348f9a-fc62-4800-879e-3bca16e3f3cc

** http://www.techspot.com/community/topics/kb3038314-fails-today-2014-4-17.212083/

*** https://support.microsoft.com/en-us/kb/3038314
___

KB 2952664 triggers daily telemetry run in Windows 7 - and may be snooping on users
Microsoft bills the 'compatibility update' as way to ease the upgrade process to Windows 10 - but it's collecting data daily
- http://www.infoworld.com/article/2911609/operating-systems/kb-2952664-compatibility-update-for-win7-triggers-unexpected-daily-telemetry-run-may-be-snooping.html
Apr 20, 2015 - "If you think that KB 2952664* just tweaks your system a bit to improve the upgrade process, you may be in for a surprise. It could also be triggering a daily telemetry run and maybe even snooping on you. KB 2952664 is billed as a "compatibility update for upgrading Windows 7… [that] helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows." So I was surprised when reader Carl Anderson sent me an email, pointing out a Microsoft Answers forum thread** that accuses the February 2015 Black Tuesday patches of installing a process that red-lines one core of the CPU every time Windows 7 is started..."
(More detail at the infoworld URL above.)
* https://support.microsoft.com/en-us/kb/2952664

** http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/rundllexe-using-whole-cpu-to-run-appraiserdll/b29bdffd-56e2-418f-b0c5-a7f3dfbab2b5?page=1

:fear::fear::fear:

FYI...

April Patch Watch... notes
- http://windowssecrets.com/patch-watch/an-april-patch-watch-special-edition-report/
Apr 22, 2015 - "As if the list of April’s Patch Tuesday nonsecurity fixes weren’t long enough, Microsoft has just released another downpour of patches. These are, for the most part, operating-system updates, primarily for Windows 8.1. None is critical... a second release of nonsecurity updates in the same month is -not- what I had in mind...
Two security-update notes: There are a few reports of problems with Internet Explorer cumulative update KB 3038314. After installing the patch, some users are unable to add another search provider...
Another update, KB 3045999 (MS15-038), is being flagged by software vendor Romax. The company states that the update is incompatible with the company’s software and recommends that its customers remove it. This problem is probably not widespread, but it’s a reminder to keep updates in mind anytime an application starts misbehaving..."

MS15-032: Cumulative security update for Internet Explorer...
> https://support.microsoft.com/en-us/kb/3038314/
Last Review: 04/24/2015 - Rev: 4.0

MS15-038: Description of the security update for Windows...
> https://support.microsoft.com/en-us/kb/3045999/
Last Review: 04/14/2015 - Rev: 1.0

Windows Update KB3045999 Incompatability With All Romax Software...
- http://support.romaxtech.com/entries/93019397-Windows-Update-KB3045999-Incompatability-With-All-Romax-Software
Apr 17, 2015

:fear::fear:

FYI...

KB 3045999 conflicts with McAfee (error c0000018), Romax, VirtualBox
- http://www.infoworld.com/article/2914590/microsoft-windows/windows-patch-kb-3045999-conflicts-with-mcafee-error-c0000018-romax-virtualbox.html
Apr 27, 2015 - "... it now appears as if an “elevation of privilege” patch for Windows, MS 15-038/KB 3045999, causes intermittent problems with a wide array of software.
McAfee ServicePortal reports:
- https://kc.mcafee.com/corporate/index?page=content&id=KB84538
'Several applications fail to start after you install Microsoft Patch MS15-038 on systems with DLP [Data Loss Prevention for] Endpoint. Affected applications include, but are not limited to:
CMD.EXE
Explorer.EXE
MMC-based applications
Microsoft Office applications
PowerShell
Example startup errors include:
csc.exe- Application Error -- The application was unable to start correctly (0xc0000142)
iexplore.exe- Application Error -- The application was unable to start correctly (0xc0000018)
mmc.exe- Application Error -- The application was unable to start correctly (0xc0000018)
cmd.exe- Application Error -- The application was unable to start correctly (0xc0000018)'
Romax reports:
- http://support.romaxtech.com/entries/93019397-Windows-Update-KB3045999-Incompatability-With-All-Romax-Software
'... an error message from Xenocode Virtual Application Studio ISV, “The applications were unable to load a required virtual machine component. Please contact the publisher of this application for more information.” They go on to say:
We have become aware that a specific Microsoft Windows update KB3045999 published on 13th April 2015 prevents all Romax software from starting up. If your Romax software works, we recommend you immediately contact your IT department and ask them to stop installation of Microsoft Windows update KB3045999. If you are receiving the … error message when starting Romax software then please check if this update has been installed; if it has then this update will need to be uninstalled...'
VirtualBox users:
- https://forums.virtualbox.org/viewtopic.php?f=6&t=66639&start=45#p318687
'... I too am getting the error "supR3HardenedWinReadErrorInfoDevice: 'ntdll.dll: 7981 differences between 0x300c and 0x4fff in #1 (.text), first: 4c != 1f.'" I've been using this install of VBox for years (installing updates as they arrive), and after just installing Windows Updates (last updated in March 2015, these were April 2015 updates), none of my VM's (various flavors of Windows & Linux) will start up...' "

MS15-038 ...
- https://support.microsoft.com/en-us/kb/3045999
Last Review: Apr 14, 2015 - Rev: 1.0
___

Win10 patch KB 3055415 released with no details
- http://www.infoworld.com/article/2915513/patch-management/windows-10-patch-kb-3055415-released-with-no-details.html
Apr 27, 2015 - "Microsoft just released a new patch for Windows 10. Like all Windows 10 patches, you get to install it whether you want to or not, and it'll be automatically installed for you, likely overnight. 'Update for Windows Technical Preview April Update for x64-based systems (KB3055415)' forces a reboot. Inside Windows, you get this illuminating notice:
'Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.' ..."

:fear::fear:

FYI...

MS15-032: MS Internet Explorer Multiple Bugs Let Remote Users Bypass ASLR and Execute Arbitrary Code
- http://www.securitytracker.com/id/1032108
Updated: May 1 2015
[Editor's note: On April 30, 2015, the vendor updated their advisory to indicate that users of IE on Windows Server 2003 SP2 who installed update 3038314 -prior- to April 22, 2015 should -re-install- update 3038314.]

- https://technet.microsoft.com/library/security/ms15-032
V2.0 (April 30, 2015): Updated bulletin to inform customers running Internet Explorer on Windows Server 2003 SP2 that the 3038314 update on the Microsoft Download Center was updated on April 22, 2015. Microsoft recommends that customers who installed the 3038314 update -prior- to April 22 should -reinstall- the update to be fully protected from the vulnerabilities discussed in this bulletin.

- https://support.microsoft.com/en-us/kb/3038314
Last Review: Apr 29, 2015 - Rev: 5.0

Cumulative Security Update for IE 7 for Windows Server 2003 (KB3038314)
Download: https://www.microsoft.com/en-us/download/details.aspx?id=46688
File Name: IE7-WindowsServer2003-KB3038314-x86-ENU.exe
___

Microsoft Security Advisory 3062591
Local Administrator Password Solution (LAPS) Now Available
- https://technet.microsoft.com/en-us/library/security/3062591
May 1, 2015 - "Microsoft is offering the Local Administrator Password Solution (LAPS) that provides a solution to the issue of using a common local account with an identical password on every computer in a domain. LAPS resolves this issue by setting a different, random password for the common local administrator account on every computer in the domain. Domain administrators using the solution can determine which users, such as helpdesk administrators, are authorized to read passwords.
Compromised identical local account credentials could allow elevation of privilege if an attacker uses them to elevate from a local user/administrator to a domain/enterprise administrator. Local administrator credentials are needed for occasions when logon is required without domain access. In large environments, password management can become complex, leading to poor security practices, and such environments greatly increase the risk of a Pass-the-Hash (PtH) credential replay attack.
LAPS simplifies password management while helping customers implement recommended defenses against cyberattacks. In particular, the solution mitigates the risk of lateral escalation that results when customers use the same administrative local account and password combination on their computers...
For more information, see:
- https://support.microsoft.com/kb/3062591
Last Review: May 1, 2015 - Rev: 1.0

Microsoft Download Center
- https://www.microsoft.com/downloads/details.aspx?FamilyID=6e424d9b-e6dd-41c8-8523-6818fc2f07ec

:fear::fear:

FYI...

Patch Watch update: Cleaning up April’s leftovers
- http://windowssecrets.com/patch-watch/patch-watch-update-cleaning-up-aprils-leftovers/
May 7, 2015 - "Most of Microsoft’s attention is likely focused on Windows 10, which might explain why we’ve seen updates for Windows 7 and 8 dribbled out over the past month. Some of the updates have a clear agenda: preparing our Win7 and Win8 systems for the transition to Windows 10.
> MS15-032 (3038314) - Still tracking Internet Explorer–update issues:
KB 3038314 was April’s cumulative IE patch. It’s critical to install all IE security updates, but April’s was especially so — it fixed vulnerabilities publicly revealed at the recent Pwn2Own hacking contest. Unfortunately, the update did not go well for all Windows users. As noted in its info page, some users who upgraded from IE 8 to IE 11 received an 'error code 80092004' message.
What’s more, other IE users discovered that they couldn’t add additional search providers after installing the update. At this time, it’s -unclear- whether Microsoft is working on this issue. Making things even more confusing, Microsoft apparently -reissued- the update on April 22, though there’s no information in the update’s information pages to explain why.
REVISION: The reissued KB 3038313 was for Windows Server 2003 -only-.
What to do: If you downloaded and installed KB 3038314 from the Microsoft Download Center before April 22, you should go back and download it again. If you ran into the search-provider issue, you can try uninstalling KB 3038314 (MS15-032), adding any new search providers you want, and then reinstalling the update — and hope that Microsoft fixes the problem soon.
> MS15-041 - .NET Framework updates calmly sail through:
.NET updates were once notoriously troublesome. But most of that went away when Microsoft ended support for Windows XP. .NET fixes are still somewhat confusing because a particular update is made up of numerous separate patches for different versions of .NET. For example, April’s KB 3048010 includes the following specific fixes:
KB 3037572 for .NET 1.1 SP1
KB 3037573 for .NET 2.0 SP2
KB 3037574 for .NET 4
KB 3037575 for .NET 3.5 (Win8)
KB 3037576 for .NET 3.5 (Win8 and Server 2012)
KB 3037577 for .NET 2.0 SP2 (Server 2003)
KB 3037578 for .NET 4
KB 3037579 for .NET 4.5, 4.5.1, and 4.5.2 (Win8 and Server 2012)
KB 3037580 for .NET 4.5, 4.5.1, and 4.5.2
KB 3037581 for .NET 4.5, 4.5.1, and 4.5.2 "
___

Update to enable the Diagnostics Tracking Service in Windows
- https://support.microsoft.com/en-us/kb/3022345
May 6, 2015 - Rev: 4.0

- http://www.infoworld.com/article/2919142/operating-systems/windows-patch-kb-3022345-re-re-released-third-version-of-usage-tracker-in-two-weeks.html
May 7, 2015

:fear::fear:

FYI...

- https://technet.microsoft.com/library/security/ms15-may
May 12, 2015 - "This bulletin summary lists security bulletins released for May 2015...
(Total of -13-)

Microsoft Security Bulletin MS15-043 - Critical
Cumulative Security Update for Internet Explorer (3049563)
- https://technet.microsoft.com/library/security/MS15-043
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-044 - Critical
Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)
- https://technet.microsoft.com/library/security/MS15-044
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, Microsoft Silverlight

Microsoft Security Bulletin MS15-045 - Critical
Vulnerability in Windows Journal Could Allow Remote Code Execution (3046002)
- https://technet.microsoft.com/library/security/MS15-045
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-046 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181)
- https://technet.microsoft.com/library/security/MS15-046
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-047 - Important
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (3058083)
- https://technet.microsoft.com/library/security/MS15-047
Important - Remote Code Execution - May require restart - Microsoft Server Software

Microsoft Security Bulletin MS15-048 - Important
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)
- https://technet.microsoft.com/library/security/MS15-048
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS15-049 - Important
Vulnerability in Silverlight Could Allow Elevation of Privilege (3058985)
- https://technet.microsoft.com/library/security/MS15-049
Important - Elevation of Privilege - Does not require restart - Microsoft Silverlight

Microsoft Security Bulletin MS15-050 - Important
Vulnerability in Service Control Manager Could Allow Elevation of Privilege (3055642)
- https://technet.microsoft.com/library/security/MS15-050
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-051 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)
- https://technet.microsoft.com/library/security/MS15-051
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-052 - Important
Vulnerability in Windows Kernel Could Allow Security Feature Bypass (3050514)
- https://technet.microsoft.com/library/security/MS15-052
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-053 - Important
Vulnerabilities in JScript and VBScript Scripting Engines Could Allow Security Feature Bypass (3057263)
- https://technet.microsoft.com/library/security/MS15-053
Important - Security Feature Bypass - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-054 - Important
Vulnerability in Microsoft Management Console File Format Could Allow Denial of Service (3051768)
- https://technet.microsoft.com/library/security/MS15-054
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-055 - Important
Vulnerability in Schannel Could Allow Information Disclosure (3061518)
- https://technet.microsoft.com/en-us/library/security/MS15-055
Important - Information Disclosure - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/archive/2015/05/12/may-2015-updates.aspx
12 May 2015 - "... we released 13 security bulletins...
We also released one new Security Advisory:
Update to Default Cipher Suite Priority Order (3042058)
- https://technet.microsoft.com/en-us/library/security/3042058.aspx
One Security Advisory was revised:
Update for Adobe Flash Player in Internet Explorer (2755801)
- https://technet.microsoft.com/en-us/library/security/2755801.aspx
___

- http://www.securitytracker.com/id/1032282 - MS15-043
- http://www.securitytracker.com/id/1032281 - MS15-044
- http://www.securitytracker.com/id/1032280 - MS15-045
- http://www.securitytracker.com/id/1032295 - MS15-046
- http://www.securitytracker.com/id/1032296 - MS15-047
- http://www.securitytracker.com/id/1032297 - MS15-048
- http://www.securitytracker.com/id/1032298 - MS15-049
- http://www.securitytracker.com/id/1032299 - MS15-050
- http://www.securitytracker.com/id/1032294 - MS15-051
- http://www.securitytracker.com/id/1032292 - MS15-052
- http://www.securitytracker.com/id/1032290 - MS15-053
- http://www.securitytracker.com/id/1032286 - MS15-054
- http://www.securitytracker.com/id/1032283 - MS15-055
___

May 2015 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2015/05/12/may-2015-office-update-release.aspx
12 May 2015 - "... There are -27- security updates (3 bulletins) and -48- non-security updates...
- http://technet.microsoft.com/en-us/security/ms15-044
- http://technet.microsoft.com/en-us/security/ms15-046
- http://technet.microsoft.com/en-us/security/ms15-047 ..."
___

ISC Analysis:
- https://isc.sans.edu/diary.html?storyid=19685
2015-05-12

.

FYI...

MS's latest massive round of patches...
- http://www.infoworld.com/article/2922112/microsoft-windows/patch-tuesday-massive-changes-but-server-2003-customers-get-the-shaft.html
May 13, 2015 - "... The toll from Microsoft's Patch Tuesday includes 13 security bulletins, three of them critical; one new and one updated Security Advisory; one re-issued .Net security patch; KB 3037580, which "may have to be reinstalled;" 34 re-issued non-security patches for Windows, several of which have been updated multiples times; and a whopping -48- re-issued non-security patches for Office... Complaints are starting to roll in, and many people report that their PCs hang after installing the patches and rebooting; Windows just sits there at "Stage 1 of 3" or "Stage 3 of 3" in the installation process. Fortunately, the old three-finger salute seems to solve the problem. KB 3049563, this month's massive Internet Explorer cumulative patch, supersedes KB 3038314, which was last month's massive Internet Explorer cumulative patch. No definitive word yet on whether the new version continues to block adding search engines and/or fails with installer error 80092004. Contradictory advice on the .Net 4.5 patch re-release ,KB 3037580, has some users wagging their heads. In the official patch update list, Microsoft says "This update may have to be reinstalled," but the KB article clearly says, "Notice/May 12, 2015 /This security update has been re-released and contains updated files. We recommend that you apply this security update." Our old friends KB 3022345 and KB 3048043 are back -- for the fourth and third time, respectively -- having just been re-re-released last week. Those are the patches for fixing screen flickering in Windows 8.1 and enabling the "Diagnostic Tracking Service" in Windows 7, 8.1, and Server 2012 R2. I still have no idea what, precisely, the Diagnostic Tracking Service patch does and how it relates to the Customer Experience Improvement Program, which used to be an 'opt-in' program. We also have yet another critical kernel patch, MS15-044/KB 3057110, because a sufficiently sentient font can take over your computer, even if the font is sitting on a Web page..."
(More detail at the infoworld URL above.)
___

- https://isc.sans.edu/forums/diary/May+2015+Microsoft+Patch+Tuesday+Summary/19685/
Comments:
> "Win7/64bit computer stuck at Stage 1 of 3 - 23% complete. (after being told to reboot after patching). I seem to remember this happening 2-3 months ago..."
> "Looks like KB3061518 is breaking client communications with Catia (DSLS) license servers. Removing the update fixes the problem."
> "Systems stuck on configuring updates stage 3 of 3. [can also be 1 of 3 or 2 of 3 as noted above]. Solution: hit control alt delete. No root cause, no one particular update has been identified."
> "Had one of those happen today, where CTRL-ALT-DEL worked. My system from yesterday tho was completely locked up and its problem happened BEFORE the reboot. The little circle was not spinning and there was no hard drive activity. Did a hard reset on that one and everything came up fine... and all patches showed as installed."

> http://windowssecrets.com/patch-watch/duplicate-patches-add-to-the-usual-update-confusion/
May 13, 2015

:fear: :confused:

FYI...

MS updates KB 3057110, KB 3045171 cause Win7 PCs to crash
GDI+ updates freeze Win7 and earlier PCs when using GsDraw and other drawing tools to create text outline-based path objects
- http://www.infoworld.com/article/2924116/microsoft-windows/microsoft-font-driver-updates-kb-3057110-and-3045171-cause-windows-7-pcs-to-crash.html
May 19, 2015 - "Microsoft has issued an acknowledgment that MS15-044/KB 3057110 and MS15-051/KB 3045171* -- both massive font driver updates that fix TrueType font handling in Windows, .Net Framework, Office, Lync, and Silverlight - can cause Windows 7 and -earlier- PCs to freeze. The official warning goes like this:
' After you install this security update, you experience crashes when you use Windows GDI+ to create text outline-based path objects on a computer that is running Windows 7 or an earlier version of Windows. We are aware of this issue and will address it in the near future.' ..."

MS15-044 and MS15-051 ...
* https://support.microsoft.com/en-us/kb/3045171
Last Review: May 18, 2015 - Rev: 5.0
"Known issues with this security update:
After you install this security update (3045171), you experience crashes when you use Windows GDI+ to create text outline-based path objects on a computer that is running Windows 7 or an earlier version of Windows.
We are aware of this issue and will address it in the near future."

MS15-044 ...
- https://support.microsoft.com/en-us/kb/3057110
Last Review: May 18, 2015 - Rev: 3.0
"Known issues with this security update:
After you install this security update (3057110), you experience crashes when you use Windows GDI+ to create text outline-based path objects on a computer that is running Windows 7 or an earlier version of Windows.
We are aware of this issue and will address it in the near future."
___

April 2015 servicing stack update for Windows 7 and Windows Server 2008 R2
- https://support.microsoft.com/en-us/kb/3020369
Last Review: May 20, 2015 - Rev: 6.0
"Known issues for this update:
- Restart stuck on "Stage 3 of 3": After you install update 3020369 together with other updates, a restart may be required to complete the installation. During this restart, you may find yourself stuck on "Stage 3 of 3." If you encounter this issue, press Ctrl+Alt+Delete to continue to log on. This should occur only one time and does not prevent updates from installing successfully.
- An update installation fails after you install update 3020369: When you install update 3020369 together with other updates, you may encounter a timing issue that causes the update tried immediately after you install update 3020369 to fail. This issue only affects the update tried immediately after update 3020369. As soon as update 3020369 is installed, another try to install the failed update should be successful..."

- http://www.infoworld.com/article/2923843/patch-management/microsoft-fingers-kb-3020369-as-culprit-in-stage-3-of-3-reboot-hangs.html
May 19, 2015
___

Microsoft Security Bulletin MS15-046 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181)
- https://technet.microsoft.com/en-us/library/security/MS15-046
V2.0 (May 19, 2015): Bulletin revised to announce the release of the Microsoft Office for Mac 14.5.1 update. The release addresses a potential issue with Microsoft Outlook for Mac when customers install the Microsoft Office for Mac 14.5.0 update. Customers who have not already installed the 14.5.0 update should install the 14.5.1 update to be fully protected from this vulnerability. To avoid the possibility of future issues with Microsoft Outlook for Mac, Microsoft recommends that customers running Office for Mac software who have already successfully installed the 14.5.0 update also apply the 14.5.1 update even though they are already protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3048688* for more information.
* https://support.microsoft.com/en-us/kb/3048688
Last Review: May 19, 2015 - Rev: 1.0

:fear::fear: :spider:

FYI...

Update to enable the Diagnostics Tracking Service in Windows
Notice: The current version of this hotfix, Version 2, was published on May 6, 2015. The previous version of this hotfix was Version 1.005. Both versions provide the same functionality and protection except that Version 2 includes a minor update to support devices that do not contain U.S. English language files. However, the current hotfix is not a compatible upgrade to Version 1.005 and may cause an error (800F0922) if it is installed over the old version. We recommend that you install this hotfix if you have not already installed it. If you have installed the original version of this hotfix and you want the added functionality, we recommend that you wait for an upcoming version that will be a compatible upgrade to either version.
- https://support2.microsoft.com/default.aspx?scid=kb;en-us;3022345
Summary: This update enables the Diagnostics Tracking Service in Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1. This tracking service collects data about functional issues in Windows.
This update contains the following two manifests that are occasionally updated by the Diagnostic Tracking Service:
telemetry.ASM-WindowsDefault.json
utc.app.json
The two files are marked as static files in the update. When an advanced user runs the System File Checker Tool (sfc.exe), the files are unintentionally flagged as corrupted. There is no impact or corruption on a device that is running this update, and this issue will be fixed in a later service update...
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations."
Last Review: June 4, 2015 - Rev: 7.0
"This update has been replaced by the latest update for customer experience and diagnostic telemetry that was first released on June 2, 2015. To obtain the update, see 3068708 Update* for customer experience and diagnostic telemetry."
* https://support.microsoft.com/en-us/kb/3068708
Last Review: 06/18/2015- Rev: 4.0

:fear::fear: :sad:

FYI...

MS15-044: Description of the security update for the .NET Framework 3.5.1 on Win7 SP1 and Win Svr 2008 R2 SP1
- https://support.microsoft.com/en-us/kb/3048070
Last Review: May 21, 2015 - Rev: 2.0

MS Security Bulletin MS15-044 - Critical
Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)
- https://technet.microsoft.com/library/security/ms15-044
V2.0 (May 21, 2015): Bulletin revised to announce the availability of a -new- update (3065979) that fixes a known issue that some customers experienced after installing the 3045171 security update on all supported editions of Windows 7/Windows 2008 R2 and earlier systems. The 3045171 security update causes customer applications to crash while attempting to create text-outline-based path objects using GDI+. Customers who are experiencing this known issue can correct the problem by installing the 3065979 update. See Microsoft Knowledge Base Article 3065979* for more information and download links.

MS15-044 ...
- https://support.microsoft.com/en-us/kb/3057110
Last Review: May 25, 2015 - Rev: 7.0

"GsDraw error (1): GenericError" error occurs and application crashes when you create text outline in Windows
* https://support.microsoft.com/en-us/kb/3065979
Last Review: May 22, 2015 - Rev: 2.0

MS15-044 and MS15-051: Description of the security update for Windows font drivers
- https://support.microsoft.com/en-us/kb/3045171
Last Review: May 21, 2015 - Rev: 6.0

April 2015 servicing stack update for Windows 7 and Windows Server 2008 R2
- https://support.microsoft.com/en-us/kb/3020369
Last Review: May 27, 2015 - Rev: 7.0
"... Known issues for this update: Restart stuck on "Stage 3 of 3"
After you install update 3020369 together with other updates, a restart may be required to complete the installation. During this restart, you may find yourself stuck on "Stage 3 of 3."
If you encounter this issue, press Ctrl+Alt+Delete to continue to log on. This should occur only one time and does not prevent updates from installing successfully.
An update installation fails after you install update 3020369
When you install update 3020369 together with other updates, you may encounter a timing issue that causes the update tried immediately after you install update 3020369 to fail.
This issue only affects the update tried immediately after update 3020369. As soon as update 3020369 is installed, another try to install the failed update should be successful.
Note: In managed environments, such as by using Windows Server Update Services (WSUS), you can avoid either of these issues by deploying this update as a stand-alone update."
___

- http://www.infoworld.com/article/2925777/microsoft-windows/microsoft-issues-patch-kb-3065979-to-fix-win7-gdi-drawing-problems-brought-on-by-kb-3045171.html
May 22, 2015
___

KB 3022345... again.
- http://www.infoworld.com/article/2926179/microsoft-windows/microsoft-confirms-patch-kb-3022345-breaks-sfc-scannow.html
May 26, 2015
- https://support2.microsoft.com/default.aspx?scid=kb;en-us;3022345
Last Review: June 4, 2015 - Rev: 7.0
"This update has been replaced by the latest update for customer experience and diagnostic telemetry that was first released on June 2, 2015. To obtain the update, see 3068708 Update* for customer experience and diagnostic telemetry."
* https://support.microsoft.com/en-us/kb/3068708
Last Review: 06/18/2015 - Rev: 4.0
___

Patching and servicing of Windows and Linux - survey and email contact
- http://blogs.technet.com/b/filecab/archive/2015/05/19/patching-and-servicing-of-windows-and-linux-survey-and-email-contact.aspx
19 May 2015 - "... We are studying customer patching pain points and behaviors within Linux and Windows Server environments across operating systems and applications. If you are a stakeholder in the patching/updating process for your company and would like to share your thoughts and feedback, please take a few minutes to fill out the following survey:
- https://www.surveymonkey.com/r/YYZKBS3
If you want to give us direct and deep feedback, please email us at:
patchfeed@microsoft.com
Again, we are interested in feedback and experiences from both Windows Server administrators as well as Linux sysadmins..."

:fear::fear:

FYI...

MS reclassifies Win10 -nagware- patches, KB 2952664 and 2976978 ...
Users with Automatic Update turned on in Win7 or 8.1, will now get the latest Windows 10 rollout software
- http://www.infoworld.com/article/2932214/microsoft-windows/microsoft-reclassifies-windows-10-nagware-patches-kb-2952664-and-2976978-as-important.html
Jun 5, 2015 - "... Microsoft changed the rating of two Win10 -nagware- patches, KB 2952664 and KB 2976978, from Optional to Important. I wrote about both patches two days ago*, when they were both still listed as Optional. By moving from Optional to Important, Microsoft is sending the patches down the Automatic Update chute. Anyone who has Automatic Update turned on will get the new Win10 advertising... If I counted correctly, this is the -17th- version of the Windows 7 patch KB 2952664 and the -12th- version of the Windows 8.1 patch KB 2976978. In the past, KB 2952664 has caused lots of problems, while KB 2976978 has been benign. The KB article for the Windows 8.1 patch still says it "performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program [CEIP] in order to determine whether compatibility issues may be encountered when the latest Windows operating system is installed." I'm still mystified by that description, because I don't understand why people running the Get Windows 10 program are, in fact, opting into the CEIP. I don't see anything different about the patches. Presumably they have more under-the-covers changes to ease the world into Windows 10."
* http://www.infoworld.com/article/2930713/microsoft-windows/microsoft-re-re-releases-kb-2952664-kb-2976978-and-kb-2977759.html

- https://support.microsoft.com/en-us/kb/2952664
Last Review: June 3, 2015 - Rev: 9.0

- https://support.microsoft.com/en-us/kb/2976978
Last Review: June 2, 2015 - Rev: 10.0
___

- http://www.infoworld.com/article/2931991/microsoft-windows/windows-10-ads-taking-hubris-to-a-new-level.html
Jun 8, 2015 - "... Anybody who installs a new OS - any OS - on the first day of release is just begging for trouble."

:fear::fear:

FYI...

> https://technet.microsoft.com/library/security/ms15-jun
June 9, 2015 - "This bulletin summary lists security bulletins released for June 2015...
(Total of -8-)

Microsoft Security Bulletin MS15-056 - Critical
Cumulative Security Update for Internet Explorer (3058515)
- https://technet.microsoft.com/library/security/MS15-056
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-057 - Critical
Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890)
- https://technet.microsoft.com/library/security/MS15-057
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-059 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)
- https://technet.microsoft.com/library/security/MS15-059
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-060 - Important
Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)
- https://technet.microsoft.com/library/security/MS15-060
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-061 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)
- https://technet.microsoft.com/library/security/MS15-061
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-062 - Important
Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)
- https://technet.microsoft.com/library/security/MS15-062
Important - Elevation of Privilege - Does not require restart - Microsoft Windows

Microsoft Security Bulletin MS15-063 - Important
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)
- https://technet.microsoft.com/library/security/MS15-063
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-064 - Important
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)
- https://technet.microsoft.com/library/security/MS15-064
Important - Elevation of Privilege - Does not require restart - Microsoft Exchange Server
___

MS15-056: http://www.securitytracker.com/id/1032521
MS15-057: http://www.securitytracker.com/id/1032522
MS15-059: http://www.securitytracker.com/id/1032523
MS15-060: http://www.securitytracker.com/id/1032524
MS15-061: http://www.securitytracker.com/id/1032525
MS15-062: http://www.securitytracker.com/id/1032526
MS15-063: http://www.securitytracker.com/id/1032527
MS15-064: http://www.securitytracker.com/id/1032528
___

- http://blogs.technet.com/b/msrc/archive/2015/06/09/june-2015-updates.aspx
9 Jun 2015 - "... we released 8 security bulletins...
We released one new Security Advisory:
Update for Juniper Network Windows In-Box Junos Pulse Client (2962393)
- https://technet.microsoft.com/en-us/library/security/2962393.aspx
One Security Advisory has been revised:
Update for Adobe Flash Player in Internet Explorer (2755801)
- https://technet.microsoft.com/en-us/library/security/2755801.aspx
___

June 2015 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2015/06/09/june-2015-office-update-release.aspx
9 Jun 2015 - "... There are 16 security updates (2 bulletins) and 45 non-security updates..."

MS15-059: http://technet.microsoft.com/en-us/security/ms15-059

MS15-046 :https://technet.microsoft.com/en-us/security/ms15-046
"... To address issues with the security updates for all affected Microsoft Office 2010 software, Microsoft re-released MS15-046...
V1.0 (May 12, 2015): Bulletin published.
V2.0 (May 19, 2015): Bulletin revised...
V3.0 (June 9, 2015): To address issues with the security updates for all affected Microsoft Office 2010 software, Microsoft re-released MS15-046 to comprehensively address CVE-2015-1682. Microsoft recommends that customers running affected Office 2010 software should install the security updates released with this bulletin revision to be fully protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3057181* for more information and download links."
* https://support.microsoft.com/en-us/kb/3057181
Last Review: June 9, 2015 - Rev: 2.0

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1682 / 9.3 (HIGH)
___

HTTP Strict Transport Security comes to Internet Explorer 11 on Windows 8.1 and Windows 7
- http://blogs.windows.com/msedgedev/2015/06/09/http-strict-transport-security-comes-to-internet-explorer-11-on-windows-8-1-and-windows-7/
June 9, 2015 - "In February, we released the first preview of HTTP Strict Transport Security in Internet Explorer 11 in the Windows 10 Insider Preview. The HTTP Strict Transport Security (HSTS) policy protects against variants of man-in-the-middle attacks that can strip TLS out of communications with a server, leaving the user vulnerable. With today’s monthly security updates (KB 3058515), we’re bringing the protections offered by HSTS to Internet Explorer 11 on Windows 8.1 and Windows 7. HSTS is also available in both Internet Explorer 11 and Microsoft Edge on Windows 10. Site developers can use HSTS policies to secure connections by opting in to an HSTS preload list, which registers websites to be hardcoded by Microsoft Edge, Internet Explorer, and other browsers to redirect HTTP traffic to HTTPS. Communications with these websites from the initial connection are automatically upgraded to be secure..."
MS15-056: https://support.microsoft.com/en-us/kb/3058515
Last Review: June 9, 2015 - Rev: 1.0
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=19781
2015-06-09
___

- http://www.theinquirer.net/inquirer/news/2412515/patch-tuesday-brings-just-eight-fixes-and-a-mystery-omission
Jun 10 2015 - "... There's no MS15-058. We don't know why this is. Perhaps something was pulled at the last minute, or perhaps there's an out-of-band coming up..."

.

FYI...

June's Patch Tuesday includes IE update, 18 nonsecurity patches...
- http://www.infoworld.com/article/2933391/microsoft-windows/junes-patch-tuesday-includes-ie-update-18-non-security-patches.html
Jun 10, 2015 - "... Looking only at the number of security bulletins issued this month - eight - you might think June's been a walk in the park. But if you look at what's being patched and what's missing, the numbers and headaches begin to pile up... there's the obligatory giant Internet Explorer patch, MS15-056/KB 3058515, which tackles a couple dozen independently identified security holes in IE6, IE7, IE8, IE9, IE10, and IE11. If you're still using IE, it's worth noting that Microsoft has pushed out boatloads of IE patches every month over the past year except January. IE patching has turned from a comedy to a tragedy. Microsoft Edge, the browser in Windows 10, can't come a moment too soon. The other seven vulnerabilities being patched run quite a gamut, although it's worth noting that the SANS Internet Storm Center only lists one, MS15-060, as having a known exploit - and it's rated as important, not critical. SANS notes that the bulletin for MS15-062 includes a line of code that appears to be a proof-of-concept exploit. Microsoft re-released many old, nonsecurity patches this month, including KB 2952664 and KB2976978 - the Windows10 nagware patches that were re-re-re-re-released five days ago..."
(More detail at the infoworld URL above.)

- http://windowssecrets.com/patch-watch/no-summer-break-from-ms-office-updates/
June 11, 2015 - "... Office 2010 and 2013 both get a slew of nonsecurity fixes. June’s Patch Tuesday release was also bulked up with a bunch of reissued security updates for Office 2010 and some patches that prepare Win7 and Win8 machines for Windows 10... Microsoft has added HTTP Strict Transport Security (HSTS; more info*) to IE 11 on Windows 8.1 and 7. June’s cumulative IE update, KB 3058515, among other things, adds support for HSTS to IE clients. But actually implementing this security feature will be up to individual site developers. Rated critical, KB 3058515 patches over 20 IE vulnerabilities. It also includes seven nonsecurity fixes — among them, one that improves HTML table display speed and another that solves an issue with slow or crashing Web apps..."
* https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

:fear::fear:

FYI...

MS Security Bulletin MS15-048 - Important
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)
- https://technet.microsoft.com/en-us/library/security/MS15-048
May 12, 2015 | V1.1 (June 17, 2015): Corrected bulletin replacement for the 3035488 update for .NET Framework 2.0 on all affected editions of Windows Server 2003 Service Pack 2.
- https://support.microsoft.com/en-us/kb/3057134
Last Review: May 12, 2015 - Rev: 1.0
- https://support.microsoft.com/en-us/kb/3035488
Last Review: May 12, 2015 - Rev: 1.0
- https://support.microsoft.com/en-us/kb/3023220
Last Review: May 12, 2015 - Rev: 1.0

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1672
5.0
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1673
9.3 (HIGH)

:confused:
___

Windows 10 Q&A
- https://www.microsoft.com/en-us/windows/windows-10-faq

.

FYI... MS - miscellaneous notes:

Win8 users face patch spigot shutoff in 7 months
- http://www.computerworld.com/article/2938025/microsoft-windows/windows-8-users-face-patch-spigot-shutoff-in-7-months.html
Jun 19, 2015
- https://support.microsoft.com/en-us/gp/lifecycle-windows81-faq
"What is the support lifecycle policy for Windows 8.1? Windows 8.1 falls under the same lifecycle policy as Windows 8, and will reach end of Mainstream Support on January 9, 2018, and end of Extended Support on January 10, 2023. With the General Availability of Windows 8.1, customers on Windows 8 have 2 years, until January 12, 2016, to move to Windows 8.1 in order to remain supported..."
___

An issue you might encounter after installing Microsoft Security Update 3004375
- http://blogs.technet.com/b/momteam/archive/2015/06/15/quick-note-on-an-issue-you-might-encounter-after-installing-microsoft-security-update-3004375.aspx
15 Jun 2015
___

Revised content for the Windows 10 in-place upgrade via task sequence for Configuration Manager
- http://blogs.technet.com/b/configmgrteam/archive/2015/06/16/revised-content-for-the-win10-in-place-upgrade-via-task-sequence-for-configmgr.aspx
16 Jun 2015 - "... And now a word from our lawyers: the attached content is -not- for production use; it is a sample for evaluation only and thus subject to the Microsoft Limited Public License (see Exhibit B of the TechNet Terms of Use). This posting is provided "AS IS" with no warranties and confers no rights..."

- http://www.theinquirer.net/inquirer/news/2414191/microsoft-befuddles-insiders-with-a-yes-it-isnt-windows-10-freebie-policy
Jun 22 2015

:fear::fear:

FYI...

- http://windowssecrets.com/newsletter/best-techniques-for-the-safe-disposal-of-drives/#story6
June 24, 2015 - "... This month’s leftover updating issues include an important out-of-band Adobe Flash fix and a lingering kernel patch...
- Patch Tuesday officially falls on the second Tuesday of the month. But there’s also been the somewhat unofficial Patch Tuesday on the fourth Tuesday of the month, used in the past mostly for nonsecurity updates. It now appears that Microsoft has quietly moved the release of nonsecurity fixes to the third Tuesday...
- Windows 10. Think of the new OS as a giant nonsecurity update. There’s -no- compelling reason to install it within days of its formal release. Put Win10 off for at least a couple of weeks; during that time, we’ll see whether there are reports of significant installation issues. The delay will also give third-party vendors time to tweak their applications and drivers.
Note: Make sure you have a full backup of your current system before staring the Win10 upgrade process! ..."
____

MS15-056: Cumulative security update for Internet Explorer: June 9, 2015
- https://support.microsoft.com/en-us/kb/3058515
Last Review: 06/25/2015 - Rev: 5.0
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
Microsoft Internet Explorer 6.0
"Known issues: After you install this security update, you may be unable to install some ActiveX controls.
To resolve this issue, install 3072449*. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 3072449 Installation of ActiveX controls may fail in Internet Explorer in Windows 8.1 or Windows 8 (To work around this issue, run Internet Explorer as an administrator by using the Run as administrator option. To do this, right-click Internet Explorer, and then click Run as Administrator. This will enable the ActiveX controls to be installed. After ActiveX is installed, you no longer have to run Internet Explorer by using the Run as administrator option)."
* https://support.microsoft.com/en-us/kb/3072449
Last Review: 06/26/2015 - Rev: 2.0
___

MS Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
V42.0 (June 23, 2015): Added the 3074219 update* to the Current Update section.
"... The update addresses the vulnerabilities described in Adobe Security bulletin APSB15-14**..."
* https://support.microsoft.com/en-us/kb/3074219
Last Review: June 23, 2015 - Rev: 1.0

** http://helpx.adobe.com/security/products/flash-player/apsb15-14.html
June 23, 2015

>> https://forums.spybot.info/showthread.php?12890-Adobe-updates-advisories&p=464699#post464699
___

MS Security Bulletin MS15-044 - Critical
Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)
- https://technet.microsoft.com/en-us/library/security/MS15-044
V2.1 (June 23, 2015): Bulletin revised to announce a detection change in the 3056819 update for Microsoft Silverlight 5. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
___

MS Security Bulletin MS15-049 - Important
Vulnerability in Silverlight Could Allow Elevation of Privilege (3058985)
- https://technet.microsoft.com/en-us/library/security/MS15-049
V1.1 (June 23, 2015): Bulletin revised to announce a detection change in the 3056819 update for Microsoft Silverlight 5. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.

:fear:

FYI...

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
July 8, 2015 V43.0 - "... updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... by 'checking for updates' using the Microsoft Update service... addresses the vulnerabilities described in Adobe Security bulletin APSB15-16*..."
* https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
___

Windows nagware patches KB 2952664 and KB 2976978 install repeatedly
Microsoft released five patches on Tuesday, and at least two of them are having problems
- http://www.infoworld.com/article/2945412/microsoft-windows/windows-nagware-patches-kb-2952664-and-2976978-install-repeatedly.html
Jul 8, 2015

> https://support.microsoft.com/en-us/kb/2952664
Last Review: 07/07/2015 - Rev: 10.0
Applies to:
Windows 7 SP1

> https://support.microsoft.com/en-us/kb/2976978
Last Review: 07/07/2015 - Rev: 11.0
Applies to:
Windows 8, 8.1 ...

:fear::fear:

FYI...

- https://technet.microsoft.com/library/security/ms15-jul
July 14, 2015 - "This bulletin summary lists security bulletins released for July 2015...
(Total of -14-)

Microsoft Security Bulletin MS15-058 - Important
Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)
- https://technet.microsoft.com/library/security/MS15-058
Important - Remote Code Execution - May require restart - Microsoft SQL Server

Microsoft Security Bulletin MS15-065 - Critical
Security Update for Internet Explorer (3076321)
- https://technet.microsoft.com/en-us/library/security/MS15-065
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-066 - Critical
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3072604)
- https://technet.microsoft.com/en-us/library/security/MS15-066
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-067 - Critical
Vulnerability in RDP Could Allow Remote Code Execution (3073094)
- https://technet.microsoft.com/en-us/library/security/MS15-067
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-068 - Critical
Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution (3072000)
- https://technet.microsoft.com/en-us/library/security/MS15-068
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-069 - Important
Vulnerabilities in Windows Could Allow Remote Code Execution (3072631)
- https://technet.microsoft.com/en-us/library/security/MS15-069
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-070 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620)
- https://technet.microsoft.com/en-us/library/security/MS15-070
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-071 - Important
Vulnerability in Netlogon Could Allow Elevation of Privilege (3068457)
- https://technet.microsoft.com/en-us/library/security/MS15-071
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-072 - Important
Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392)
- https://technet.microsoft.com/en-us/library/security/MS15-072
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-073 - Important
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102)
- https://technet.microsoft.com/en-us/library/security/MS15-073
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-074 - Important
Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (3072630)
- https://technet.microsoft.com/en-us/library/security/MS15-074
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-075 - Important
Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633)
- https://technet.microsoft.com/en-us/library/security/MS15-075
Important - Elevation of Privilege - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-076 - Important
Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505)
- https://technet.microsoft.com/en-us/library/security/MS15-076
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-077 - Important
Vulnerability in ATM Font Driver Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/library/security/MS15-077
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/archive/2015/07/14/july-2015-security-updates.aspx
14 Jul 2015 - "... we released security updates for Microsoft Windows, Microsoft Office, Microsoft SQL Server, and Internet Explorer..."

Security Advisories released - 3

Microsoft Security Advisory 2974294
Vulnerability in MSRT Could Allow Elevation of privilege
- https://technet.microsoft.com/en-us/library/security/2974294

Microsoft Security Advisory 3057154
Update to Harden Use of DES Encryption
- https://technet.microsoft.com/en-us/library/security/3057154

Microsoft Security Advisory 3074162
Vulnerability in MSRT Could Allow Elevation of privilege
- https://technet.microsoft.com/en-us/library/security/3074162
___

July 2015 Office Updates
- http://blogs.technet.com/b/office_sustained_engineering/archive/2015/07/14/july-2015-office-update-release.aspx
14 Jul 2015 - "... There are 16 security updates (1 bulletin) and 41 non-security updates...
Security Bulletin MS15-070: http://technet.microsoft.com/en-us/security/ms15-070
___

MS15-058: http://www.securitytracker.com/id/1032893
MS15-065: http://www.securitytracker.com/id/1032894
MS15-066: http://www.securitytracker.com/id/1032895
MS15-067: http://www.securitytracker.com/id/1032896
MS15-068: http://www.securitytracker.com/id/1032897
MS15-069: http://www.securitytracker.com/id/1032898
MS15-070: http://www.securitytracker.com/id/1032899
MS15-071: http://www.securitytracker.com/id/1032900
MS15-072: http://www.securitytracker.com/id/1032902
MS15-073: http://www.securitytracker.com/id/1032904
MS15-074: http://www.securitytracker.com/id/1032905
MS15-075: http://www.securitytracker.com/id/1032906
MS15-076: http://www.securitytracker.com/id/1032907
MS15-077: http://www.securitytracker.com/id/1032908
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=19919
2015-07-14

.

FYI...

MS Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
July 15, 2015 V44.0 - "... Microsoft released an update (3079777) for Internet Explorer 10 on Windows 8, Windows Server 2012, Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB15-18*. For more information about this update, including download links, see Microsoft Knowledge Base Article 3079777**..."
* http://helpx.adobe.com/security/products/flash-player/apsb15-18.html

** https://support.microsoft.com/en-us/kb/3079777
Last Review: 07/15/2015 - Rev: 1.0

:fear:

FYI...

Microsoft Security Bulletin MS15-078 - Critical
Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904*)
- https://technet.microsoft.com/library/security/MS15-078
July 20, 2015

* https://support.microsoft.com/en-us/kb/3079904
Last Review: 07/20/2015 - Rev: 1.0

> Microsoft issues emergency patch for critical vulnerability in Windows
Technical details are public, making it likely bug will be actively exploited.
- http://arstechnica.com/security/2015/07/microsoft-issues-emergency-patch-for-critical-vulnerability-in-windows/
Jul 20, 2015 5:30pm EDT - "... critical vulnerability, which is present in all supported version of Windows... no indications at the moment that the vulnerability is being actively exploited in the wild. Still, the unscheduled issuance on Monday is an indication that the chances of exploitation are high enough to merit installation as soon as possible... The easiest way to close the security hole is to use Windows Update to install the patch..."

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2426
Last revised: 07/22/2015
9.3 (HIGH)
___

MS patches - fewer problems over past 3 months ...
- http://www.infoworld.com/article/2951855/microsoft-windows/microsoft-patches-caused-fewer-problems-over-the-past-3-months.html
July 23, 2015 - "... it now appears that there are very few errors in Microsoft patches that were released in May, June and July 2015... list of problematic patches took a nose dive at the end of April, and hasn't bobbed back up... There's one big problem patch this month - the MS 15-058/KB 3065718 SQL Server patch has a nasty habit of installing on SQL Server 2005, even though it's -designed- for SQL Server 2008 - but the problems are well documented in the KB article*, and the relatively easy fix - remove the update - is detailed in KB 3045303**... one small problem: MS 15-072/KB 3069392 runs afoul of Cisco WebEx's ability to share screens. Cisco has already released a fix:
> https://tools.cisco.com/quickview/bug/CSCuv36151
In her monthly patch spreadsheet[4], PatchManagement.org moderator Susan Bradley also notes some reports of problems with print spoolers after installing the MS 15-072/KB 3069392 patch***, but the reports are scattered and most (but not all) seem to clear up, particularly when switching to the HP Universal driver 6.0. There's also this note from Microsoft about the re-issuing of the January patch MS 15-006/KB 3004365:
'Bulletin revised to inform customers of the July 14, 2015 reoffering of the 3004365 update for Windows 8.1 and Windows Server 2012 R2 systems. The update provides defense-in-depth measures beyond what was provided in the original update issued on January 13, 2015. Customers running these operating systems who have already successfully applied the update should -reinstall- the update to be best protected from the vulnerability discussed in this bulletin'[5] ..."

* https://support.microsoft.com/en-us/kb/3065718

** https://support.microsoft.com/en-us/kb/3045303

*** https://support.microsoft.com/en-us/kb/3069392

4] https://onedrive.live.com/view.aspx?cid=C756C44362CD94AD&resid=c756c44362cd94ad!2257&qt=sharedby&app=Excel%20

5] https://technet.microsoft.com/library/security/ms15-006
Updated: July 22, 2015

:fear::fear: :spider:

FYI...

Win10 patch KB 3074683 fixes Explorer crash caused by KB 3074681
- http://www.infoworld.com/article/2953475/microsoft-windows/windows-10-patch-kb-3074683-fixes-explorer-crash-caused-by-kb-3074681.html
Jul 28, 2015 - "Overnight, Microsoft released a patch, dubbed KB 3074683*, which appears to fix the problems caused by a Windows 10 Technical Preview build 10240 update; the KB 3074681 patch triggered Explorer crashes in certain circumstances. If you're using build 10240, your machine probably rebooted and the fix is installed..."
(More detail at the infoworld URL above.)
* https://support.microsoft.com/en-us/kb/3074683
Last Review: 07/27/2015 - Rev: 1.0
Applies to:
Windows 10 Home, released in July 2015
Windows 10 Enterprise, released in July 2015
Windows 10 Education, released in July 2015
Windows 10 Pro, released in July 2015
___

How to temporarily prevent a Windows or driver update from reinstalling in Windows 10
- https://support.microsoft.com/en-us/kb/3073930
"Symptoms: In Windows 10, your device is always kept up to date with the latest features and fixes. Updates and drivers are installed automatically, with no need to select which updates are needed or not needed. In rare cases, a specific driver or update might temporarily cause issues with your device, and in this case you will need a way to prevent the problematic driver or update from reinstalling automatically the next time Windows Updates are installed..."
Last Review: 07/28/2015 - Rev: 5.0
Applies to:
Windows 10
Windows 10 Insider Preview

:fear::fear:

FYI...

Patching collides with Win10...
- http://windowssecrets.com/patch-watch/julys-pc-patching-collides-with-win10-release/
July 29, 2015 - "... Microsoft made good on its promise to release a free Win10 upgrade for consumer Win7 SP1 and Win8.1 systems. I assume that those who like living dangerously have already started the upgrade process on a production machine -without- first ensuring they have complete and functional backups stored on external drives. I wish them the best of luck. But wiser Windows users will put off installing the new OS on their main systems for at least a month or two, giving Microsoft time to work out the inevitable kinks in the system..."
(More detail at the URL above.)
___

Updating to Win10: Definitely a mixed experience
- http://windowssecrets.com/top-story/updating-to-win10-definitely-a-mixed-experience/
July 29, 2015
___

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
V45.0 (July 29, 2015): Added the 3074683 update for Windows 10 systems to the Current Update section.
___

Windows 10 Shares Your Wi-Fi With Contacts
- http://krebsonsecurity.com/2015/07/windows-10-shares-your-wi-fi-with-contacts/
July 29, 2015

:fear::fear:

FYI...

No wireless networks are available after you upgrade from Windows 8.1 to Windows 10
- https://support.microsoft.com/en-us/kb/3084164
Last Review: 08/05/2015 - Rev: 12.0
"Note: Multiple issues may cause this problem. This article lists the known issues and the appropriate resolutions..."
___

Specifications: an overview of requirements, editions, and languages available for Windows 10.
- https://www.microsoft.com/en-us/windows/windows-10-specifications#upgrade
___

MS rolls out first official Windows 10 patches: KB 3081424, KB 3081427
The first post-July 29 updates include little documentation, but know that one of them clocks in at more than 300MB
- http://www.infoworld.com/article/2957239/microsoft-windows/microsoft-official-windows-10-patches-kb-3081424-kb-3081427.html
Aug 5, 2015 - "Microsoft is rolling out a cumulative update for Windows 10, identified as KB 3081424*, which replaces the earlier cumulative update KB 3074683**, which, in turn, fixed a Windows Explorer crash caused by KB 3074681. To install KB 3081424, you must already have KB 3074683 on your machine. This should be a given, since updates are forced onto Win10 Home and Win10 Pro machines that aren’t attached to an update server. As best I can tell, this is the first post-July 29 cumulative update for Windows 10. It’s huge, with many hundreds of changed files in the manifest..."

* https://support.microsoft.com/en-us/kb/3081424
Last Review: 08/05/2015 - Rev: 3.1
Applies to:
Windows 10

** https://support.microsoft.com/en-us/kb/3074683
Last Review: 08/04/2015 - Rev: 5.0
Applies to:
Windows 10 Home, released in July 2015
Windows 10 Enterprise, released in July 2015
Windows 10 Education, released in July 2015
Windows 10 Pro, released in July 2015

- https://support.microsoft.com/en-us/kb/3074681
Last Review: 07/31/2015 - Rev: 3.0
Applies to:
Windows 10

:fear::fear:

FYI...

Error opening Office docs after upgrading to Win10
- https://support.microsoft.com/en-us/kb/3086786
Last Review: 08/04/2015 - Rev: 1.0 - "Symptoms: After upgrading from Windows 7 to Windows 10, you may find that some of your Office -2013- documents do not open and you receive one of the following errors:
- Word: “Word experienced an error trying to open the file”
- Excel: “This file is corrupt and cannot be opened”
- PowerPoint: one of the following -
“The application was unable to start correctly"
“PowerPoint found a problem with <filename>"
“Sorry, PowerPoint can’t read <filename>" ...
Resolution: There are two workarounds for this issue. Try the first workaround, and if that doesn’t resolve the issue, try the second...:

:fear:

FYI...

- https://technet.microsoft.com/en-us/library/security/ms15-aug
Aug 11, 2015 - "This bulletin summary lists security bulletins released for August 2015...
(Total of -14-)

Microsoft Security Bulletin MS15-079 - Critical
Cumulative Security Update for Internet Explorer (3082442)
- https://technet.microsoft.com/library/security/MS15-079
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-080 - Critical
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
- https://technet.microsoft.com/library/security/MS15-080
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, Microsoft Silverlight

Microsoft Security Bulletin MS15-081 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)
- https://technet.microsoft.com/library/security/MS15-081
Critical - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-082 - Important
Vulnerabilities in RDP Could Allow Remote Code Execution (3080348)
- https://technet.microsoft.com/library/security/ms15-082
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-083 - Important
Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921)
- https://technet.microsoft.com/library/security/ms15-083
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-084 - Important
Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129)
- https://technet.microsoft.com/library/security/ms15-084
Important - Information Disclosure - May require restart - Microsoft Windows, Microsoft Office

Microsoft Security Bulletin MS15-085 - Important
Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487)
- https://technet.microsoft.com/library/security/MS15-085
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-086 - Important
Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158)
- https://technet.microsoft.com/en-us/library/security/MS15-086
Important - Elevation of Privilege - Does not require restart - Microsoft Server Software

Microsoft Security Bulletin MS15-087 - Important
Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459)
- https://technet.microsoft.com/library/security/MS15-087
Important - Elevation of Privilege - Does not require restart - Microsoft Windows, Microsoft Server Software

Microsoft Security Bulletin MS15-088 - Important
Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)
- https://technet.microsoft.com/library/security/MS15-088
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-089 - Important
Vulnerability in WebDAV Could Allow Information Disclosure (3076949)
- https://technet.microsoft.com/library/security/MS15-089
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-090 - Important
Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716)
- https://technet.microsoft.com/library/security/MS15-090
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-091 - Critical
Cumulative Security Update for Microsoft Edge (3084525)
- https://technet.microsoft.com/library/security/MS15-091
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS15-092 - Important
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251)
- https://technet.microsoft.com/library/security/MS15-092
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework
___

- http://blogs.technet.com/b/msrc/archive/2015/08/11/august-2015-security-update-release-summary.aspx
11 Aug 2015 - "Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released..."

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- https://technet.microsoft.com/library/security/2755801.aspx
V46.0 (August 11, 2015): Added the 3087916 update...
> https://support.microsoft.com/en-us/kb/3087916
Last Review: 08/13/2015 21:39:00 - Rev: 2.0 - "Known issues with this security update: After you install this security update on a computer that is running Windows 8.1 or Windows Server 2012 R2, you may receive an error message that resembles any of the following:
Adobe Flash Player - An ActionScript error has occurred.
Microsoft is researching this problem and will post more information in this article when the information becomes available..."

> http://blogs.cisco.com/security/talos/ms-tuesday-aug-2015
Aug 11, 2015 - "Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of -14- bulletins released which address -58- CVEs..."
___

MS SRD note: MS15-085 / CVE-2015-1769
- http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspx
11 Aug 2015
___

August 2015 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2015/08/11/august-2015-office-update-release.aspx
11 Aug 2015 - "... There are -34- security updates (3 bulletins) and -32- non-security updates..."
MS15-080 - http://technet.microsoft.com/security/ms15-080
MS15-081 - http://technet.microsoft.com/security/ms15-081
MS15-084 - http://technet.microsoft.com/security/ms15-084 ..."
___

MS15-079 - http://www.securitytracker.com/id/1033237
MS15-080 - http://www.securitytracker.com/id/1033238
MS15-081 - http://www.securitytracker.com/id/1033239
MS15-082 - http://www.securitytracker.com/id/1033242
MS15-083 - http://www.securitytracker.com/id/1033243
MS15-084 - http://www.securitytracker.com/id/1033241
MS15-085 - http://www.securitytracker.com/id/1033244
MS15-086 - http://www.securitytracker.com/id/1033245
MS15-087 - http://www.securitytracker.com/id/1033246
MS15-088 - http://www.securitytracker.com/id/1033248
MS15-089 - http://www.securitytracker.com/id/1033249
MS15-090 - http://www.securitytracker.com/id/1033251
MS15-091 - http://www.securitytracker.com/id/1033240
MS15-092 - http://www.securitytracker.com/id/1033253
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=20023
2015-08-11

.

FYI...

Windows/Office patching ...
- http://windowssecrets.com/patch-watch/no-summer-break-from-windowsoffice-patching/
Aug 12, 2015 - "Although it’s the first Patch Tuesday of the Windows 10 era, little has changed — we’re still getting lots of updates, many of which require reboots.
For Win10, most of the separate updates are for Office; the OS updates now come in one big bundle. Win10 imposes a new limitation: updates can be delayed only if you’re using Windows Server Update Services (more info*) on a network.
* https://technet.microsoft.com/en-us/windowsserver/bb332157.aspx
For Windows 7 and 8 users, it’s patching business-as-usual. Fortunately, relatively few of the following updates are critical.
MS15-091(3081436): Windows 10 gets its first Patch Tuesday: Windows 10 has -changed- the updating rules — not for vulnerabilities but for how you receive updates. For example, KB 3081436 is listed as a -critical- security update for the new Microsoft Edge browser.
But the update’s fine print notes that it’s cumulative — i.e., it also includes -all- the August security and nonsecurity fixes for Windows 10. (Win7 and Win8 users will see many of these fixes as -separate- patches.) Along with the -Edge- patch, this update also contains the following patches...
MS15-079 – Internet Explorer
MS15-080 – Microsoft Graphics Component
MS15-085 – Windows Mount Manager
MS15-088 – Command-line parameter passing
MS15-092 – .NET
KB 3081436 is, in fact, -not- Win10’s first cumulative update. Microsoft released KB 3081424 on Aug. 5. Unfortunately, some systems -choked- on KB 3081424**. A WindowsIT Pro article*** described a workaround, but it -required- a Registry hack. If you ran into problems with the Aug. 5 update, the better solution now is to -block- it via the “Show or hide updates” tool offered in KB 3073930[4].
- What to do: For Windows 10, your only option is to choose -when- you’ll allow a reboot."
** https://support.microsoft.com/en-us/kb/3081424

*** http://windowsitpro.com/windows-10/fix-looping-windows-10-cumulative-update

4] https://support.microsoft.com/en-us/kb/3073930

:fear::fear:

FYI...

Cumulative update for Win 10: Aug 14, 2015
- https://support.microsoft.com/en-us/kb/3081438
Last Review: 08/14/2015 - Rev: 1.0
___

Win10's third cumulative update, KB 3081436, still prompts reboots and throws error 0x80070bc9
... It's the same bug all over again - and it looks like Windows 10 feature improvements will wait for October
- http://www.infoworld.com/article/2970927/microsoft-windows/third-cumulative-update-for-windows-10-kb-3081436-still-provoking-endless-reboots-throws-error-0x80.html
Aug 17, 2015 "... KB 3081424* on Aug. 5, KB 3081436** on Aug. 12, and KB 3081438 on Aug. 14. All of the KB articles say: 'This update includes improvements to enhance the functionality of Windows 10'..."
(More detail at the infoworld URL above.)

* https://support.microsoft.com/en-us/kb/3081424
Last Review: 08/05/2015 - Rev: 3.1
Applies to: Windows 10

** https://support.microsoft.com/en-us/kb/3081436
Last Review: 08/11/2015 - Rev: 2.0
Applies to: Windows 10

:fear:

FYI...

Microsoft Security Bulletin MS15-093 - Critical
Security Update for Internet Explorer (3088903)
- https://technet.microsoft.com/library/security/MS15-093
Aug 18, 2015 - "This security update resolves a vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. This security update is rated Critical for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers...
... prerequisites for update 3087985?
Yes. Customers running Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, or Internet Explorer 11 on Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows RT 8.1 must -first- install the 3078071 update released on August 11, 2015 before installing the 3087985 update."

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2502
Last revised: 08/19/2015 - "... as exploited in the wild in August 2015."
9.3 (HIGH)

- http://arstechnica.com/security/2015/08/microsoft-issues-emergency-patch-for-critical-ie-bug-under-active-exploit/
Aug 18, 2015 - "... CVE-2015-2502, as the remote code-execution flaw is indexed, can be exploited when vulnerable computers visit booby-trapped websites or possibly when they open malicious HTML-based e-mails. The bug involves the way IE stores objects in memory and results in an error that corrupts memory contents..."

- https://support.microsoft.com/en-gb/kb/3087985
Last Review: 08/18/2015 - Rev: 1.0

- https://support.microsoft.com/en-us/kb/3088903
Last Review: 08/18/2015 - Rev: 1.0
___

Cumulative update for Windows 10: August 18, 2015
- https://support.microsoft.com/en-us/kb/3081444
Last Review: 08/18/2015 - Rev: 1.0
___

- http://www.securitytracker.com/id/1033317
CVE Reference: CVE-2015-2502
Aug 18 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 7, 8, 9, 10, 11...
Solution: The vendor has issued a fix.
A patch matrix is available in the vendor advisory.
- https://technet.microsoft.com/library/security/ms15-093
___

- http://blogs.cisco.com/security/talos/ms15-093-oob
Aug 18, 2015 - "... As with most out of band releases, it has been reported that this attack is being exploited in the wild. Users should patch immediately..."

:fear::fear:

FYI...

Microsoft Security Bulletin MS15-080 - Critical
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
- https://technet.microsoft.com/library/security/ms15-080
Published: August 11, 2015 | Updated: August 21, 2015
V2.0 (August 21, 2015): "Updated bulletin to inform customers running Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 2, and Windows 7 Service Pack 1 that the 3078601 update on the Microsoft Download Center was -updated- on August 18, 2015. Microsoft recommends that customers who installed the 3078601 update via the Microsoft Download Center prior to August 18 -reinstall- the update to be fully protected from the vulnerabilities discussed in this bulletin. If you installed update 3078601 via Windows Update, Windows Update Catalog, or WSUS, no action is required."

:fear::sad:

FYI...

Cumulative Update for Win10: Aug 27, 2015
- https://support.microsoft.com/en-us/kb/3081448
Last Review: 08/27/2015 21:39:00 - Rev: 2.0
___

OOBE Update for Win10: Aug 27, 2015
- https://support.microsoft.com/en-us/kb/3081449
Last Review: 08/27/2015 21:35:00 - Rev: 2.0
___

Compatibility update for upgrading to Win10
- https://support.microsoft.com/en-us/kb/3081452
Last Review: 08/27/2015 21:33:00 - Rev: 2.0
Summary: This update makes improvements to ease the upgrade experience to Windows 10.
This update replaces KB3081441 ...
___

Windows freezes or applications freeze after you install security update 3076895* (MS15-084)
Hotfix Download Available
- https://support.microsoft.com/en-us/kb/3090303
Last Review: 08/28/2015 23:30:00 - Rev: 1.0
Applies to:
Windows 10
Windows Server 2012 R2 Datacenter
Windows Server 2012 R2 Standard
Windows Server 2012 R2 Essentials
Windows Server 2012 R2 Foundation
Windows 8.1 Enterprise
Windows 8.1 Pro
Windows 8.1
Windows RT 8.1
Windows Server 2012 Datacenter
Windows Server 2012 Standard
Windows Server 2012 Essentials
Windows Server 2012 Foundation
Windows 8 Enterprise
Windows 8 Pro
Windows 8
Windows RT
Windows Server 2008 R2 Service Pack 1
Windows 7 Service Pack 1
Windows Server 2008 Service Pack 2
Windows Vista Service Pack 2

* https://support.microsoft.com/en-us/kb/3076895
Last Review: 08/28/2015 23:45:00 - Rev: 2.0

- http://www.infoworld.com/article/2977466/microsoft-windows/windows-patch-ms15-084-kb-3076895-breaks-programs.html
Aug 31, 2015

:fear::fear:

FYI...

Win 7, 8, and 10 - all collecting user data for MS
Uncomfortable with Windows 10 slurping personal data? Too bad - MS rolls out similar snooping capabilities to Windows 7, Windows 8
- http://www.infoworld.com/article/2979054/windows-security/windows-7-8-10-now-all-collecting-user-data-for-microsoft.html
Sep 1, 2015 - "... Some users have opted to not upgrade to Windows 10 over privacy concerns. But three updates have -added- similar data collection capabilities to machines running Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1, and Windows Server 2008 R2 SP1... This monitoring is part of Microsoft’s Customer Experience Improvement Program (CEIP) and is designed to 'improve the products and features customers use most often and to help solve problems' Microsoft said..."

Update for customer experience and diagnostic telemetry
- https://support.microsoft.com/en-us/kb/3068708
Last Review: 06/18/2015 - Rev: 4.0

Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
- https://support.microsoft.com/en-us/kb/3075249
Last Review: 08/18/2015 - Rev: 1.0

Update for customer experience and diagnostic telemetry
- https://support.microsoft.com/en-us/kb/3080149
Last Review: 08/20/2015 - Rev: 3.0

"... If the updates have already been installed, they can be uninstalled via Control Panel by looking up the KB identifier for updates... Windows users who don’t want to be part of the collection program should have a clear and straightforward way to opt out, which doesn’t appear to exist at the moment. Attempts to contact Microsoft about this issue have not yet elicited a response."

:fear::fear:

FYI...

Highs and lows of Win10 patching
- http://windowssecrets.com/newsletter/sorting-through-the-changes-in-windows-licensing/#story6
Sep 2, 2015 - "Windows 10 has been out a bit over a month, and I’ve developed a love/hate relationship with its patching process. From -forced- driver updates to branch releases, the patching system feels as if it still needs tweaking and fixing. That love/hate feeling starts with Microsoft’s use of cumulative updates for the new OS. Currently, if you buy a new Win7 PC or install the operating system from scratch, you could spend -hours- adding dozens of updates. And the updates aren’t all added at once — you’ll have to work through a series of reboots and update downloads. On the other hand, each Win10 update — at least for now — includes both new and previous fixes. In other words, all released Win10 security and nonsecurity updates are rolled up into each new release. In theory, if you purchase or set up a new Win10 system six months from now, you’ll need only the most recent update to be fully patched. This new process should help give Win10 systems better protection from malware and cyber attackers. What’s annoying about Win10 patching is the thin documentation of what’s included in these releases. A Microsoft spokesperson confirmed this change in a statement to the Register*
* http://www.theregister.co.uk/2015/08/21/microsoft_will_explain_only_significant_windows_10_updates/
... the company will give details only when there are notable (by Microsoft’s measure) changes. More annoying is the loss of control over update installation on consumer systems — unless the machine is attached to a network/domain and the company is using Windows Server Update Services (more info**). I currently have several Win10 test machines up and running. One of the systems is at the office and attached to a domain. Another is at home and connected to a common peer-to-peer network. The office machine lets me install updates when I’m ready; the home system only lets me choose -when- to reboot."
** https://technet.microsoft.com/en-us/windowsserver/bb332157.aspx

:fear::fear:

FYI...

- https://technet.microsoft.com/en-us/library/security/ms15-sep
Sep 8, 2015 - "This bulletin summary lists security bulletins released for September 2015...
(Total of -12-)

Microsoft Security Bulletin MS15-094 - Critical
Cumulative Security Update for Internet Explorer (3089548)
- https://technet.microsoft.com/library/security/ms15-094
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-095 - Critical
Cumulative Security Update for Microsoft Edge (3089665)
- https://technet.microsoft.com/library/security/ms15-095
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS15-096 - Important
Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)
- https://technet.microsoft.com/library/security/ms15-096
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-097 - Critical
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656)
- https://technet.microsoft.com/library/security/ms15-097
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office, Microsoft Lync

Microsoft Security Bulletin MS15-098 - Critical
Vulnerabilities in Windows Journal Could Allow Remote Code Execution (3089669)
- https://technet.microsoft.com/library/security/ms15-098
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-099 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664)
- https://technet.microsoft.com/library/security/ms15-099
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft SharePoint Foundation

Microsoft Security Bulletin MS15-100 - Important
Vulnerability in Windows Media Center Could Allow Remote Code Execution (3087918)
- https://technet.microsoft.com/library/security/ms15-100
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-101 - Important
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)
- https://technet.microsoft.com/library/security/ms15-101
Important - Elevation of Privilege - Does not require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS15-102 - Important
Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (3089657)
- https://technet.microsoft.com/library/security/ms15-102
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-103 - Important
Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250)
- https://technet.microsoft.com/library/security/ms15-103
Important - Information Disclosure - May require restart - Microsoft Exchange Server

Microsoft Security Bulletin MS15-104 - Important
Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952)
- https://technet.microsoft.com/library/security/ms15-104
Important - Elevation of Privilege - Does not require restart - Skype for Business Server, Microsoft Lync Server

Microsoft Security Bulletin MS15-105 - Important
Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass (3091287)
- https://technet.microsoft.com/library/security/ms15-105
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/archive/2015/09/08/september-2015-security-update-release-summary.aspx
8 Sep 2015

Microsoft Security Advisory 3083992
Update to Improve AppLocker Publisher Rule Enforcement
- https://technet.microsoft.com/library/security/3083992.aspx
Sep 8, 2015 - "... a defense-in-depth update that improves the enforcement of publisher rules by Windows AppLocker in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The improvement is part of ongoing efforts to bolster the effectiveness of AppLocker controls in Windows..."
___

September 2015 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2015/09/08/september-2015-office-update-release.aspx
8 Sep 2015 - "... There are 15 security updates (2 bulletins) and 41 non-security updates..."

> http://technet.microsoft.com/security/ms15-097

> http://technet.microsoft.com/security/ms15-099
___

MS15-094: http://www.securitytracker.com/id/1033487
MS15-095: http://www.securitytracker.com/id/1033491
MS15-096: http://www.securitytracker.com/id/1033492
MS15-097: http://www.securitytracker.com/id/1033485
- http://www.securitytracker.com/id/1033500
- http://www.securitytracker.com/id/1033501
MS15-098: http://www.securitytracker.com/id/1033484
MS15-099: http://www.securitytracker.com/id/1033488
-http://www.securitytracker.com/id/1033489
MS15-100: http://www.securitytracker.com/id/1033499
MS15-101: http://www.securitytracker.com/id/1033493
MS15-102: http://www.securitytracker.com/id/1033494
MS15-103: http://www.securitytracker.com/id/1033495
MS15-104: http://www.securitytracker.com/id/1033497
MS15-105: http://www.securitytracker.com/id/1033496
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=20129
Last Updated: 2015-09-08

.

FYI...

MS15-097: Description of the security update for the graphics component in Windows
- https://support.microsoft.com/en-us/kb/3086255
Last Review: 09/08/2015 17:38:00 - Rev: 2.0
"... Known issues in this security update:
After you install this security update, some programs may not run. (For example, some video games may not run.) To work around this issue, you can temporarily turn on the service for the secdrv.sys driver by running certain commands, or by editing the registry.
Note: When you no longer require the service to be running, we recommend that you turn off the service again.
Warning: This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk..."

:confused:

FYI...

Software Update Services and Windows Server Update Services changes in content for 2015
- https://support.microsoft.com/en-us/kb/894199
Last Review: 09/15/2015 22:18:00 - Revision: 195.0
___

September 2015 Quarterly Exchange Updates
- http://blogs.technet.com/b/exchange/archive/2015/09/15/released-september-2015-quarterly-exchange-updates.aspx
15 Sep 2015
___

Cumulative update for Windows 10
- https://support.microsoft.com/en-us/kb/3095020
Last Review: 09/15/2015 20:34:00 - Rev: 1.0

:fear::fear:

FYI...

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: Sep 21, 2015 - "... Microsoft released an update (3087040) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT; Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10; and Microsoft Edge on Windows 10. The update addresses the vulnerabilities described in Adobe Security bulletin APSB15-23. For more information about this update, including download links, see Microsoft Knowledge Base Article 3087040*."
* https://support.microsoft.com/en-us/kb/3087040
Last Review: 09/21/2015 17:08:00 - Rev: 1.0

:fear:

FYI...

September 2015 servicing stack update for Windows 8 and Windows Server 2012
- https://support.microsoft.com/en-us/kb/3096053
Last Review: 09/23/2015 04:37:00 - Rev: 3.0
"Issues that are fixed in this update:
- This update fixes an issue in which you may not be able to install Security update 3069114 because of corruption that occurs during the installation. After you install update 3096053, update 3069114 can be installed successfully.
- Note: When you install update 3096053, there is a brief delay before the installation is finished. You should wait several minutes to make sure that update 3096053 is fully installed before you try to install update 3069114."

MS15-098: Description of the security update for Windows Journal: September 8, 2015
- https://support.microsoft.com/en-us/kb/3069114
Last Review: 09/08/2015 17:32:00 - Rev: 1.0
(See "Applies to...")

:fear:

FYI...

Microsoft Security Advisory 3097966
Inadvertently Disclosed Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/library/security/3097966
Sep 24, 2015 - "Microsoft is aware of four digital certificates that were inadvertently disclosed by D-Link Corporation that could be used in attempts to spoof content. The disclosed end-entity certificates cannot be used to issue other certificates or impersonate other domains, but could be used to sign code. This issue affects all supported releases of Microsoft Windows. To help protect customers from potentially fraudulent use of the certificates, Microsoft has modified the Certificate Trust List (CTL) to remove trust for the four certificates. Furthermore, the respective issuing certificate authorities have revoked the certificates...
Recommendation: Please see the Suggested Actions section of this advisory for instructions on applying an update for specific releases of Microsoft Windows...
Suggested Actions: Apply the update for supported releases of Microsoft Windows.
An automatic updater of revoked certificates is included in supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, and Windows 10 and for devices running Windows Phone 8 and Windows Phone 8.1. For these operating systems or devices, customers do not need to take any action, because the CTL will be updated automatically. For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 that are using the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070* for details), customers do not need to take any action, because these systems will be automatically protected..."
* https://support.microsoft.com/en-us/kb/2677070
Last Review: 02/17/2014 Rev: 6.0

:fear:

FYI...

Mistakenly-deployed test patch leads to suspicious Windows update
- https://isc.sans.edu/diary.html?storyid=20201
2015-09-30 - "Earlier today, various sources reported a highly-suspicious Windows update. According to Ars Technica, a Microsoft spokesperson stated the company had incorrectly published a test update and is in the process of removing it [1]. The update is no longer available, and ZDNet has confirmed this was a test update "gone errant" [2]:
> https://isc.sans.edu/diaryimages/images/2015-09-30-ISC-diary-image-01.jpg
Shown above: A screenshot someone posted on a Microsoft community forum [3]
Thanks to everyone who notified us at the ISC. See the references below for further information."
1] http://arstechnica.com/security/2015/09/nerves-rattled-by-highly-suspicious-windows-update-delivered-worldwide/

2] http://www.zdnet.com/article/microsoft-accidentally-issued-a-test-windows-update-patch/

3] https://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-7-update-appears-to-be-compromised/e96a0834-a9e9-4f03-a187-bef8ee62725e?auth=1

:fear::fear:

FYI...

Cumulative update for Windows 10: September 30, 2015
- https://support.microsoft.com/en-us/kb/3093266
Last Review: 09/30/2015 18:36:00 - Rev: 1.0

- http://www.infoworld.com/article/2988162/microsoft-windows/windows-10-cumulative-update-7-kb-3093266-hit-by-recurring-update-failures.html
Oct 1, 2015

:fear::fear:

FYI...

MS KB's that may involve Win8.1 and Win7 Privacy issues:

MS snooping?
- http://windowssecrets.com/top-story/attempting-to-answer-whether-ms-is-snooping/
Oct 1, 2015 - See "Windows telemetry service" and "Diagnostic Tracking Service".
___

Update that adds telemetry points to consent.exe in Win8.1 and Win7
- https://support.microsoft.com/en-us/kb/3075249
3075249 - Last Review: 08/18/2015 - Rev: 1.0
See "Applies to: ..."
___

Update for customer experience and diagnostic telemetry
- https://support.microsoft.com/en-us/kb/3080149
Last Review: 09/11/2015 - Rev: 5.0
See "Applies to: ..."
___

Update for customer experience and diagnostic telemetry
- https://support.microsoft.com/en-us/kb/3068708
Last Review: 09/11/2015 - Rev: 6.0
See "Applies to: ..."
___

Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
- https://support.microsoft.com/en-us/kb/3035583
Last Review: 10/05/2015 16:45:00 - Rev: 6.0

Compatibility update for upgrading Windows 7
- https://support.microsoft.com/en-us/kb/2952664
Last Review: 10/06/2015 16:38:00 - Rev: 15.0
Applies to: Windows 7 SP1

- http://www.infoworld.com/article/2989896/microsoft-windows/windows-snooping-and-nagging-patches-return-kb-3035583-kb-2952664.html
Oct 6, 2015
___

Other update examples could include ...
- https://technet.microsoft.com/en-us/library/security/3083992
- https://technet.microsoft.com/en-us/library/security/3042058
- https://technet.microsoft.com/en-us/library/security/3033929
- https://technet.microsoft.com/en-us/library/security/3004375
- https://support.microsoft.com/kb/3080079
- https://support.microsoft.com/kb/2574819
___

GWX Control Panel (formerly GWX Stopper) to Permanently Remove the 'Get Windows 10' Icon:
- http://blog.ultimateoutsider.com/2015/08/using-gwx-stopper-to-permanently-remove.html

:fear::fear:

FYI...

- https://technet.microsoft.com/en-us/library/security/ms15-oct
Oct 12, 2015 - "This bulletin summary lists security bulletins released for October 2015..."
(Total of -6-)

Microsoft Security Bulletin MS15-106 - Critical
Cumulative Security Update for Internet Explorer (3096441)
- https://technet.microsoft.com/library/security/MS15-106
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-107 - Important
Cumulative Security Update for Microsoft Edge (3096448)
- https://technet.microsoft.com/library/security/MS15-107
Important - Information Disclosure - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS15-108 - Critical
Security Update for JScript and VBScript to Address Remote Code Execution (3089659)
- https://technet.microsoft.com/en-us/library/security/MS15-108
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-109 - Critical
Security Update for Windows Shell to Address Remote Code Execution (3096443)
- https://technet.microsoft.com/library/security/MS15-109
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-110 - Important
Security Updates for Microsoft Office to Address Remote Code Execution (3096440)
- https://technet.microsoft.com/library/security/MS15-110
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Server Software

Microsoft Security Bulletin MS15-111 - Important
Security Update for Windows Kernel to Address Elevation of Privilege (3096447)
- https://technet.microsoft.com/library/security/MS15-111
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/archive/2015/10/13/october-2015-security-update-release-summary.aspx
13 Oct 2015 - "Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released..."

Security Advisories:

Microsoft Security Advisory 3097966
Inadvertently Disclosed Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/library/security/3097966.aspx
Published: September 24, 2015 | Updated: October 13, 2015 / Ver: 2.0
> See: "Known Issues": https://support.microsoft.com/en-us/kb/3097966
[Dlink network adapter]

Microsoft Security Advisory 3042058
Update to Default Cipher Suite Priority Order
- https://technet.microsoft.com/library/security/3042058.aspx
Published: May 12, 2015 | Updated: October 13, 2015 / Ver: 1.1

Microsoft Security Advisory 2960358
Update for Disabling RC4 in .NET TLS
- https://technet.microsoft.com/library/security/2960358
Published: May 13, 2014 | Updated: October 13, 2015 / Ver: 2.0

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe -Flash- Player in Internet Explorer and Microsoft Edge
- https://technet.microsoft.com/library/security/2755801.aspx
Updated: October 13, 2015 / Ver: 48.0
___

October 2015 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2015/10/13/october-2015-office-update-release.aspx
13 Oct 2015 - "... There are 22 security updates (4 bulletins) and 55 non-security updates..."
___

MS15-106: http://www.securitytracker.com/id/1033800
MS15-107: http://www.securitytracker.com/id/1033802
MS15-108: http://www.securitytracker.com/id/1033801
MS15-109: http://www.securitytracker.com/id/1033799
MS15-110: http://www.securitytracker.com/id/1033803
- http://www.securitytracker.com/id/1033804
MS15-111: http://www.securitytracker.com/id/1033805
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=20245
Last Updated: 2015-10-13

.

FYI... Windows Update Client Win7, Win8.1 - Updated MS15-046, MS15-081, MS15-099...

Windows Update Client for Windows 7 and Windows Server 2008 R2: October 2015
- https://support.microsoft.com/en-us/kb/3083710
Last Review: 10/13/2015 18:31:00 - Rev: 2.0
Applies to:
Windows Server 2008 R2 Service Pack 1
Windows 7 Service Pack 1
Windows Embedded Standard 7 Service Pack 1
___

Windows Update Client for Windows 8.1 and Windows Server 2012 R2: October 2015
- https://support.microsoft.com/en-us/kb/3083711
Last Review: 10/13/2015 18:33:00 - Rev: 2.0
Applies to:
Windows Server 2012 R2 Datacenter
Windows Server 2012 R2 Standard
Windows Server 2012 R2 Essentials
Windows Server 2012 R2 Foundation
Windows 8.1 Enterprise
Windows 8.1 Pro
Windows 8.1
Windows RT 8.1
___

Microsoft Security Bulletin MS15-046 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181)
- https://technet.microsoft.com/en-us/library/security/ms15-046.aspx
Published: May 12, 2015 | Updated: October 13, 2015
V4.0 (October 13, 2015): Revised bulletin to announce the availability of a new update (3085544) for Microsoft Office 2007 that addresses issues with the previously-released update (2965282). Customers running Microsoft Office 2007 are encouraged to install update 3085544 at the earliest opportunity to be fully protected from the vulnerability discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3085544* for more information and download links.
* https://support.microsoft.com/en-us/kb/3085544

Microsoft Security Bulletin MS15-081 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)
- https://technet.microsoft.com/en-us/library/security/ms15-081.aspx
Published: August 11, 2015 | Updated: October 13, 2015
V3.0 (October 13, 2015): Revised bulletin to announce the availability of update packages for Microsoft Office 2016, Microsoft Visio 2016, and Microsoft Word 2016. Customers running Microsoft Office 2016, Microsoft Visio 2016, or Microsoft Word 2016 should apply the applicable updates to be protected from the vulnerabilities discussed in this bulletin. The majority of customers have automatic updating enabled and will not need to take any action because the updates will be downloaded and installed automatically.

Microsoft Security Bulletin MS15-099 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664)
- https://technet.microsoft.com/en-us/library/security/ms15-099.aspx
Published: September 8, 2015 | Updated: October 13, 2015
V4.0 (October 13, 2015): Revised bulletin to announce the availability of an update package for Microsoft Excel 2016. Customers running Microsoft Excel 2016 should apply update 2920693 to be protected from the vulnerabilities discussed in this bulletin. The majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically.
___

>> https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/10/13/patch-tuesday-october-2015
Oct 13, 2015
___

Compatibility update for upgrading to Windows 10: October 14, 2015
- https://support.microsoft.com/en-us/kb/3097626
Last Review: 10/14/2015 16:34:00 - Rev: 2.0

:fear::fear:

FYI...

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: Oct 19, 2015 - Ver: 49.0 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10; the update is also available for Adobe Flash Player in Microsoft Edge on all supported editions of Windows 10. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge...
On October 19, 2015, Microsoft released an update (3105216) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT; Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10; and Microsoft Edge on Windows 10. The update addresses the vulnerabilities described in Adobe Security bulletin APSB15-27*. For more information about this update, including download links, see Microsoft Knowledge Base Article 3105216**...
* https://helpx.adobe.com/security/products/flash-player/apsb15-27.html
Oct 16, 2015
** https://support.microsoft.com/en-us/kb/3105216
Last Review: 10/19/2015 21:09:00 - Rev: 1.0

:fear:

FYI... Win10 'Nagware'

Update installs 'Get Windows 10 app' in Windows 8.1 and Windows 7 SP1
- https://support.microsoft.com/en-us/kb/3035583
Last Review: 10/05/2015 16:45:00 - Rev: 6.0
___

Nagware KB 3035583 is marked 'Important' on some PCs and will thus install on Automatic Update
- http://www.infoworld.com/article/2989896/microsoft-windows/windows-snooping-and-nagging-patches-return-kb-3035583-kb-2952664.html
Oct 6, 2015

Disable Windows 10 upgrade 'nagware' on Windows 7, Windows 8.1 computers
- http://www.infoworld.com/article/2993131/microsoft-windows/disable-windows-10-upgrade-nagware-on-windows-7-windows-81-computers.html
Oct 14, 2015

Microsoft says that the optional update was enabled by mistake
>> http://arstechnica.com/information-technology/2015/10/windows-10-upgrade-installing-automatically-on-some-windows-7-8-systems/
Oct 15, 2015

"HIDE 'UPDATE'" ?

:fear::fear::fear:

FYI...

Win10 System Center Configuration Manager
- http://blogs.technet.com/b/configmgrteam/archive/2015/10/27/system-center-configmgr-support-for-win-10-and-intune.aspx
27 Oct 2015 - "... Windows 10 comes in two basic flavors: (1) a Current Branch (also known as Windows-as-a-Service) and (2) the Long-Term Servicing Branch with a more traditional support model. The Current Branch also has the option of Current Branch for Business, which is the same build as the Current Branch, just deferred to a later date to give you time to further validate in your environment. If this is all news to you, stop reading and click here* for more information and guidance. Then come on back when you are ready.
* https://technet.microsoft.com/en-us/library/mt598226%28v=vs.85%29.aspx
... we will release a -new- version of Configuration Manager by the end of this calendar year. This -new- version will bring -full- support for the deployment, upgrade, and management of Windows 10. The new System Center Configuration Manager, as it will simply be called, is designed to support the much faster pace of updates for Windows 10 and Microsoft Intune. This -new- version will also simplify the Configuration Manager upgrade experience itself, and allow us to listen and more quickly respond to your feedback...
'In Summary: Planning and Guidance'..." (see the chart there).

:fear::fear:

FYI...

Installing and searching for updates is slow and high CPU usage occurs in Win7 and Win Server 2008 R2
- https://support.microsoft.com/en-us/kb/3102810
Last Review: 11/04/2015 03:09:00 - Rev: 2.0
Applies to:
Windows Server 2008 R2 Service Pack 1
Windows 7 Service Pack 1

Also:
Installing and searching for updates is slow and high CPU usage occurs in Win8.1 and Win Server 2012 R2
- https://support.microsoft.com/en-us/kb/3102812
Last Review: 11/04/2015 03:09:00 - Rev 2.0

Hmmm... :blink:

:fear::fear:

FYI...

- https://technet.microsoft.com/en-us/library/security/ms15-nov
Nov 10, 2015 - "This bulletin summary lists security bulletins released for November 2015...
(Total of -12-)

Microsoft Security Bulletin MS15-112 - Critical
Cumulative Security Update for Internet Explorer (3104517)
- https://technet.microsoft.com/library/security/MS15-112
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-113 - Critical
Cumulative Security Update for Microsoft Edge (3104519)
- https://technet.microsoft.com/library/security/MS15-113
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS15-114 - Critical
Security Update for Windows Journal to Address Remote Code Execution (3100213)
- https://technet.microsoft.com/library/security/MS15-114
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-115 - Critical
Security Update for Microsoft Windows to Address Remote Code Execution (3105864)
- https://technet.microsoft.com/library/security/MS15-115
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-116 - Important
Security Update for Microsoft Office to Address Remote Code Execution (3104540)
- https://technet.microsoft.com/library/security/MS15-116
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Lync, Skype for Business

Microsoft Security Bulletin MS15-117 - Important
Security Update for NDIS to Address Elevation of Privilege (3101722)
- https://technet.microsoft.com/library/security/MS15-117
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-118 - Important
Security Update for .NET Framework to Address Elevation of Privilege
- https://technet.microsoft.com/library/security/MS15-118
Important - Elevation of Privilege - Does not require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS15-119 - Important
Security Update for Winsock to Address Elevation of Privilege (3104521)
- https://technet.microsoft.com/library/security/MS15-119
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-120 - Important
Security Update for IPSec to Address Denial of Service (3102939)
- https://technet.microsoft.com/library/security/MS15-120
Important - Denial of Service - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-121 - Important
Security Update for Schannel to Address Spoofing (3081320)
- https://technet.microsoft.com/library/security/MS15-121
Important - Spoofing - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-122 - Important
Security Update for Kerberos to Address Security Feature Bypass (3105256)
- https://technet.microsoft.com/library/security/MS15-122
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-123 - Important
Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872)
- https://technet.microsoft.com/library/security/MS15-123
Important - Information Disclosure - May require restart - Microsoft Lync, Skype for Business
___

MS15-112: http://www.securitytracker.com/id/1034112
MS15-113: http://www.securitytracker.com/id/1034113
MS15-114: http://www.securitytracker.com/id/1034110
MS15-115: http://www.securitytracker.com/id/1034114
MS15-116: http://www.securitytracker.com/id/1034117
- http://www.securitytracker.com/id/1034119
- http://www.securitytracker.com/id/1034122
MS15-117: http://www.securitytracker.com/id/1034115
MS15-118: http://www.securitytracker.com/id/1034116
MS15-119: http://www.securitytracker.com/id/1034121
MS15-120: http://www.securitytracker.com/id/1034123
MS15-121: http://www.securitytracker.com/id/1034124
MS15-122: http://www.securitytracker.com/id/1034125
MS15-123: http://www.securitytracker.com/id/1034126
- http://www.securitytracker.com/id/1034127
___

- http://blogs.technet.com/b/msrc/archive/2015/11/10/november-2015-security-update-release-summary.aspx
10 Nov 2015 - "Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released..."

Security Advisories:
Microsoft Security Advisory 3108638
Update for Windows Hyper-V to Address CPU Weakness
- https://technet.microsoft.com/library/security/3108638.aspx
Nov 10, 2015

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- https://technet.microsoft.com/library/security/2755801.aspx
Nov 10, 2015 V50.0
___

Nov 2015 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2015/11/10/november-2015-office-update-release.aspx
10 Nov 2015 - "... there are -60- security updates (2 bulletins) and 39 non-security updates..."
MS15-099 (updated): https://technet.microsoft.com/en-us/library/security/MS15-099
MS15-116: https://technet.microsoft.com/en-us/library/security/MS15-116
"... All of the security and non-security updates for November are listed in KB article 3108456..."
> https://support.microsoft.com/en-us/kb/3108456
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=20359
2015-11-10 18:05:54 UTC

.

FYI...

MS15-115 -KB3097877 causing severe difficulties for some Win7 users
- http://myonlinesecurity.co.uk/kb3097877-causing-severe-difficulties-for-some-windows-7-users-november-2015-windows-updates/
11 Nov 2015 - "KB3097877 causing severe difficulties for some Windows 7 users November 2015 Windows updates. We are seeing numerous reports from Windows 7 users about difficulties logging on to windows after doing the November 2015 patch Tuesday updates. We are also hearing about crashes in Outlook 2010 and 2013 when viewing HTML emails.
We also are hearing about crashes in gadgets in windows sidebar on Windows 7 computers. Gadgets have been deprecated and are not recommended for use any longer due to security issues...
All the problems appear to be caused by KB3097877 which is part of a vital security update included in MS15-115. This update is a security update that updates Win32k.sys and Gdiplus.dll to help prevent a remote code execution if an attacker convinces a user to open a specially crafted document or to go to an untrusted webpage that contains embedded fonts.
Best advice we can give at the moment is NOT to install KB3097877 on any Windows7 computer until Microsoft have investigated and issued a workaround or revised patch. If you are suffering from Crashes in Outlook, then -uninstall- KB3097877..."

MS15-115: https://support.microsoft.com/en-us/kb/3097877
Last Review: 11/10/2015 18:28:00 - Rev: 1.0
___

>> https://social.technet.microsoft.com/Forums/en-US/482486ba-a378-4dcd-bd21-08ae19760b93/crashes-since-111115-updates-in-both-outlook-2010-and-2013-when-viewing-html-emails?forum=officeitproprevious

>> http://www.infoworld.com/article/3004519/microsoft-windows/kb-3097877crashes-outlook-causes-network-sign-in-black-screens.html
Nov 11, 2015

:fear::fear:

FYI...

MS15-115 / re-released ...
- https://technet.microsoft.com/library/security/MS15-115
V2.0 (November 11, 2015): Bulletin revised to inform customers running Windows 7 that the 3097877 update has been re-released to address an issue that caused crashes for some customers when they viewed certain emails. Customers who previously installed update 3097877 should -reinstall- the update to correct this known issue. See Microsoft Knowledge Base Article 3097877* for more information.

* https://support.microsoft.com/en-us/kb/3097877
Last Review: 11/11/2015 22:26:00 - Rev: 2.0 - "... Issues in this security update: We are aware of reports of crashes in all supported versions of Microsoft Outlook that occur when users are reading certain emails after this update is installed..."

:fear::fear:

FYI...

MS15-115 / re-released ...
- https://technet.microsoft.com/library/security/MS15-115
V2.0 (November 12, 2015): Bulletin revised to inform customers that the 3097877* update for Windows 7 and Windows Server 2008 R2 has been rereleased to correct a problem with the original update that could cause some applications to quit unexpectedly. Customers who have already successfully installed the update on Windows 7 or Windows Server 2008 R2 systems should reinstall the update.

* https://support.microsoft.com/en-us/kb/3097877
Last Review: 11/12/2015 19:00:00 - Rev: 5.0
___

- https://support.microsoft.com/en-us/kb/3097877
Last Review: 11/13/2015 02:21:00 - Rev: 8.0 <<
___

MS15-112 - File is "moved or deleted" or "cannot be found" error when you download PDF files in Internet Explorer 11 in Windows
- https://support.microsoft.com/en-us/kb/3110711
Last Review: 11/13/2015 07:25:00 - Rev: 3.0 <
"Prerequisites... you must install MS15-112: Security update for Internet Explorer: November 10, 2015 before you install this hotfix..."

:fear::fear:

FYI...

Win10 upgrade woes include deleted apps, system hangs
The rollout of Windows 10 version 1511 has hit a few bumps, but we have solutions
- http://www.infoworld.com/article/3005044/microsoft-windows/windows-10-upgrade-woes-include-deleted-apps-system-hangs.html
Nov 13, 2015

:fear::fear:

FYI...

Microsoft Security Bulletin MS15-115 - Critical
- https://technet.microsoft.com/library/security/MS15-115

- https://support.microsoft.com/en-us/kb/3097877
Last Review: 11/18/2015 18:50:00 - Rev: 9.0

:fear::fear::fear:

FYI...

MS pulls Win10 v 1511 Threshold 2 release from download page
- http://www.infoworld.com/article/3007410/microsoft-windows/microsoft-pulls-windows-10-v-1511-threshold-2-release-from-download-page.html
Nov 23, 2015 - "... If you have a copy of the v 1511 ISO running around - you might've created it with the Media Creation Tool prior to last weekend, or you can still download it from MSDN - you can still upgrade straight to 1511. But if you don't have one in your back pocket, you get to upgrade twice. Why do I get the feeling that Microsoft is making this up as it goes along?"

:fear: :sad:

FYI...

Beware, latest Win10 Update may remove programs automatically
- http://www.ghacks.net/2015/11/24/beware-latest-windows-10-update-may-remove-programs-automatically/
Nov 24, 2015 - "Microsoft's Windows 10 operating system may uninstall programs - desktop programs that is - from the computer after installation of the big Fall update that the company released earlier this month. I noticed the issue on one PC that I upgraded to Windows 10 Version 1511 but not on other machines. The affected PC had Speccy*, a hardware information program, installed and Windows 10 notified me after the upgrade that the software had been -removed- from the system because of incompatibilities. There was no indication beforehand that something like this would happen, and what made this rather puzzling was the fact that a newly downloaded copy of Speccy would install and run fine on the upgraded system. According to reports on the Internet**, Speccy is not the only program affected by this. Others report that programs like CPU-Z, AMD Catalyst Control Center or CPUID were removed as well during the upgrade... While this could very well be a bug that slipped by Microsoft's quality control, it is a serious issue not only because of the removal itself, but also when it comes to the future of the operating system. The removal itself is bad enough. First, Microsoft should have the decency to inform users about the issue before the software is removed. Either do a check prior to running the upgrade or afterwards. Then, all reports indicate that the forcefully uninstalled software would install and run fine on the system without issues. This makes it more likely that a bug caused the issue and that it was not a deliberate action programmed into the update. The outlook is even worse. Who in their right mind would install an operating system that might remove installed software - maybe even paid for software or critical software - without user interaction or consent, especially if it turns out later that the software works just fine on the system? Windows 10 users give up control and since there is no way of telling if software will be removed after a Windows update, should consider backing up the system regularly before system updates so that it can be restored to an earlier stage if important software was removed by the update..."
* https://www.piriform.com/speccy

** https://www.reddit.com/r/Windows10/comments/3twg2m/windows_10_is_uninstalling_user_apps_without/

> https://www.reddit.com/r/Windows10/comments/3strsd/installed_the_fall_update_windows_10_decided_to/
___

Some settings may not have been retained when applying the November update (Version 1511)
- https://support.microsoft.com/en-us/kb/3121244
Last Review: 11/24/2015 22:01:00 - Rev: 1.0
Applies to: Windows 10
___

- http://windowssecrets.com/patch-watch/shopping-online-check-your-browsers-security/
Nov 26, 2015 - "... on Jan. 12, 2016, Microsoft is folding up the tent on Internet Explorer 7 and 8. After that date, only IE 9 on Vista, IE 10 on Windows Server 2012, and IE 11 on Windows 7 and 8.1 will get security updates. If you stick with an outdated version of IE, your vulnerability to malware will rise quickly..."
> http://blogs.msdn.com/b/ie/archive/2014/08/07/stay-up-to-date-with-internet-explorer.aspx

- http://www.computerworld.com/article/3010555/web-browsers/nearly-370m-ie-users-have-just-6-weeks-to-upgrade.html
Dec 1, 2015 - "Nearly 370 million Internet Explorer users have just six weeks to upgrade their browsers... The retired browsers will continue working, but Microsoft will halt technical support and -stop- serving security updates for the banned versions. According to data released by measurement vendor Net Applications, 44.8% of all IE users ran a soon-to-be-outdated edition of the browser... Companies that require older editions of IE to run Web apps or services can upgrade to IE11, then rely on that browser's 'Enterprise Mode' to mimic the older versions' rendering engines. Last week, Microsoft announced some enhancements to Enterprise Mode, including support for HTTP ports, and issued a kit that walks IT administrators through the chore of configuring Enterprise Mode. That kit can be downloaded from here*..."
* https://technet.microsoft.com/en-us/browser/mt612809

> https://technet.microsoft.com/en-us/browser/mt126196

:fear::fear::fear:

FYI...

KB 3112336 and KB 3112343 are all about Win10
- http://www.infoworld.com/article/3011040/microsoft-windows/windows-update-patches-kb-3112336-and-kb-3112343-are-all-about-windows-10.html
Dec 2, 2015 - "Yesterday Microsoft released two big updates for its Windows Update Client. Those of you using Windows 7 have KB 3112343, and those with Windows 8.1 get KB 3112336.
Both updates appear to grease the skids for in-place upgrading to Windows 10. Unfortunately, the documentation is so sparse it's impossible to tell if the patches offer anything at all to users who don't intend to upgrade to Windows 10..."

Windows Update Client for Windows 7 and Windows Server 2008 R2
- https://support.microsoft.com/en-us/kb/3112343
Last Review: 12/02/2015 03:30:00 - Revision: 3.0
Applies to:
Windows Server 2008 R2 Service Pack 1
Windows 7 Service Pack 1

Windows Update Client for Windows 8.1 and Windows Server 2012 R2
- https://support.microsoft.com/en-us/kb/3112336
Last Review: 12/02/2015 03:30:00 - Revision: 3.0
Applies to:
Windows Server 2012 R2 Datacenter
Windows Server 2012 R2 Standard
Windows Server 2012 R2 Essentials
Windows Server 2012 R2 Foundation
Windows 8.1 Enterprise
Windows 8.1 Pro
Windows 8.1
Windows RT 8.1
___

Windows 10 devices can't connect to an 802.1X environment
- https://support.microsoft.com/en-us/kb/3121002
Last Review: 11/25/2015 00:55:00 - Rev: 2.0
Applies to:
Windows 10

:fear::fear:

FYI...

Cumulative update KB 3116908 for Windows 10 version 1511 triggers errors
- http://www.infoworld.com/article/3011581/microsoft-windows/cumulative-update-kb-3116908-for-windows-10-version-1511-triggers-errors.html
Dec 3, 2015 - "The sun may still be rising in the United States, but other parts of the world are already struggling with the latest cumulative update for Windows 10 version 1511 (a.k.a. build 10586, Threshold 2, or the Fall Update). The official Microsoft explanation for this new patch, known as KB 3116908, just says:
'This update includes improvements to enhance the functionality of Windows 10 Version 1511'...
Of course, if your PC is still stuck on the July 29 RTM version of Windows 10 - build 10240 - you are -not- getting any recent cumulative updates... Here's how to check your PC to see if you're on the latest upgrade trail. Start with the About Windows dialog (see screenshot*), which you can get to by typing "winver" in the Cortana search box and pressing Enter:
* http://core0.staticworld.net/images/article/2015/12/wl-2015-12-01-build-10586-about-100631293-medium.idge.jpg
If you see "Version 10.0 (Build 10240)" on the second line, you're still running the original July 29 RTM version of Windows 10. There are many reasons why you might still be stuck on the original Win10. Perhaps the installer for version 1511 has repeatedly failed to run. Build 1511 also won't install if you upgraded from Win7 or 8.1 to Win10 fewer than 30 days previously and there's still a windows.old folder on your system. (If you aren't going to roll back to Win7 or 8.1, using an admin account, right-click on your c: drive and then choose Properties > Disk Cleanup > Clean up system files.) If you see "Version 1511 (OS Build 10586)," as in the screenshot, you have the first version of Threshold 2, which shipped on Nov. 12. Variously known as the Win10 Fall Update, November Update, Threshold 2, and other less-printable epithets, it's the version of Windows 10 that (in my opinion) should've been called Win 10.1 or Win10 SP1 or Win10 SU1... [released] just three weeks ago, Windows 10 version 1511 has gone through -several- major changes. Cumulative updates change the OS build number, and you can judge your PC's progress at installing those updates by looking at the build number... -Four- cumulative updates in three weeks, 230MB of changes with essentially no documentation... In addition, there have been several other updates to build 1511 whose exact functions have not been well documented..."

> https://support.microsoft.com/en-us/kb/3116908
Last Review: 12/03/2015 01:46:00 - Rev: 1.0

:fear::fear:

FYI...

MS update IE mandate - 1.12.2016 update ...
- http://windowssecrets.com/patch-watch/shopping-online-check-your-browsers-security/
Nov 26, 2015 - "... on Jan. 12, 2016, Microsoft is folding up the tent on Internet Explorer 7 and 8. After that date, only IE 9 on Vista, IE 10 on Windows Server 2012, and IE 11 on Windows 7 and 8.1 will get security updates. If you stick with an outdated version of IE, your vulnerability to malware will rise quickly..."
> http://blogs.msdn.com/b/ie/archive/2014/08/07/stay-up-to-date-with-internet-explorer.aspx

- http://www.computerworld.com/article/3010555/web-browsers/nearly-370m-ie-users-have-just-6-weeks-to-upgrade.html
Dec 1, 2015 - "Nearly 370 million Internet Explorer users have just six weeks to upgrade their browsers... The retired browsers will continue working, but Microsoft will halt technical support and -stop- serving security updates for the banned versions. According to data released by measurement vendor Net Applications, 44.8% of all IE users ran a soon-to-be-outdated edition of the browser... Companies that require older editions of IE to run Web apps or services can upgrade to IE11, then rely on that browser's 'Enterprise Mode' to mimic the older versions' rendering engines. Last week, Microsoft announced some enhancements to Enterprise Mode, including support for HTTP ports, and issued a kit that walks IT administrators through the chore of configuring Enterprise Mode. That kit can be downloaded from here*..."
* https://technet.microsoft.com/en-us/browser/mt612809

> https://technet.microsoft.com/en-us/browser/mt126196
___

IE11 for Win7...
> https://www.microsoft.com/en-us/download/internet-explorer-11-for-windows-7-details.aspx

:fear::fear:

FYI...

IE Sunset and XP Embedded End of Support
- https://isc.sans.edu/diary.html?storyid=20459
Last Updated: 2015-12-08 - "... Rumor has it that with today's patch Tuesday, Microsoft may re-enable the auto-upgrade to Windows 10. You may flip the switch back to not update, but it will set itself to "on" once a day..."

[1] https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support
[2] https://support.microsoft.com/en-us/lifecycle/search/default.aspx?=&alpha=Windows%20XP
​[3] http://www.computerworld.com/article/3012278/microsoft-windows/microsoft-sets-stage-for-massive-windows-10-upgrade-strategy.html

:fear::fear:

FYI...

- https://technet.microsoft.com/en-us/library/security/ms15-Dec
Dec 8, 2015 - "This bulletin summary lists security bulletins released for December 2015...
(Total of -12-)

Microsoft Security Bulletin MS15-124 - Critical
Cumulative Security Update for Internet Explorer (3116180)
- https://technet.microsoft.com/library/security/MS15-124
Critical - Remote Code Execution- Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-125 - Critical
Cumulative Security Update for Microsoft Edge (3116184)
- https://technet.microsoft.com/library/security/MS15-125
Critical - Remote Code Execution- Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS15-126 - Critical
Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178)
- https://technet.microsoft.com/library/security/MS15-126
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-127 - Critical
Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465)
- https://technet.microsoft.com/library/security/MS15-127
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-128 - Critical
Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503)
- https://technet.microsoft.com/library/security/MS15-128
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft .NET Framework, MS Office, Skype for Business, Microsoft Lync, Silverlight

Microsoft Security Bulletin MS15-129 - Critical
Security Update for Silverlight to Address Remote Code Execution (3106614)
- https://technet.microsoft.com/library/security/MS15-129
Critical - Remote Code Execution - Does not require a restart - Microsoft Silverlight

Microsoft Security Bulletin MS15-130 - Critical
Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670)
- https://technet.microsoft.com/library/security/MS15-130
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-131 - Critical
Security Update for Microsoft Office to Address Remote Code Execution (3116111)
- https://technet.microsoft.com/library/security/MS15-131
Critical - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-132 - Important
Security Update for Microsoft Windows to Address Remote Code Execution (3116162)
- https://technet.microsoft.com/library/security/MS15-132
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-133 - Important
Security Update for Windows PGM to Address Elevation of Privilege (3116130)
- https://technet.microsoft.com/library/security/MS15-133
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-134 - Important
Security Update for Windows Media Center to Address Remote Code Execution (3108669)
- https://technet.microsoft.com/library/security/MS15-134
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-135 - Important
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075)
- https://technet.microsoft.com/library/security/MS15-135
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

MS15-124: http://www.securitytracker.com/id/1034315
MS15-125: http://www.securitytracker.com/id/1034316
MS15-126: http://www.securitytracker.com/id/1034317
MS15-127: http://www.securitytracker.com/id/1034323
MS15-128: http://www.securitytracker.com/id/1034329
- http://www.securitytracker.com/id/1034330
- http://www.securitytracker.com/id/1034331
- http://www.securitytracker.com/id/1034332
- http://www.securitytracker.com/id/1034333
- http://www.securitytracker.com/id/1034336
MS15-129: http://www.securitytracker.com/id/1034321
MS15-130: http://www.securitytracker.com/id/1034337
MS15-131: http://www.securitytracker.com/id/1034324
- http://www.securitytracker.com/id/1034325
MS15-132: http://www.securitytracker.com/id/1034338
MS15-133: http://www.securitytracker.com/id/1034339
MS15-134: http://www.securitytracker.com/id/1034335
MS15-135: http://www.securitytracker.com/id/1034334
___

- http://blogs.technet.com/b/msrc/archive/2015/12/08/december-2015-security-update-release-summary.aspx
Dec 8, 2015 - "... we released security updates to provide additional protections against malicious attackers..."

Security Advisories (3):

Microsoft Security Advisory 3057154
Update to Harden Use of DES Encryption
- https://technet.microsoft.com/en-us/library/security/3057154
Published: July 14, 2015 | Updated: Dec 8, 2015

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- https://technet.microsoft.com/en-us/library/security/2755801
Version: 51.0

Microsoft Security Advisory 3123040
Inadvertently Disclosed Digital Certificate Could Allow Spoofing
- https://technet.microsoft.com/en-us/library/security/3123040
Dec 8, 2015
___

December 2015 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2015/12/08/december-2015-office-update-release.aspx
8 Dec 2015 - "... there are 19 security updates (2 bulletins) and 61 non-security updates..."
MS15-128: https://technet.microsoft.com/en-us/library/security/MS15-128

MS15-131: https://technet.microsoft.com/en-us/library/security/MS15-131
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=20461
Last Updated: 2015-12-08

.

FYI...

MS pulls botched patch KB 3114409 - triggered problems with Outlook 2010
- http://www.infoworld.com/article/3013219/microsoft-windows/microsoft-pulls-botched-patch-kb-3114409-that-triggered-problems-with-outlook-2010.html
Dec 9, 2015 - "... Patch Tuesday update KB 3114409, intended to help admins keep Outlook 2010 from starting in safe mode, has in fact done just the opposite. Many Outlook 2010 customers report that installing KB 3114409 forces Outlook to start in safe mode. As of early Wednesday morning, the patch has been pulled, but if you're experiencing odd problems with Outlook 2010 -- it opens in safe mode only (always opens maximized and has no sounds, no reading pane, or other view settings that stick), has broken templates, and much more -- you should look at the KB 3114409 article* for instructions on how to -remove- the patch..."
* https://support.microsoft.com/en-us/kb/3114409
Last Review: 12/09/2015 05:42:00 - Rev: 4.0
"Notice: After you install this update, Outlook 2010 may start only in safe mode. If this issue occurs, uninstall the update. This update is no longer available now."
___

- https://isc.sans.edu/forums/diary/December+2015+Microsoft+Patch+Tuesday/20461/
(17 Comments)

:fear::fear::fear:

FYI...

MS Security Bulletin MS15-124 - Critical
Cumulative Security Update for Internet Explorer (3116180)
- https://technet.microsoft.com/en-us/library/security/MS15-124
V1.1 (December 16, 2015): Bulletin revised to further clarify the steps users must take to be protected from the vulnerability described in CVE-2015-6161*. This bulletin, MS15-124, provides protections for this issue, but user action is required to enable them; the cumulative update for Internet Explorer does not enable the protections by default**. Before applying the protections, Microsoft recommends that customers perform testing appropriate to their environment and system configurations.
* https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6161

** https://technet.microsoft.com/en-us/library/security/MS15-124#Fix_6161

MS15-124: Vulnerability in Internet Explorer could lead to ASLR bypass: December 16, 2015
> https://support.microsoft.com/en-us/kb/3125869
Last Review: 12/16/2015 22:23:00 - Rev: 1.0
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
___

MS Security Bulletin MS15-125 - Critical
Cumulative Security Update for Microsoft Edge (3116184)
- https://technet.microsoft.com/en-us/library/security/MS15-125
V1.1 (December 16, 2015): Revised the vulnerability description for CVE-2015-6161 to more accurately describe the ASLR Bypass. This is an informational change only. Customers who have already successfully installed security update 3116869 or 3116900 do not need to take any action.
___

MS pushes Windows -nagware- patch KB 3035583 for sixth time
If you don’t want to install Windows 10 just yet, hide the patch - but run GWX Control Panel to be sure
- http://www.infoworld.com/article/3016033/microsoft-windows/enough-already-microsoft-pushes-windows-nagware-patch-kb-3035583-for-sixth-time.html
Dec 16, 2015 - "Last night Microsoft sent KB 3035583* down the Automatic Update chute. Again. The patch is listed as recommended, but -not- a security patch, for Windows 7 and 8.1 systems. Depending on your Windows Update settings... the patch will probably appear among your "Important" patches, and probably won't have its box checked. If that's what you see on your PC, KB 3035583 won't install unless you check the box and run Windows Update. As we've seen in the past, though, sometimes those unchecked patches suddenly get checked and Windows Update proceeds with the dirty deed. All the more reason to set Windows Update to "Notify but don't download." Your best bet right now, if you have Windows 7 or 8.1 and don't want to upgrade to Windows 10 just yet - remember, you have until July 28, 2016 to upgrade for free - is to cut KB 3035583 off at the knees. The easiest way to do that is by running GWX Control Panel**. Microsoft has provided no changelog, of course, and no indication what this version of Get Windows 10 does that's any different from the five previous versions..."
* https://support.microsoft.com/en-us/kb/3035583
Last Review: 12/15/2015 17:19:00 - Rev: 7.0
Applies to:
Windows 8.1 Pro
Windows 8.1
Windows 7 Service Pack 1

** http://ultimateoutsider.com/downloads/

:fear::fear:

FYI...

Update for Windows Live Essentials Mail 2012
- https://support.microsoft.com/en-us/kb/3093594
Last Review: 12/18/2015 09:38:00 - Rev: 3.0
"Known issues about this update:
- Issue 1: After you install this update (that was released before December 17, 2015), you may find that the program crashes soon after start.
- Solution: Microsoft has identified the cause and has released a fix that addresses the issue for affected users on applicable platforms. To fix this issue, install this update that's released on December 17, 2015.
- Issue 2: After you install this update that's released on December 17, 2015, you may experience mail sync issues.
- This issue occurs because of a server-side problem. Microsoft is researching this issue and will post more information in this article when the information becomes available."
___

- http://www.infoworld.com/article/3016851/microsoft-windows/microsoft-reissues-botched-windows-live-mail-2012-patch-kb-3093594.html
Dec 18, 2015

:fear::fear:

FYI...

MS15-124: Security update for Internet Explorer: December 8, 2015
- https://support.microsoft.com/en-us/kb/3104002
"... Known issues in this security update:
After you install this security update, some classic ASP applications may not work correctly. For example, you may be unable to upload image files by using classic ASP applications.
To resolve this issue, install hotfix 3125446. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
3125446 Classic ASP applications don't work correctly after security update 3104002 is installed in Windows..."
Last Review: 12/16/2015 22:53:00 - Rev: 3.0
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6161

- https://technet.microsoft.com/en-us/library/security/MS15-124#Fix_6161

MS15-124: Vulnerability in Internet Explorer could lead to ASLR bypass: December 16, 2015
- https://support.microsoft.com/en-us/kb/3125869
Last Review: 12/17/2015 21:02:00 - Rev: 2.0
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7

Classic ASP applications don't work correctly after security update 3104002 is installed in Windows
- https://support.microsoft.com/en-us/kb/3125446
Symptoms: You can't upload files by using classic ASP applications in Internet Explorer after you install security update 3104002...
Hotfix Download Available...
Last Review: 12/16/2015 22:21:00 - Rev: 2.0
Applies to:
Windows Server 2012 R2 Datacenter
Windows Server 2012 R2 Standard
Windows Server 2012 R2 Foundation
Windows 8.1 Enterprise
Windows 8.1 Pro
Windows 8.1
Windows Server 2008 R2 Service Pack 1
Windows 7 Service Pack 1
Windows Server 2008 Service Pack 2
Windows Vista Service Pack 2
___

MS Security Bulletin MS15-131 - Critical
Security Update for Microsoft Office to Address Remote Code Execution (3116111)
- https://technet.microsoft.com/en-us/library/security/MS15-131
V2.1 (December 18, 2015): Bulletin revised to correct the Updates Replaced for 3101532 and 3114342, and to add a workaround for CVE-2015-6172. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action.

> https://support.microsoft.com/en-us/kb/3101532
Last Review: 12/08/2015 18:44:00 - Rev: 1.0

> https://support.microsoft.com/en-us/kb/3114342
Last Review: 12/08/2015 18:42:00 - Rev: 1.0

:fear::fear:

FYI...

Win10 update KB 3124200 and Office update 6366
> http://www.infoworld.com/article/3017791/microsoft-windows/windows-10-update-kb-3124200-clobbers-word-customizations.html
Dec 23, 2015
> https://support.microsoft.com/en-us/kb/3124200
Last Review: 12/17/2015 17:41:00 - Rev: 1.0
Applies to:
Windows 10 Version 1511

Missing customizations in Office Word after an update
- https://support.microsoft.com/en-us/kb/3129969
Last Review: 12/22/2015 18:03:00 - Rev: 1.0
"Summary: After installing the latest update for Microsoft Office (6366.xxxx), all of your customizations for Word such as macros, autotext entries, and styles will no longer load. The issue is caused by a file that has been renamed during the update. To resolve this, use the following steps to help you restore the renamed file..."
Applies to:
Microsoft Word 2013
Microsoft Word 2010
Word 2016

:fear::fear:

FYI...

MS Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- https://technet.microsoft.com/en-us/library/security/2755801
V52.0 (Dec 29, 2015): Added the 3132372 update* to the Current Update section.

* https://support.microsoft.com/en-us/kb/3132372
Last Review: 12/30/2015 21:00:00 - Rev: 2.0
"Known issues in this security update:
We are aware of limited application crashes that occur after this security update is installed on Windows 10.
Microsoft is researching this problem with Adobe and will post more information in this article when the information becomes available..."

:fear::fear:

FYI...

Win10 patch notes - KB3132372, KB 3133431
The first forced Win10 patch of 2016 is entirely devoted to fixing the last forced patch of 2015, which broke a score of programs that rely on Flash
- http://www.infoworld.com/article/3019697/microsoft-windows/windows-10-patch-kb-3133431-puts-flash-player-back-in-the-drivers-seat.html
Jan 6, 2016 - "Yesterday I reported on KB 3132372*, the last Windows 10 patch of 2015, released on Dec. 29. That forced patch broke Skype, HP Solution Center, Incredimail, several Serif programs, GameMaker, a bunch of games, skins for Mediamonkey, eBay Turbo Lister, and heaven knows how many other programs that still rely on Flash. Last night - a week after that initial patch brought down all those programs - Microsoft released a fix... the first forced Win10 patch of 2016 is entirely devoted to fixing the last forced patch of 2015..."

> https://support.microsoft.com/en-us/kb/3133431
Last Review: 01/06/2016 22:03:00 - Rev: 3.0

* https://support.microsoft.com/en-us/kb/3132372
Last Review: 01/06/2016 22:03:00 - Rev: 4.0

:fear::fear:

FYI...

Win10 nagware...
- http://www.infoworld.com/article/3020748/microsoft-windows/how-get-windows-10-sets-its-hooks-into-windows-7-and-81.html
Jan 11, 2016 - "... Even if you use the Microsoft-sanctioned DisableGWX and DisableOSUpgrade registry settings, the KB 3035583 patch* -still- installs -all- of the Get Windows 10 nagware. GWX and all of its components sit there, hidden, running in the background even if you can't see the Get Windows 10 icon in the system tray..."

* https://support.microsoft.com/en-us/kb/3035583
Last Review: 12/15/2015 17:19:00 - Rev: 7.0

On your "Recommended updates" list, right click it and choose "Hide".

:fear::fear:

FYI...

- https://technet.microsoft.com/en-us/library/security/ms16-jan
Jan 12, 2016 - "This bulletin summary lists security bulletins released for January 2016...
(Total of -9-)

Microsoft Security Bulletin MS16-001 - Critical
Cumulative Security Update for Internet Explorer (3124903)
- https://technet.microsoft.com/library/security/MS16-001
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- https://support.microsoft.com/en-us/kb/3124903
Last Review: 01/12/2016 18:35:00 - Rev: 1.0
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7

Microsoft Security Bulletin MS16-002 - Critical
Cumulative Security Update for Microsoft Edge (3124904)
- https://technet.microsoft.com/library/security/MS16-002
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-003 - Critical
Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540)
- https://technet.microsoft.com/library/security/MS16-003
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-004 - Critical
Security Update for Microsoft Office to Address Remote Code Execution (3124585)
- https://technet.microsoft.com/library/security/MS16-004
Critical - Remote Code Execution - May require restart - Microsoft Office, Visual Basic

Microsoft Security Bulletin MS16-005 - Critical
Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584)
- https://technet.microsoft.com/library/security/MS16-005
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-006 - Critical
Security Update for Silverlight to Address Remote Code Execution (3126036)
- https://technet.microsoft.com/library/security/MS16-006
Critical - Remote Code Execution - Does not require a restart - Microsoft Silverlight

Microsoft Security Bulletin MS16-007 - Important
Security Update for Microsoft Windows to Address Remote Code Execution (3124901)
- https://technet.microsoft.com/library/security/MS16-007
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-008 - Important
Security Update for Windows Kernel to Address Elevation of Privilege (3124605)
- https://technet.microsoft.com/library/security/MS16-008
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-010 - Important
Security Update in Microsoft Exchange Server to Address Spoofing (3124557)
- https://technet.microsoft.com/library/security/MS16-010
Important - Spoofing - May require restart - Microsoft Exchange Server
___

MS16-001: http://www.securitytracker.com/id/1034648
MS16-002: http://www.securitytracker.com/id/1034649
MS16-003: http://www.securitytracker.com/id/1034650
MS16-004: http://www.securitytracker.com/id/1034651
- http://www.securitytracker.com/id/1034652
- http://www.securitytracker.com/id/1034653
MS16-005: http://www.securitytracker.com/id/1034654
MS16-006: http://www.securitytracker.com/id/1034655
MS16-007: http://www.securitytracker.com/id/1034659
- http://www.securitytracker.com/id/1034660
- http://www.securitytracker.com/id/1034661
MS16-008: http://www.securitytracker.com/id/1034645
MS16-010: http://www.securitytracker.com/id/1034647
___

- http://blogs.technet.com/b/msrc/archive/2016/01/12/january-2016-security-update-release-summary.aspx
12 Jan 2016

Security Advisories 2016
- https://technet.microsoft.com/en-us/library/security/mt631688.aspx
Jan 12, 2016

Microsoft Security Advisory 3123479
Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program
- https://technet.microsoft.com/library/security/3123479.aspx

Updates for ActiveX Kill Bits 3118753
- https://technet.microsoft.com/library/security/3118753.aspx

Microsoft Security Advisory 3109853
Update to Improve TLS Session Resumption Interoperability
- https://technet.microsoft.com/library/security/3109853.aspx
___

January 2016 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2016/01/12/january-2016-office-update-release.aspx
12 Jan 2016 - "... there are 29 security updates (1 bulletin) and 36 non-security updates.
Security bulletins: MS16-004:
- https://technet.microsoft.com/library/security/MS16-004 "
____

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=20605
2016-01-12

>> http://blog.shavlik.com/wp-content/uploads/2016/01/January-Patch-Tuesday-2016-summary.jpg
___

MS Security Support and Troubleshooting
- https://technet.microsoft.com/en-us/security/bb980617.aspx
"Find answers to a technical issue, look up a KB article, or search by error code.
Search all sources:
Look up KB article:
Look up Events and Errors: ..."

.

FYI...

More new 'Win10 nagware' appears on Win7 machines ...

Compatibility update for upgrading Windows 7
> https://support.microsoft.com/en-us/kb/2952664
Last Review: 01/12/2016 18:34:00 - Rev: 16.0

If you don't want it, on your "Recommended updates" list, right click it and choose "Hide".
___

- http://www.infoworld.com/article/3022418/microsoft-windows/microsoft-expands-get-windows-10-campaign-to-domain-joined-win7-and-81-pcs.html
Jan 14, 2016

:fear::fear:

FYI...

MS: Only the Latest Version of Windows Will Support New CPU Generations
- http://tech.slashdot.org/story/16/01/16/1245231/microsoft-only-the-latest-version-of-windows-will-support-new-cpu-generations
Jan 16, 2016 - "... news from Microsoft about how the company will support Windows now and in the future*. The company says PCs built with Intel's Skylake chip, and other new architectures in the future, will require the latest version of Windows for support. This doesn't take effect right away; Windows 7 and 8.1 will be supported on older chips until their planned end-of-life dates, in 2020 and 2023 respectively. They'll also be supported on a list of current Skylake devices for the next 18 months. After that, only the latest version of Windows will support integration** between the operating system and new CPU features. "For example, Windows 10 will be the only supported Windows platform on Intel's upcoming 'Kaby Lake' silicon, Qualcomm's upcoming '8996' silicon, and AMD's upcoming 'Bristol Ridge' silicon..."

* https://blogs.windows.com/windowsexperience/2016/01/15/windows-10-embracing-silicon-innovation/
Jan 15, 2016
** http://www.zdnet.com/article/microsoft-updates-support-policy-new-cpus-will-require-windows-10/
Jan 15, 2016

:fear::fear:

FYI...

Deadline for obsolete IE's and Win8
- http://windowssecrets.com/patch-watch/a-deadline-for-obsolete-ies-and-windows-8/
Jan 14, 2016 - "With the start of a new year, Microsoft is cleaning house of “obsolete” operating systems and browsers. If you’re still on Windows 8.0, you need to update to Win8.1 to be fully supported. And for true browser protection, you need to be using the most current releases of Internet Explorer...
MS16-001 (3124275), MS16-003 (3124624)
... reducing the number of versions Microsoft needs to support is a good thing. For example, keeping secure a browser that has multiple editions in multiple languages, for multiple operating systems is a tall order, even for Microsoft. Sending out monthly fixes for fewer versions should mean more reliable updates.
With that in mind, this month’s cumulative IE update, KB 3124903, is the -last- for IE 7 and 8. According to a Microsoft product lifecycle FAQ*, “Beginning Jan. 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates.” Going forward, on desktop Windows, IE 9 will be the -only- supported version on Vista systems; IE 11 is the -only- supported version on Win7 and Win8.1.
Along with the operating system and your anti-malware software, the browser is the most important app to keep up to date with the latest security fixes. If you remain on IE 7 or 8, your risk of infection will rise rapidly. Keep in mind that Internet Explorer is deeply tied into Windows. So even if you don’t use IE as your default browser, it’s important to keep it current. (After you install this month’s cumulative update, you’ll be -nagged- that your browser is out of date and you need to upgrade — in most cases to IE 11.)"
* https://support.microsoft.com/en-us/lifecycle#gp/Microsoft-Internet-Explorer
___

Outlook 2010 Update KB3114570 introduces a regression error
See here:
- https://answers.microsoft.com/en-us/office/forum/office_2010-outlook/regression-error-in-microsoft-outlook-2010-update/e629c66c-647a-4e2e-99f5-00895e4f5535

And here:
- http://www.infoworld.com/article/3022984/microsoft-windows/outlook-2010-patch-kb-3114570-reintroduces-calendar-bugs.html
___

Update that supports Azerbaijani Manat and Georgian Lari currency symbols in Windows Re-released?
- https://support.microsoft.com/en-us/kb/3102429
Last Review: 01/19/2016 19:40:00 - Rev: 7.0

... may cause:
Windows Update KB3102429 Does not play well with Crystal Reports for Visual Studio 2008
- https://answers.microsoft.com/en-us/windows/forum/windows_7-windows_programs/windows-update-kb3102429-does-not-play-well-with/d4ac7c27-da72-4842-b44f-370128cd0993?page=2&auth=1

:fear::fear:

FYI...

Error launching Office applications after January updates
- http://blogs.technet.com/b/the_microsoft_excel_support_team_blog/archive/2016/01/25/error-launching-office-applications-after-january-updates.aspx
25 Jan 2016 - "It's been reported that after applying January 2016 update (KB 3114506*), customers are experiencing an error on Windows Server 2012 R2 and Windows Server 2008 R2 when trying to launch Office applications such as Excel, PowerPoint and OneDrive for Business. Error Examples:
System Error - The program can’t start because davclnt.dll is missing from your computer. Try reinstalling the program to fix this problem. Excel application error:
> http://blogs.technet.com/resized-image.ashx/__size/550x0/__key/communityserver-blogs-components-weblogfiles/00-00-00-87-63/Error-Screenshot.PNG
RESOLUTION: Currently, Microsoft is working on the issue and will be providing an update when a fix becomes available. As a workaround, install Desktop User Experience, which ensures the davclnt is available.
Follow this article for further information and updates:
Error: The Program can’t start because davclnt.dll is missing from your computer
- https://community.office365.com/en-us/f/172/t/427963 "

Update for Office 2013 (KB3114506)
* https://support.microsoft.com/en-us/kb/3114506
Last Review: 01/26/2016 09:05:00 - Rev: 3.0

Tags: Excel 2013, powerpoint 2013, Office 2013, davclnt

:fear:

FYI...

MS16-004 - buggy??
>> http://www.infoworld.com/article/3027019/microsoft-windows/kb-2881029-3039794-2920727-throw-spurious-vba-office-automation-errors.html
Jan 27, 2016 - "Microsoft released MS16-004 on Jan. 12, and weird Visual Basic 6, VBA, and SharePoint 2013 errors have followed in its wake... symptoms are many and varied, but all seem to be due to a problematic new version of the MSComctLib.ocx common control library for VB6 and VBA. It looks like the new version, 6.01.9846, saves templates that don't work properly on machines with older versions of MSComctLib.ocx. It's not clear to me if those same templates throw errors when run on some machines with the new version of MSComctLib.ocx... Microsoft hasn't come up with any warnings in the KB articles..."
[ The update has a different title / KB # -depending- on the version of Microsoft Office you have installed... ]
Office 2007 (KB3114541): https://support.microsoft.com/en-us/kb/3114541
Office 2010 (KB2881029): https://support.microsoft.com/en-us/kb/2881029
Office 2013 (KB3039794): https://support.microsoft.com/en-us/kb/3039794
Office 2016 (KB2920727): https://support.microsoft.com/en-us/kb/2920727
___

- http://blogs.technet.com/b/office_sustained_engineering/archive/2016/01/12/january-2016-office-update-release.aspx
12 Jan 2016

:fear::fear:

FYI...

Win10 - check your 'System Protection' setting ...
- https://isc.sans.edu/diary.html?storyid=20675
2016-01-31 - "... Many of you (may have) upgraded to Windows 10 and it would be a good idea to verify your settings to make sure 'System Protection' is enabled:
> https://isc.sans.edu/diaryimages/images/win10_protection_off.PNG
Here is how to check and if necessary, 'enable' System Protection:
Select [Win10 Start] -> Settings -> About -> System info -> System Protection -> Configure
Select 'Turn on system protection' to -enable- System Restore and some disk space (i.e. 10 GB):
> https://isc.sans.edu/diaryimages/images/win10_protection_off_default.PNG
Over the years, 'System Protection' has been in many cases a useful tool especially when installing failed patches or applications to be able to go back to an earlier and stable version."

:fear::fear:

FYI...

MS - renewed push to force users onto Win10
- http://www.infoworld.com/article/3028897/microsoft-windows/microsoft-signals-renewed-push-to-force-users-onto-windows-10.html
Feb 2, 2016 - "A cryptic post from Microsoft seems to indicate that Redmond has stepped up its push to upgrade Windows 7 and Windows 8.1 users by moving Windows 10 to 'recommended status'. According to ZDNet's Mary Jo Foley*, about 5 p.m. ET on Monday, Microsoft dropped a small bombshell:
' As we shared in late October on the Windows Blog, we are committed to making it easy for our Windows 7 and Windows 8.1 customers to upgrade to Windows 10. We updated the upgrade experience today to help our customers...'. Shortly after, Microsoft maven Paul Thurrott** confirmed the message. Apparently this is Microsoft's version of an official announcement... Until we actually see a "recommended" Windows 10 update in-the-wild, it's hard to say what Microsoft will do... your best bet is to download and run Josh Mayfield's GWX Control Panel[1]. That'll clean out the Get Windows X subsystem, reset the registry entries, and keep the hidden scheduled tasks from firing."
1] http://ultimateoutsider.com/downloads/
Version: 1.7.2.0
Jan 24, 2016
-or-
> http://ultimateoutsider.com/downloads/GWX_control_panel.exe

MS pushes Win10 as a 'recommended' update ...
* http://www.zdnet.com/article/microsoft-starts-pushing-windows-10-as-a-recommended-update/
Feb 1, 2016 - "... On February 1, Microsoft started making good on the promised push... Microsoft is not changing its policy of downloading part of the Windows 10 code 'proactively' to users' machines to make upgrading faster. The company is continuing to do that, in spite of complaints by many. However, unless users make the final decision to hit upgrade, Windows 10 will not completely install and replace their existing Windows versions. The "recommended" push will be a phased one, the spokesperson said, for Windows 7 and 8.1 consumers who have Automatic Updates turned on. For users who have chosen the "Give me recommended updates the same way I receive important updates" setting turned on, the automatic update process will kick off... for the record: Windows 10 is -not- a required update for Windows 7 and 8.1 users. It is now 'recommended'. Users who do not want it can just say no."
> http://www.zdnet.com/article/how-to-block-windows-10-upgrades-on-your-business-network-and-at-home-too/

** https://www.thurrott.com/windows/windows-10/64324/windows-10-becomes-a-recommended-update-on-windows-7-and-8-1
Feb 1, 2016 - "... the change from “optional” to “recommended” is somewhat controversial, since Windows Update is considered a -trusted- source for updates. That is, it will probably cause the Windows 10 upgrade to automatically start on many PCs because most users configure Windows Update to automatically install recommended updates... 'You will be assimilated'."
___

Compatibility update for upgrading Windows 7
- https://support.microsoft.com/en-us/kb/2952664
Last Review: 02/02/2016 20:42:00 - Rev: 17.0 - "This update helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows..."
Applies to:
Windows 7 SP1

Updated capabilities to upgrade Windows 8.1 and Windows 7
- https://support.microsoft.com/en-us/kb/3123862
Last Review: 02/03/2016 18:05:00 - Rev: 1.0
Applies to:
Windows 8.1 Enterprise
Windows 8.1 Pro
Windows 8.1
Windows 7 SP1

Compatibility update for Windows 8.1 and Windows 8
- https://support.microsoft.com/en-us/kb/2976978
Last Review: 02/02/2016 20:43:00 - Rev: 20.0
Applies to:
Windows 8.1 Enterprise
Windows 8.1
Windows 8.1 Pro
Windows 8 Enterprise
Windows 8
Windows 8 Pro

Compatibility update for Windows 7 RTM
- https://support.microsoft.com/en-us/kb/2977759
Last Review: 02/02/2016 20:42:00 - Rev: 16.0
Applies to:
Windows 7 Enterprise
Windows 7 Home Premium
Windows 7 Home Basic
Windows 7 Professional
Windows 7 Starter
Windows 7 Ultimate

:fear::fear:

FYI...

Win10 - Device Guard and Applocker
- http://blogs.msmvps.com/bradley/2016/02/06/not-so-fast-some-of-us-need-emet/
Feb 6, 2016 - "... security enhancements are key... the key features they are pointing out here* – Device Guard and Applocker are -not- available on the Pro or Home skus. They are -only- available on the Enterprise sku..."

Can't disable Windows Store in Win10 Pro through Group Policy
* https://support.microsoft.com/en-us/kb/3135657
Last Review: 01/29/2016 19:47:00 - Rev: 4.0 - "On a computer that's running Windows 10 Pro, you upgrade to version 1511 of Windows 10. After the upgrade, you notice that the following Group Policy settings to disable Windows Store are not applied, and you cannot disable Windows Store:
Computer Configuration>Administrative Templates>Windows Components>Store>Turn off the Store application
User Configuration>Administrative Templates>Windows Components>Store>Turn off the Store
Cause: This behavior is by design. In Windows 10 version 1511, these policies are applicable to users of the Enterprise and Education editions only..."
Applies to:
Win10 Version 1511

:fear::fear:

FYI...

- https://technet.microsoft.com/library/security/ms16-feb
Feb 9, 2016 - "This bulletin summary lists security bulletins released for February 2016...
(Total of -13-)

Microsoft Security Bulletin MS16-009 - Critical
Cumulative Security Update for Internet Explorer (3134220)
- https://technet.microsoft.com/library/security/MS16-009
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-011 - Critical
Cumulative Security Update for Microsoft Edge (3134225)
- https://technet.microsoft.com/library/security/MS16-011
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Edge

Microsoft Security Bulletin MS16-012 - Critical
Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938)
- https://technet.microsoft.com/en-us/library/security/MS16-012
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-013 - Critical
Security Update for Windows Journal to Address Remote Code Execution (3134811)
- https://technet.microsoft.com/library/security/MS16-013
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-014 - Important
Security Update for Microsoft Windows to Address Remote Code Execution (3134228)
- https://technet.microsoft.com/library/security/MS16-014
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-015 - Critical
Security Update for Microsoft Office to Address Remote Code Execution (3134226)
- https://technet.microsoft.com/library/security/MS16-015
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Server Software

Microsoft Security Bulletin MS16-016 - Important
Security Update for WebDAV to Address Elevation of Privilege (3136041)
- https://technet.microsoft.com/library/security/MS16-016
Important - Elevation of Privilege - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-017 - Important
Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700)
- https://technet.microsoft.com/library/security/MS16-017
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-018 - Important
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082)
- https://technet.microsoft.com/en-us/library/security/MS16-018
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-019 - Important
Security Update for .NET Framework to Address Denial of Service (3137893)
- https://technet.microsoft.com/library/security/MS16-019
Important - Denial of Service - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS16-020 - Important
Security Update for Active Directory Federation Services to Address Denial of Service (3134222)
- https://technet.microsoft.com/library/security/MS16-020
Important - Denial of Service - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-021 - Important
Security Update for NPS RADIUS Server to Address Denial of Service (3133043)
- https://technet.microsoft.com/library/security/MS16-021
Important - Denial of Service - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-022 - Critical
Security Update for Adobe Flash Player (3135782)
- https://technet.microsoft.com/library/security/MS16-022
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player
V1.1 (Feb 12, 2016): Revised bulletin to add links to update 3135782 on the Download Center for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows Server 2012, and Windows Server 2012 R2. This is an informational change only. Customers who have already successfully installed the update do not need to take any further action.
___

- http://blogs.technet.com/b/msrc/archive/2016/02/09/february-2016-security-update-release-summary.aspx
9 Feb 2016

Security Advisories
- https://technet.microsoft.com/en-us/library/security/mt631688.aspx

MS Security Advisory 3137909
Vulnerabilities in ASP.NET Templates Could Allow Tampering
- https://technet.microsoft.com/library/security/3137909.aspx
Feb 9, 2016
> http://www.securitytracker.com/id/1034988
Feb 10 2016
> http://www.securitytracker.com/id/1034987
Feb 10 2016

Microsoft Security Advisory 2871997
Update to Improve Credentials Protection and Management
- https://technet.microsoft.com/en-us/library/security/2871997
Published: May 13, 2014 | Updated: Feb 9, 2016 - Ver: 5.0
V5.0 (Feb 9, 2016): Re-released advisory to announce the release of update 3126593* to enable the Restricted Admin mode for Credential Security Support Provider (CredSSP) by default...
* https://support.microsoft.com/en-us/kb/3126593
___

February 2016 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2016/02/09/february-2016-office-update-release.aspx
9 Feb 2016 - "... there are 26 security updates (1 bulletin) and 53 non-security updates.
Security bulletins:
MS16-015 - https://technet.microsoft.com/en-us/library/security/MS16-015
All of the security and non-security updates for January are listed in KB article 3137471*..."
- https://support.microsoft.com/en-us/kb/3137471
Last Review: 02/09/2016 20:35:00 - Rev: 1.0
___

MS16-009: http://www.securitytracker.com/id/1034971
MS16-011: http://www.securitytracker.com/id/1034972
MS16-012: http://www.securitytracker.com/id/1034973
MS16-013: http://www.securitytracker.com/id/1034974
MS16-014: http://www.securitytracker.com/id/1034985
MS16-015: http://www.securitytracker.com/id/1034975
- http://www.securitytracker.com/id/1034976
MS16-016: http://www.securitytracker.com/id/1034980
MS16-017: http://www.securitytracker.com/id/1034981
MS16-018: http://www.securitytracker.com/id/1034982
MS16-019: http://www.securitytracker.com/id/1034983
MS16-020: http://www.securitytracker.com/id/1034984
MS16-021: http://www.securitytracker.com/id/1034986
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=20711
2016-02-09

Qualys Analysis
- https://blog.qualys.com/laws-of-vulnerabilities/2016/02/09/patch-tuesday-february-2016
Feb 9, 2016

.

FYI...

MS16-014: https://technet.microsoft.com/library/security/MS16-014
V2.0 (February 10, 2016): Bulletin revised to announce the availability of update 3126041* for Microsoft Windows Vista, Windows Server 2008, Windows Server 2008 for Itanium-based Systems, Windows 8.1, and Windows Server 2012 R2. Customers should apply the applicable updates to be protected from the vulnerabilities discussed in this bulletin...
* https://support.microsoft.com/en-us/kb/3126041
Last Review: 02/11/2016 01:34:00 - Rev: 2.1

MS16-014: https://support.microsoft.com/en-us/kb/3126587
"Known issue... Customers using Corel VideoStudio X8 or Corel VideoStudio X9 on Windows 7 may experience a crash while launching or using that product. Customers should install the latest updates from Corel to prevent this issue, or contact Corel for more information and help..."
___

.NET Framework 4.6.1 and Exchange compatibility
- http://blogs.technet.com/b/exchange/archive/2016/02/10/on-net-framework-4-6-1-and-exchange-compatibility.aspx
10 Feb 2016 - "... the .NET Framework 4.6.1 has been made a -recommended- update on WU (Windows Update).
As we have already stated in the Exchange Supportability Matrix, at this time, this version of .NET framework is not supported by Exchange. In fact, we know of some issues* if it is installed. We are working with the .NET team to ensure that Exchange customers have a smooth transition to .NET Framework 4.6.1, but in the meantime, -delay- this particular .NET update on your Exchange servers..."

Mailboxes are quarantined and databases fail over unexpectedly in Exchange Server 2013
* https://support.microsoft.com/en-us/kb/3095369
Last Review: 09/16/2015 19:05:00 - Rev: 3.0
Applies to:
Microsoft Exchange Server 2013 Standard
Microsoft Exchange Server 2013 Enterprise
___

Office 2010 patch KB 3114750 clobbers Outlook Calendar (again)
- http://www.infoworld.com/article/3032206/microsoft-windows/office-2010-patch-kb-3114750-clobbers-outlook-calendar-again.html
Feb 11, 2016
> https://support.microsoft.com/en-us/kb/3114750
Last Review: 02/09/2016 19:26:00 - Rev: 1.0
Applies to:
MS Office 2010 SP2
_____

These appear to be 'Win10 preps'/nagware that you may want to 'Hide' on your "Recommended Updates" list:

Updated capabilities to upgrade Windows 8.1 and Windows 7
- https://support.microsoft.com/en-us/kb/3123862
Last Review: 02/11/2016 01:42:00 - Rev: 3.0
Applies to:
Windows 8.1 ...
Windows 7 SP1

Compatibility update for upgrading Windows 7
- https://support.microsoft.com/en-us/kb/2952664
Last Review: 02/02/2016 20:42:00 - Rev: 17.0
Applies to:
Windows 7 SP1

Also see: http://www.infoworld.com/article/3031391/microsoft-windows/what-little-we-know-about-recommended-windows-781-update-kb-3123862.html
Feb 11, 2016

:fear::fear:

FYI...

Office 2013 patch KB 3114717 freezes 32-bit Word 2013 on Win 7, 8.1, 10
There are reports of the patch causing similar lockup problems with Excel 2013 and Outlook 2013
- http://www.infoworld.com/article/3032642/microsoft-windows/office-2013-patch-kb-3114717-freezes-32-bit-word-2013-on-win-7-81-10.html
Feb 12, 2016

> https://social.technet.microsoft.com/Forums/en-US/f7f85abf-aebf-4137-a429-13e3faf81635/word-2013-problems-with-kb3114717?forum=officeitpro
Feb 12, 2016 - "... We are continuing to investigate why Update KB3114717 causes Word to slow down or hang. As a workaround, you can safely -remove- that update and we will post more information here as we learn more..."

- https://support.microsoft.com/en-us/kb/3114717
Last Review: 02/13/2016 02:01:00 - Rev: 2.0
"Notice: Update 3114717 is no longer available because it causes Microsoft Office 2013 apps, such as Microsoft Word and Microsoft Outlook, to slow down or freeze. If you’ve installed this update and you're experiencing these issues, you can safely remove the update.
> https://support.microsoft.com/en-us/kb/3114717#bookmark-uninstall
How to uninstall this update..."

:fear::fear:

FYI...

"... opened up -five- support cases to investigate 'resetting of applications' after KB3135173*"
S. Bradley - 2016-02-15

Cumulative update for Windows 10 Version 1511
* https://support.microsoft.com/en-us/kb/3135173
Last Review: 02/09/2016 19:17:00 - Rev: 1.0
Applies to:
Windows 10 Version 1511

> http://www.tenforums.com/windows-updates-activation/40373-last-update-caused-all-custom-file-associations-reset-defaults.html

> https://social.technet.microsoft.com/Forums/en-US/2dc8c9e0-324d-422d-ba0d-fac5d5c4aee0/an-app-default-was-reset?forum=win10itprogeneral

> https://www.reddit.com/r/Windows10/comments/458821/an_app_default_was_reset_what_is_this_bs/

> http://answers.microsoft.com/thread/7f51d3de-8e67-478f-9a10-fcd4873ce3af

> https://www.reddit.com/r/Windows10/comments/45wc58/finally_a_fix_for_an_app_default_was_reset/

"... this is -not- how Windows 10 is expected to handle updates."
___

- http://www.infoworld.com/article/3032751/microsoft-windows/windows-10-forced-update-kb-3135173-changes-browser-and-other-defaults.html
Feb 16, 2016

:fear::fear:

FYI...

Win10 -nagware- KB 3035583 reappears on Win7/8.1 PCs
- http://www.infoworld.com/article/3037393/microsoft-windows/get-windows-10-nagware-patch-kb-3035583-suddenly-reappears-on-win781-pcs.html
Feb 24, 2016

Update installs 'Get Windows 10 app' in Windows 8.1 and Windows 7 SP1
> https://support.microsoft.com/en-us/kb/3035583
Last Review: 02/24/2016 15:20:00 - Rev: 10.0

- http://windowssecrets.com/patch-watch/recalled-office-fix-and-another-get-win10/
Feb 25, 2016
___

Microsoft Security Bulletin MS16-014 - Important
Security Update for Microsoft Windows to Address Remote Code Execution (3134228)
- https://technet.microsoft.com/library/security/MS16-014

MS16-014: Description of the security update for Windows
> https://support.microsoft.com/en-us/kb/3126041
Last Review: 02/24/2016 15:21:00 - Rev: 4.0
[See: "Known issues in this security update"]
___

Win10: Telemetry and other settings
> https://technet.microsoft.com/library/mt577208%28v=vs.85%29.aspx
Last updated: Feb 23, 2016
Applies to: Windows 10

:fear::fear:

FYI...

Deja vu all over again: Microsoft reissues KB 2952664, KB 2976978, KB 2977759
The three Win7/8.1 updates have returned and brought the warmed-over KB 3138612 and 3138615 Windows Update patches with them
- http://www.infoworld.com/article/3040069/microsoft-windows/deja-vu-all-over-again-microsoft-reissues-kb-2952664-kb-2976978-kb-2977759.html
Mar 2, 2016 - "Yesterday, Microsoft re-re-released three patches - KB 2952664, KB 2976978 and KB 2977759 - all of which offer "compatibility" updates for those of you hell-bent on upgrading from Windows 7 or 8.1 to Windows 10 via Windows Update. We also received two -new- patches - KB 3138612 and KB 3138615 - that update Windows Update by replacing their tired, old counterparts... If you're running Windows 7 and headed to Windows 10 sometime soon, then by all means, install the 'patch'. If not, fuhgeddaboutit... Bottom line: Unless Windows Update is horribly slow, I don't see any reason at all to install any of these 'optional' updates."

Compatibility update for upgrading Windows 7
- https://support.microsoft.com/en-us/kb/2952664
Last Review: 03/01/2016 17:31:00 - Rev: 18.0

Compatibility update for Windows 8.1 and Windows 8
- https://support.microsoft.com/en-us/kb/2976978
Last Review: 03/01/2016 17:32:00 - Rev: 21.0

Compatibility update for Windows 7 RTM
- https://support.microsoft.com/en-us/kb/2977759
Last Review: 03/01/2016 17:33:00 - Rev: 17.0
___

Windows Update Client for Windows 7 and Windows Server 2008 R2: March 2016
- https://support.microsoft.com/en-us/kb/3138612
Last Review: 03/01/2016 17:27:00 - Rev: 1.0

Windows Update Client for Windows 8.1 and Windows Server 2012 R2: March 2016
- https://support.microsoft.com/en-us/kb/3138615
Last Review: 03/01/2016 17:27:00 - Rev: 1.0

:fear::fear:

FYI...

- https://technet.microsoft.com/en-us/library/security/ms16-Mar
Mar 8, 2016 - "This bulletin summary lists security bulletins released for March 2016...
(Total of -13-)

Microsoft Security Bulletin MS16-023 - Critical
Cumulative Security Update for Internet Explorer (3142015)
- https://technet.microsoft.com/library/security/MS16-023
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-024 - Critical
Cumulative Security Update for Microsoft Edge (3142019)
- https://technet.microsoft.com/library/security/MS16-024
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-025 - Important
Security Update for Windows Library Loading to Address Remote Code Execution (3140709)
- https://technet.microsoft.com/library/security/MS16-025[/b]
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-026 - Critical
Security Update for Graphic Fonts to Address Remote Code Execution (3143148)
- https://technet.microsoft.com/en-us/library/security/MS16-026
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-027 - Critical
Security Update for Windows Media to Address Remote Code Execution (3143146)
- https://technet.microsoft.com/en-us/library/security/MS16-027
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-028 - Critical
Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081)
- https://technet.microsoft.com/en-us/library/security/MS16-028
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-029 - Important
Security Update for Microsoft Office to Address Remote Code Execution (3141806)
- https://technet.microsoft.com/library/security/MS16-029
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Server Software

Microsoft Security Bulletin MS16-030 - Important
Security Update for Windows OLE to Address Remote Code Execution (3143136)
- https://technet.microsoft.com/en-us/library/security/MS16-030
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-031 - Important
Security Update for Microsoft Windows to Address Elevation of Privilege (3140410)
- https://technet.microsoft.com/en-us/library/security/MS16-031
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-032 - Important
Security Update for Secondary Logon to Address Elevation of Privilege (3143141)
- https://technet.microsoft.com/en-us/library/security/MS16-032
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-033 - Important
Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142)
- https://technet.microsoft.com/en-us/library/security/MS16-033
Important - Elevation of Privilege - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-034 - Important
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145)
- https://technet.microsoft.com/en-us/library/security/MS16-034
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-035 - Important
Security Update for .NET Framework to Address Security Feature Bypass (3141780)
- https://technet.microsoft.com/library/security/MS16-035
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework
___

MS16-023: http://www.securitytracker.com/id/1035203
MS16-024: http://www.securitytracker.com/id/1035204
MS16-025: http://www.securitytracker.com/id/1035205
MS16-026: http://www.securitytracker.com/id/1035198
MS16-027: http://www.securitytracker.com/id/1035200
MS16-028: http://www.securitytracker.com/id/1035202
MS16-029: http://www.securitytracker.com/id/1035206
> http://www.securitytracker.com/id/1035207
MS16-030: http://www.securitytracker.com/id/1035208
MS16-031: http://www.securitytracker.com/id/1035209
MS16-032: http://www.securitytracker.com/id/1035210
MS16-033: http://www.securitytracker.com/id/1035211
MS16-034: http://www.securitytracker.com/id/1035212
MS16-035: http://www.securitytracker.com/id/1035213
___

- http://blogs.technet.com/b/msrc/archive/2016/03/08/march-2016-security-update-release-summary.aspx
8 Mar 2016

Security Advisories - March 2016
- https://technet.microsoft.com/en-us/library/security/mt631688.aspx
___

March 2016 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2016/03/09/march-2016-office-update-release/
March 9, 2016 - The March 2016 Public Update releases for Office are now available. This month, there are -22- security updates (1 bulletin) and -41- non-security updates.
Security bulletins: MS16-029:
> https://technet.microsoft.com/en-us/library/security/ms16-029.aspx
All of the security and non-security updates for March are listed in KB article 3143491:
> https://support.microsoft.com/en-us/kb/3143491
Last Review: 03/09/2016 00:52:00 - Rev: 1.0
___

ISC Analysis
- https://isc.sans.edu/mspatchdays.html?viewday=2016-03-08
2016-03-08

Qualys Analysis
- https://blog.qualys.com/laws-of-vulnerabilities/2016/03/08/patch-tuesday-march-2016
March 8, 2016

.

FYI...

March 2016 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2016/03/09/march-2016-office-update-release/
Update – March 9, 2016 - "KB 3085515* is no longer available because it may prevent Access 2010 from opening VB-enabled apps and wizards. The workaround is to -uninstall- this update. See the Access Support Team blog** for more details."

* https://support.microsoft.com/en-us/kb/3085515
Last Review: 03/09/2016 22:49:00 - Rev: 2.0
"Notice: This update is no longer available from Microsoft Update or the Microsoft Download Center. After you install this update, you may not be able to open Microsoft Visual Basic-enabled apps in Microsoft Access 2010. Also, Access wizards may not run. To work around this problem, -uninstall- this update by following the steps in the "How to uninstall this update"[1] section."
1] https://support.microsoft.com/en-us/kb/3085515#bookmark-uninstall

** http://blogs.technet.com/b/the_microsoft_access_support_team_blog/archive/2016/03/09/you-may-encounter-errors-with-your-accde-mde-files-and-or-wizards-after-installing-the-march-update-for-office-2010-kb3085515.aspx
9 Mar 2016
___

When a security update is not a security update ...
Microsoft buried a 'Get Windows 10 ad generator' inside this month's Internet Explorer security patch for Windows 7 and 8.1
- http://www.infoworld.com/article/3042155/microsoft-windows/windows-patch-kb-3139929-when-a-security-update-is-not-a-security-update.html
Mar 9, 2016 - "If Microsoft's documentation is correct, installing Patch Tuesday's KB 3139929* security update for Internet Explorer also installs a new Windows 10 ad-generating routine called KB 3146449**... putting an 'ad generator' inside a security patch crosses way over the line. In fact, you have to ask yourself if there are any lines any more... It's important to note that KB 3146449 is not installed separately. You can't remove it. If you look in your installed updates list, KB 3146449 doesn't appear. Instead, it's baked into the IE security patch KB 3139929. The only way to get rid of the new advertising inside Internet Explorer 11 is to remove the security patch entirely... Rubbing salt in the wound: PCs attached to -corporate- domains are spared the pain - but not the bits - of this decidedly nonsecurity patch. In bypassing domain-joined PCs, Microsoft has avoided the inevitable screams of "foul play" from its largest corporate customers."

MS16-023: Security update for Internet Explorer
* https://support.microsoft.com/en-us/kb/3139929
Last Review: 03/09/2016 17:51:00 - Rev: 2.0

Updated Internet Explorer 11 capabilities to upgrade Windows 8.1 and Windows 7
** https://support.microsoft.com/en-us/kb/3146449
Last Review: 03/08/2016 17:37:00 - Rev: 1.0

>> http://www.infoworld.com/article/3042397/microsoft-windows/admins-beware-domain-attached-pcs-are-sprouting-get-windows-10-ads.html
Mar 9, 2016
> http://core0.staticworld.net/images/article/2016/03/gwx-for-admins-100649333-large.idge.jpg

:fear::fear:

FYI...

Microsoft Security Bulletin MS16-036 - Critical
Security Update for Adobe Flash Player (3144756)
- https://technet.microsoft.com/en-us/library/security/MS16-036
March 10, 2016 - "This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. This security update is rated Critical. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge..."

- https://support.microsoft.com/en-us/kb/3144756
Last Review: 03/10/2016 21:33:00 - Rev: 1.2
___

- https://technet.microsoft.com/en-us/library/security/ms16-mar
V2.0 (March 10, 2016): Bulletin Summary revised to document the out-of-band release of MS16-036.
V2.1 (March 10, 2016): Added a Known Issues reference to the Executive Summaries table for MS16-035. For more information, see Microsoft Knowledge Base Article 3148821*.

After you apply security update 3141780, .NET Framework applications encounter exception errors or unexpected failures while processing files that contain SignedXml
* https://support.microsoft.com/en-us/kb/3148821
Last Review: 03/16/2016 20:51:00 - Rev: 5.0
Applies to:
Microsoft .NET Framework 4.6.1
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2

:fear::fear:

FYI...

MS upgraded users to Win10 -without- their OK
- http://www.infoworld.com/article/3043526/microsoft-windows/microsoft-upgraded-users-to-windows-10-without-their-ok.html
Mar 14, 2016 - "... the complaints really started piling up Friday evening. More and more Windows 7 and 8.1 customers are complaining that Microsoft upgraded their computers to Windows 10 - and they didn't do anything to bring it on... If you haven't been bit yet, make sure you run GWX-Control-Panel*, then turn Automatic Update to 'Check for Updates but Let Me Choose Whether to Download and Install Them'...
> http://core0.staticworld.net/images/article/2016/03/win10-upgrade-checked-and-ready-to-run-100650025-orig.jpg

* http://blog.ultimateoutsider.com/2015/08/using-gwx-stopper-to-permanently-remove.html

- http://ultimateoutsider.com/downloads/

Remove the 'Get Windows 10' icon on Win7 and Win8
> https://www.youtube.com/watch?v=5pcmDTDRGgA&feature=youtu.be

- http://www.infoworld.com/article/3043656/microsoft-windows/first-aid-for-forced-windows-10-upgrades.html
Mar 14, 2016 - "... if you enable 'Automatic Update' then Microsoft owns your computer - it can make your PC do anything it likes. You've been pwned..."
___

MS16-023: Security update for Internet Explorer
- https://support.microsoft.com/en-us/kb/3139929
"... Additionally, this security update includes several nonsecurity-related fixes for Internet Explorer..."
Last Review: 03/17/2016 08:33:00 - Rev: 3.0
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8

Updated Internet Explorer 11 capabilities to upgrade Windows 8.1 and Windows 7
> https://support.microsoft.com/en-us/kb/3146449
"This update adds functionality to Internet Explorer 11 on some computers that lets users learn about Windows 10 or start an upgrade to Windows 10..."
Last Review: 03/08/2016 17:37:00 - Rev: 1.0

Empty "textarea" loses its closing tag after conversion from XML to HTML in Internet Explorer 11
> https://support.microsoft.com/en-us/kb/3144523
"... Note This update was first included in the MS16-023: Security update for Internet Explorer: March 8, 2016."
Last Review: 03/08/2016 17:35:00 - Rev: 1.0

- http://windowssecrets.com/patch-watch/using-ie-11-to-promote-win10-upgrading/
March 10, 2016

- http://www.theinquirer.net/inquirer/news/2450452/updategate-microsoft-is-burying-adware-in-its-own-patch-tuesday-updates
Mar 10 2016
___

- http://www.theinquirer.net/inquirer/news/2450609/updategate-microsoft-nagware-tries-to-turn-workers-against-system-admins
Mar 11 2016

:fear::fear: :mad:

FYI...

Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
- https://support.microsoft.com/en-us/kb/3035583
Last Review: 03/23/2016 18:07:00 - Rev: 11.0
___

GWX Control Panel
"... disable 'Upgrade to Windows 10' behavior"
> http://ultimateoutsider.com/downloads/
Version: 1.7.4.1
April 1, 2016

'Never 10'
> https://www.grc.com/never10.htm
Mar 28, 2016

> http://www.infoworld.com/article/3049165/microsoft-windows/steve-gibsons-never10-vs-josh-mayfields-gwx-control-panel.html
Mar 30, 2016
___

- http://www.infoworld.com/article/3048152/microsoft-windows/microsoft-re-releases-kb-3035583-get-windows-10-installer-again.html
Mar 24, 2016 - "... strongly recommend you turn Automatic Update to 'Check for updates but let me choose whether to download and install them' and -uncheck- the box marked 'Give me recommended updates the same way I receive important updates'. That advice stands..."
___

>> http://windowssecrets.com/patch-watch/a-few-problem-patches-among-marchs-many-updates/
March 24, 2016 - "... keep the Windows Update option 'Give me recommended updates the same way I receive important updates' -unchecked- ..."

:fear::fear:

FYI...

(MS Office) Upcoming change to the release schedule for non-security updates
> https://blogs.technet.microsoft.com/office_sustained_engineering/2016/03/28/upcoming-change-to-the-release-schedule-for-non-security-updates/
March 28, 2016 - "We want to let you know about an important change coming to the release schedule for Office updates so that you can plan accordingly. Until now, both security and non-security updates have been released on the second Tuesday of each month.
Starting in April, the non-security updates will be released in Microsoft Update and the Windows Server Update Service (WSUS) on the -first- Tuesday of the month, which is April 5 in this case. This will include all updates that have the Critical or Definition classification. Updates with the Security classification will continue to release on second Tuesday as usual. This change applies only to the MSI version of Office. Office Click-To-Run (C2R) will release on second Tuesday."
Tags: Office Office 2003, Office 2007, Office 2010, Office 2013, Office 2016, Office Public Update, Public Update Security
___

- http://www.infoworld.com/article/3049946/security/microsoft-details-changes-to-the-schedule-for-office-updates.html
Mar 31, 2016

:fear::fear:

FYI...

Compatibility update for upgrading Windows 7
- https://support.microsoft.com/en-us/kb/2952664
Last Review: 03/31/2016 16:17:00 - Rev: 19.0
___

Compatibility update for Windows 8.1 and Windows 8
- https://support.microsoft.com/en-us/kb/2976978
Last Review: 03/31/2016 16:18:00 - Rev: 22.0
___

Compatibility update for Windows 7 RTM
- https://support.microsoft.com/en-us/kb/2977759
Last Review: 03/31/2016 16:19:00 - Rev: 18.0
___

> http://www.infoworld.com/article/3050556/microsoft-windows/microsoft-re-releases-patches-kb-2952664-2976978-and-2977759.html
Mar 31, 2016 - "Now weighing in at Version 19.0, KB 2952664 is a 'compatibility update' to ease upgrading from Windows 7 to Windows 10. The analogous patch for Windows 8.1, KB 2976978, is now up to version 22.0, and the patch for Windows 7 without SP 1, KB 2977759, stands at version 18.0. All three have been re-released -six- times in the past three months..."

:fear::fear:

FYI...

More 'Win10 upgrade' updates ...

Compatibility update for upgrading Windows 7
- https://support.microsoft.com/en-us/kb/2952664
Last Review: 04/07/2016 20:12:00 - Rev: 20.0

Compatibility update for Windows 8.1 and Windows 8
- https://support.microsoft.com/en-us/kb/2976978
Last Review: 04/07/2016 23:49:00 - Rev: 24.0

Compatibility update for Windows 7 RTM
- https://support.microsoft.com/en-us/kb/2977759
Last Review: 04/07/2016 23:50:00 - Rev: 20.0

- http://www.infoworld.com/article/3053608/microsoft-windows/windows-781-patches-kb-2952664-2976978-and-2977759-keep-turning-up-like-bad-pennies.html
Apr 8, 2016 - "... They appear in Windows Update as optional and unchecked.
KB 2952664 is a "compatibility update" that eases upgrading from Win7 SP1 to Win10. It now sits at version 20, up from 19 last week.
KB 2976978 does the same thing, but for Windows 8 and 8.1. It's at version 24, up from 22. There's no indication why Microsoft gave it an additional version number bump.
KB 2977759 covers the same bases, but for Windows 7 without SP1. It, too, has been given an extra bump, from version 18 last week to version 20 this week..."

:fear::fear:

FYI...

MS16-027 - Critical
Security Update for Windows Media to Address Remote Code Execution
- https://technet.microsoft.com/en-us/library/security/MS16-027
V1.2 (April 7, 2016): Added a note to clarify that Windows Media is only enabled on Windows server operating systems when the Desktop Experience feature is enabled. This is an informational change only.

MS15-115 - Critical
Security Update for Microsoft Windows to Address Remote Code Execution
- https://technet.microsoft.com/en-us/library/security/MS15-115
V2.1 (April 7, 2016): Updated the footnotes following the Affected Software table to further clarify installation order for security update 3101746 in MS15-115, 3081320 in MS15-121, and 3101246 in MS15-122. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.

MS15-121 - Important
Security Update for Schannel to Address Spoofing
- https://technet.microsoft.com/en-us/library/security/MS15-121
V1.1 (April 7, 2016): Updated the footnotes following the Affected Software table to further clarify installation order for security update 3101746 in MS15-115, 3081320 in MS15-121, and 3101246 in MS15-122. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.

MS15-122 - Important
Security Update for Kerberos to Address Security Feature Bypass
- https://technet.microsoft.com/en-us/library/security/MS15-122
V1.2 (April 7, 2016): Updated the footnotes following the Affected Software and Vulnerability Severity Ratings table to further clarify installation order for security update 3101746 in MS15-115, 3081320 in MS15-121, and 3101246 in MS15-122. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.

MS13-082 - Critical
Vulnerabilities in .NET Framework Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/library/security/MS13-082
V1.2 (April 7, 2016): Corrected download links for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows 2008 R2. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.

:blink:

FYI...

- https://technet.microsoft.com/library/security/ms16-apr
April 12, 2016 - "This bulletin summary lists security bulletins released for April 2016...
(Total of -13-)

Microsoft Security Bulletin MS16-037 - Critical
Cumulative Security Update for Internet Explorer (3148531)
- https://technet.microsoft.com/library/security/MS16-037
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-038 - Critical
Cumulative Security Update for Microsoft Edge (3148532)
- https://technet.microsoft.com/library/security/MS16-038
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-039 - Critical
Security Update for Microsoft Graphics Component (3148522)
- https://technet.microsoft.com/library/security/MS16-039
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync.

Microsoft Security Bulletin MS16-040 - Critical
- https://technet.microsoft.com/library/security/MS16-040
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-041 - Important
Security Update for .NET Framework (3148789)
- https://technet.microsoft.com/library/security/MS16-041
Important - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS16-042 - Critical
Security Update for Microsoft Office (3148775)
- https://technet.microsoft.com/library/security/MS16-042
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS16-044 - Important
Security Update for Windows OLE (3146706)
- https://technet.microsoft.com/library/security/MS16-044
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-045 - Important
Security Update for Windows Hyper-V (3143118)
- https://technet.microsoft.com/library/security/MS16-045
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-046 - Important
Security Update for Secondary Logon (3148538)
- https://technet.microsoft.com/library/security/MS16-046
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-047 - Important
Security Update for SAM and LSAD Remote Protocols (3148527)
- https://technet.microsoft.com/library/security/MS16-047
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-048 - Important
Security Update for CSRSS (3148528)
- https://technet.microsoft.com/library/security/MS16-048
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-049 - Important
Security Update for HTTP.sys (3148795)
- https://technet.microsoft.com/library/security/MS16-049
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-050 - Critical
Security Update for Adobe Flash Player (3154132)
- https://technet.microsoft.com/library/security/MS16-050
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player
___

MS16-037: http://www.securitytracker.com/id/1035521
MS16-038: http://www.securitytracker.com/id/1035522
MS16-039: http://www.securitytracker.com/id/1035528
- http://www.securitytracker.com/id/1035529
- http://www.securitytracker.com/id/1035530
- http://www.securitytracker.com/id/1035531
- http://www.securitytracker.com/id/1035532
MS16-040: http://www.securitytracker.com/id/1035523
MS16-041: http://www.securitytracker.com/id/1035535
MS16-042: http://www.securitytracker.com/id/1035524
- http://www.securitytracker.com/id/1035525
MS16-044: http://www.securitytracker.com/id/1035536
MS16-045: http://www.securitytracker.com/id/1035538
MS16-046: http://www.securitytracker.com/id/1035541
MS16-047: http://www.securitytracker.com/id/1035534
MS16-048: http://www.securitytracker.com/id/1035544
MS16-049: http://www.securitytracker.com/id/1035546
MS16-050: http://securitytracker.com/id/1035527
___

- https://blogs.technet.microsoft.com/msrc/2016/04/12/april-2016-security-update-release/
April 12, 2016

Security Advisories:
Microsoft Security Advisory 3152550
Update to Improve Wireless Mouse Input Filtering
- https://technet.microsoft.com/library/security/3152550.aspx
April 12, 2016

April 2016 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2016/04/12/april-2016-office-update-release/
April 12, 2016 - "... This month, there are -23- security updates (2 bulletins) and -47- non-security updates. Security bulletins:
MS16-039: https://technet.microsoft.com/en-us/library/security/ms16-039.aspx
MS16-042: https://technet.microsoft.com/en-us/library/security/ms16-042.aspx
All of the security and non-security updates for April are listed in KB article KB3150264:
> https://support.microsoft.com/en-us/kb/3150264
A new version of Office 2013 Click-To-Run is available: 15.0.4815.1001
A new version of Office 2010 Click-To-Run is available: 14.0.7168.5000
For information on Office 365 Click-To-Run updates, see:
- https://technet.microsoft.com/en-us/mt465751
___

ISC Analysis
- https://isc.sans.edu/mspatchdays.html?viewday=2016-04-12
___

Qualys Analysis
- https://blog.qualys.com/laws-of-vulnerabilities/2016/04/12/22939
___

- https://www.us-cert.gov/ncas/current-activity/2016/04/12/Microsoft-Releases-April-2016-Security-Bulletin
April 12, 2016

.

FYI...

Patch -reliability- is unclear...

It’s NOT time to install Windows or Office updates
> http://www.askwoody.com/2016/its-not-time-to-install-windows-or-office-updates/
Apr 16, 2016 - "... Right now is a -bad-time- to install updates. Check back in a-week-or-two...
(Right now I’m waiting to see what MS does with KB3146706*, but other problems may well surface)..."

* https://support.microsoft.com/en-us/kb/3146706
Last Review: 04/12/2016 18:38:00 - Rev: 1.1
___

> http://www.askwoody.com/2016/win7-security-patch-kb3146706-causing-problems/
Apr 16, 2016 - "... lots of reports of MS16-044/KB3146706 throwing errors – most commonly blue screen 0x0000006B – that go away if the patch is removed..." (-aka- BSOD).
___

MS16-039: Description of the security update for Office 2010
- https://support.microsoft.com/en-us/kb/3114566
Last Review: 04/13/2016 00:37:00 - Rev: 2.0
"... Known issues in this security update:
After you install this security update, you may receive an error message that resembles the following when you try to start an Office application:
'The Windows installer service could not be accessed.'
To resolve this problem, do one of the following:
Option 1 On systems that have update 3139923* installed, make sure that update 3072630** is also installed.
Option 2 Uninstall update 3139923..."
Applies to:
Microsoft Office 2010 Service Pack 2

* https://support.microsoft.com/en-us/kb/3139923
Last Review: 03/15/2016 17:15:00 - Rev: 1.0

** https://support.microsoft.com/en-us/kb/3072630
Last Review: 12/14/2015 19:59:00 - Rev: 2.0

:fear::fear:

FYI...

Speed up Win7 scans for updates
- http://www.infoworld.com/article/3058260/microsoft-windows/heres-how-to-significantly-speed-up-windows-7-scans-for-updates.html
Apr 19, 2016 - "If you're experiencing Windows 7 update scans measured in hours - if not days... there's a newly discovered trick that -may- reduce scan times to minutes. It's an -unlikely- combination of two updates... Try it and see how it works on yours":
> http://www.askwoody.com/2016/possible-fix-for-the-abysmally-slow-windows-7-update-scans/comment-page-3/#comment-80655
"I needed to install a COMBINATION of the following updates on Win7 SP1 – KB3138612* AND KB3145739**. I found out that patching KB3145739 alone without patching the WU Client for Win7 SP1 is not enough...
Microsoft did -not- bother patching the WU client app for Vista SP2..."

Windows Update Client for Windows 7 and Windows Server 2008 R2
* https://support.microsoft.com/en-us/kb/3138612
Last Review: 03/08/2016 18:22:00 - Rev: 2.0

MS16-039: Description of the security update for Windows Graphics Component
** https://support.microsoft.com/en-us/kb/3145739
Last Review: 04/12/2016 17:54:00 - Rev: 1.0

... YMMV.
___

MS16-044: Security Update for Windows OLE
> https://support.microsoft.com/en-us/kb/3146706
Last Review: 04/12/2016 18:38:00 - Rev: 1.1

... now "unchecked" but still listed on 'Windows Update' list (??)

:spider:

FYI...

MS releases 24 'optional' patches
- http://www.infoworld.com/article/3059578/microsoft-windows/microsoft-releases-24-optional-windows-patches.html
Apr 21, 2016 - "The official Windows Update list[1] says -24- patches were released on April 19. But it seems only two of them - KB 3138378* and 3140245** - were released that day, and the rest came out on April 20. The list itself wasn't updated until April 20... Three of the patches -fix-problems- with earlier security patches..."
1] https://support.microsoft.com/en-us/kb/894199
Last Review: 04/20/2016 19:08:00 - Rev: 1.0

Update for Journal.dll binary in Windows
* https://support.microsoft.com/en-us/kb/3138378
Last Review: 04/20/2016 04:55:00 - Rev: 3.0

A new registry key enables TLS 1.1 and TLS 1.2 to default to secure protocols in WinHTTP in Windows
** https://support.microsoft.com/en-us/kb/3140245
Last Review: 04/20/2016 04:43:00 - Rev: 3.0

(-More- listed w/details at the infoworld URL above.)

:fear::fear:

FYI...

KB3148812 breaks WSUS server - DO NOT INSTALL
- https://myonlinesecurity.co.uk/kb3148812-breaks-wsus-server/
22 Apr 2016 - "We are seeing loads of reports of KB3148812* -breaks- WSUS server. This update is supposed to prepare WSUS (Windows Software Update Services) to be able to install W10 updates from the WSUS server. It is described as Update enables ESD decryption provision in WSUS in Windows Server 2012 and Windows Server 2012 R2. Update enables ESD decryption provision in WSUS in Windows Server 2012 and Windows Server 2012 R2..."

Update enables ESD decryption provision in WSUS in Windows Server 2012 and Windows Server 2012 R2
* https://support.microsoft.com/en-us/kb/3148812
Last Review: 04/20/2016 04:45:00 - Rev: 3.0

What you need to know about KB3148812
** http://blogs.technet.com/b/wsus/archive/2016/04/22/what-you-need-to-know-about-kb3148812.aspx
21 Apr 2016 - "... We try not to require post-update manual effort whenever possible, and unfortunately in this case it was unavoidable. This post describes the symptoms you’ll see, details how to resolve them, and then provides some background on this change... it requires some additional manual steps to be taken afterward in order to realign the moving parts of the system. More information on that will be available via the KB article and this blog later-this-week." ??
___

Hold Off on Deploying KB3148812 for Now
>> http://windowsitpro.com/patch-tuesday/hold-deploying-kb3148812-now
Apr 20, 2016
> http://blogs.technet.com/b/wsus/archive/2016/04/20/known-issues-with-kb3148812.aspx
___

Botched WSUS patch KB 3148812 throws errors 80244019, 80244008, 8024401f
Two days after the patch rolled out, Microsoft provided instructions for dealing with reported problems - but the new fixes don't work either
- http://www.infoworld.com/article/3060241/microsoft-windows/botched-wsus-patch-kb-3148812-still-throws-errors-80244019-80244008-and-8024401f.html
Apr 22, 2016 - "... Big problem: The new fixes don't work. A tirade of complaints on the TechNet forum said the manual fixes that Microsoft offered after the fact don't fix the patch. Win10 PCs attached to the patched WSUS server still couldn't see the server. Clients are reporting errors 80244007, 80244019, 80244008, and 8024401f..."

DO NOT roll out KB3148812
___

Buggy Office 2013 patch KB 3114941
Crashes in Lync and Outlook lead to Microsoft's -fourth- official recall of a Click-to-Run version of Office in the past four months
- http://www.infoworld.com/article/3060457/patch-management/microsoft-ackowledges-problems-with-buggy-office-2013-patch-kb-3114941.html
Apr 22, 2016

Lync 2013 (Skype for Business) or Outlook 2013 Crash
- https://support.microsoft.com/en-us/kb/3158521
Last Review: 04/22/2016 22:03:00 - Rev: 6.0
"Symptoms: After you install the April 5, 2016, update for Outlook 2013 (KB3114941*), you may experience random crashes of Microsoft Lync 2013 (Skype for Business) or Microsoft Outlook 2013, or both. When this issue occurs, you may find an Application Error...
Workaround:
Method 1: -Uninstall- the April 2016 Outlook update...
> https://support.microsoft.com/en-us/kb/3114941
Last Review: 04/22/2016 19:40:00 - Rev: 3.0
"Known issue: After you install this update, you may experience frequent crashes in Outlook 2013 and Skype for Business 2013. If this behavior occurs, uninstall the update...
> Click-to-Run based Installations: Revert to the March 2016 version of Office 2013 by following the steps in the following article in the Microsoft Knowledge Base:
2770432 How to revert to an earlier version of Office 2013 or Office 2016 Click-to-Run
- https://support.microsoft.com/en-us/kb/2770432
Last Review: 02/29/2016 08:38:00 - Rev: 6.0 "

:fear::fear:

FYI...

Updated: April 2016 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2016/04/12/april-2016-office-update-release/
Apr 29, 2016 - "A new build of Office 2013 Click-To-Run – 15.0.4815.1002 – is available now. This build fixes an intermittent -crash- that may occur in Outlook or Skype for Business (see KB 3158521*). To get this build, you can either wait until you are prompted to update, or go to
File > Account and select Update Options > Update Now."

* https://support.microsoft.com/en-us/kb/3158521
Last Review: 04/28/2016 17:11:00 - Rev: 7.0
Applies to:
Microsoft Lync 2013
Skype for Business 2015
Microsoft Outlook 2013
___

Win10 nagware patch KB 3035583 back on Win7 PCs
- http://www.infoworld.com/article/3065293/microsoft-windows/windows-10-nagware-patch-kb-3035583-back-on-windows-7-pcs.html
May 3, 2016

Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
> https://support.microsoft.com/en-us/kb/3035583
Last Review: 03/23/2016 18:07:00 - Rev: 11.0
Applies to:
Windows 8.1 Pro
Windows 8.1
Windows 7 Service Pack 1

:fear:

FYI...

- https://technet.microsoft.com/en-us/library/security/ms16-May
May 10, 2016 - "This bulletin summary lists security bulletins released for May 2016...
(Total of -16-)

Microsoft Security Bulletin MS16-051 - Critical
Cumulative Security Update for Internet Explorer (3155533)
- https://technet.microsoft.com/library/security/MS16-051
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-052 - Critical
Cumulative Security Update for Microsoft Edge (3155538)
- https://technet.microsoft.com/library/security/MS16-052
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-053 - Critical
Cumulative Security Update for JScript and VBScript (3156764)
- https://technet.microsoft.com/library/security/MS16-053
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-054 - Critical
Security Update for Microsoft Office (3155544)
- https://technet.microsoft.com/library/security/MS16-054
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Svcs and Web Apps

Microsoft Security Bulletin MS16-055 - Critical
Security Update for Microsoft Graphics Component (3156754)
- https://technet.microsoft.com/library/security/MS16-055
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-056 - Critical
Security Update for Windows Journal (3156761)
- https://technet.microsoft.com/library/security/MS16-056
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-057 - Critical
Security Update for Windows Shell (3156987)
- https://technet.microsoft.com/library/security/MS16-057
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-058 - Important
Security Update for Windows IIS (3141083)
- https://technet.microsoft.com/library/security/MS16-058
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-059 - Important
Security Update for Windows Media Center (3150220)
- https://technet.microsoft.com/library/security/MS16-059
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-060 - Important
Security Update for Windows Kernel (3154846)
- https://technet.microsoft.com/library/security/MS16-060
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-061 - Important
Security Update for Microsoft RPC (3155520)
- https://technet.microsoft.com/library/security/MS16-061
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-062 - Important
Security Update for Windows Kernel-Mode Drivers (3158222)
- https://technet.microsoft.com/library/security/MS16-062
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-064 - Critical
Security Update for Adobe Flash Player (3157993)
- https://technet.microsoft.com/library/security/MS16-064
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player
V2.0 (May 13, 2016): Bulletin revised to announce the release of update 3163207 to address the vulnerabilities included in Adobe Security Bulletin APSB16-15. Note that update 3163207 replaces the update previously released in this bulletin (update 3157993). Microsoft strongly recommends that customers install update 3163207 to help be protected from the vulnerabilities described in Adobe Security Bulletin APSB16-15.

Microsoft Security Bulletin MS16-065 - Important
Security Update for .NET Framework (3156757)
- https://technet.microsoft.com/library/security/MS16-065
Important - Information Disclosure - May require restart - Microsoft Windows, .NET Framework

Microsoft Security Bulletin MS16-066 - Important
Security Update for Virtual Secure Mode (3155451)
- https://technet.microsoft.com/library/security/MS16-066
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-067 - Important
Security Update for Volume Manager Driver (3155784)
- https://technet.microsoft.com/library/security/MS16-067
Important - Information Disclosure - May require restart - Microsoft Windows
___

- https://blogs.technet.microsoft.com/msrc/2016/05/10/may-2016-security-update-release/
May 10, 2016

Microsoft Security Advisory 3155527
Update to Cipher Suites for FalseStart
- https://technet.microsoft.com/library/security/3155527.aspx
May 10, 2016

May 2016 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2016/05/10/may-2016-office-update-release/
May 10, 2016 - "... This month, there are -15- security updates (1 bulletin) and -44- non-security updates.
Security bulletins: MS16-054: https://technet.microsoft.com/en-us/library/security/ms16-054.aspx
All of the security and non-security updates for March are listed in KB article 3158453:
> https://support.microsoft.com/en-us/kb/3158453
A new version of Office 2013 Click-To-Run is available: 15.0.4823.1002
A new version of Office 2010 Click-To-Run is available: 14.0.7169.5000
For information on Office 365 Click-To-Run updates, see Office 365 client update branch releases:
> https://technet.microsoft.com/en-us/mt465751

May 2016 Non-Security Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2016/05/03/may-2016-non-security-office-update-release/
May 3, 2016
___

MS16-051: http://www.securitytracker.com/id/1035820
MS16-052: http://www.securitytracker.com/id/1035821
MS16-053: http://www.securitytracker.com/id/1035822
MS16-054: http://www.securitytracker.com/id/1035819
MS16-055: http://www.securitytracker.com/id/1035823
MS16-056: http://www.securitytracker.com/id/1035824
MS16-057: http://www.securitytracker.com/id/1035825
MS16-058: http://www.securitytracker.com/id/1035834
MS16-059: http://www.securitytracker.com/id/1035832
MS16-060: http://www.securitytracker.com/id/1035833
MS16-061: http://www.securitytracker.com/id/1035837
MS16-062: http://www.securitytracker.com/id/1035841
MS16-064:
MS16-065: http://www.securitytracker.com/id/1035842
MS16-066: http://www.securitytracker.com/id/1035843
MS16-067: http://www.securitytracker.com/id/1035844
___

ISC Analysis
- https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10
2016-05-10

Qualys Analysis
- https://blog.qualys.com/laws-of-vulnerabilities/2016/05/10/patch-tuesday-may-2015-2
May 10, 2016

.

FYI...

MS Security Bulletin MS16-064 - Critical
Security Update for Adobe Flash Player (3157993)
- https://technet.microsoft.com/library/security/MS16-064
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player
V2.0 (May 13, 2016): Bulletin revised to announce the release of update 3163207 to address the vulnerabilities included in Adobe Security Bulletin APSB16-15. Note that update 3163207 replaces the update previously released in this bulletin (update 3157993). Microsoft strongly recommends that customers install update 3163207* to help be protected from the vulnerabilities described in Adobe Security Bulletin APSB16-15.
> https://support.microsoft.com/en-us/kb/3163207
Applies to:
Windows 10
Windows 10 Version 1511
Windows Server 2012 R2 Datacenter
Windows Server 2012 R2 Standard
Windows Server 2012 R2 Essentials
Windows Server 2012 R2 Foundation
Windows 8.1 Enterprise
Windows 8.1 Pro
Windows 8.1
Windows RT 8.1
Windows Server 2012 Datacenter
Windows Server 2012 Standard
Windows Server 2012 Essentials
Windows Server 2012 Foundation

:fear::fear:

FYI...

MS Security Bulletin MS16-035 - Important
Security Update for .NET Framework to Address Security Feature Bypass (3141780)
- https://technet.microsoft.com/en-us/library/security/MS16-035
V2.0 (May 10, 2016): Revised bulletin to announce the security updates for Microsoft .NET Framework 4.5.2 and Microsoft .NET Framework 4.6/4.6.1 have been rereleased to address issues with certain printing scenarios. The rereleases are available via Windows Update and the Microsoft Update Catalog. Note that this re-release applies only to LDR (Limited Distribution Release) customers. GDR (General Distribution Release) customers are not affected. For more information about the specific security updates that were re-released, see the Update FAQs section of this bulletin (MS16-035).
V2.1 (May 18, 2016): Revised bulletin to clarify the distribution audience for the Microsoft .NET Framework 4.5.2 and Microsoft .NET Framework 4.6/4.6.1 security updates that were re-released on May 10, 2016, as follows: The security updates for Microsoft .NET Framework 4.5.2 have been re-released to Limited Distribution Release (LDR) customers only. The security updates for Microsoft .NET Framework 4.6/4.6.1 have been re-released to all customers.
___

MS Security Advisory 2880823
Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program
- https://technet.microsoft.com/en-us/library/security/2880823
V2.0 (May 18, 2016): Advisory updated to provide links to the current information regarding the use of the SHA1 hashing algorithm for the purposes of SSL and code signing. For more information, see Windows Enforcement of Authenticode Code Signing and Timestamping*.
* http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx
___

Convenience rollup update for Windows 7 SP1 and Windows Server 2008 R2 SP1
- https://support.microsoft.com/en-us/kb/3125574
Last Review: 05/17/2016 17:38:00 - Rev: 1.0
Cautionary note - see: "... Known issue in this convenience rollup..."

> https://blogs.technet.microsoft.com/windowsitpro/2016/05/17/simplifying-updates-for-windows-7-and-8-1/
May 17, 2016

MSI repair doesn't work when MSI source is installed on an HTTP share in Windows
- https://support.microsoft.com/en-us/kb/3139923
Last Review: 05/17/2016 19:43:00 - Rev: 3.0

>> http://www.infoworld.com/article/3071689/microsoft-windows/new-windows-7-and-81-patches-usher-in-the-future-of-rollup-updating.html
May 18, 2016

:fear::fear:

FYI...

MS 'tactics' upgrading people to Win10
- https://bgr.com/2016/05/25/microsoft-windows-10-upgrade-trick/
May 25, 2016 - "For months now, Microsoft has done everything in its power to shove Windows 10 down your throat. The 'free' update is mandatory at this point, and we’ve heard from many Windows users who discovered their computers updated to the newest version automatically, -without- their knowledge or explicit permission. Microsoft kept offering excuses for these annoying occurrences, and even said it will stop pushing upgrades to Windows users refuse to hop aboard the Windows 10 train. Now, the company has come up with its most evil trick yet to get you to update your PC to Windows 10, and it’s based on the same methodology hackers use to trick people into installing malware. 'Pop-ups' often appear when you visit 'malicious' websites and when you click the “X” to close them, malware is installed on your computer. Well, Microsoft just tweaked its 'Windows 10 upgrade alert pop-up' so that the update is triggered when clicking the X, PC World explains:
> http://www.pcworld.com/article/3073457/windows/how-microsofts-nasty-new-windows-10-pop-up-tricks-you-into-upgrading.html
May 22, 2016
>> https://boygeniusreport.files.wordpress.com/2016/05/microsoft-windows-10-upgrade-x-button-popup-alert.jpg
The Get Windows X app that pushes the update prompt has recently changed the behavior of the “X” button. Earlier, users would have been able to dismiss the pop-up by pressing the button, as you would expect. But you can’t do that anymore. Pressing the X now has a different function. It tells the company you’re happy to have your computer updated at the time shown inside the pop-up. The only way to get rid of it is to change the update time manually. But of course, that’s not intuitive at all and many people are about to be tricked into upgrading. The trick is disingenuous at best, since Microsoft isn’t technically doing anything wrong. It’s just turning the function of the X button from “close and do nothing” to “close and upgrade later.” You know, without explaining this tiny change to anyone. Come July 29th, Microsoft will stop prompting users to upgrade, Business Insider reminds us*, so make sure you change your Windows 10 upgrade time to August or later!"
* http://www.businessinsider.com/windows-10-pop-ups-tricking-users-into-upgrading-x-2016-5

>> https://www.youtube.com/watch?v=VMPeTrHNX1U
Apr 27, 2016

>> http://core0.staticworld.net/images/article/2016/05/gwx-new-100662456-orig.png
May 22, 2016
???

>> http://windowssecrets.com/patch-watch/getting-ready-or-not-for-windows-10/
May 25, 2016

:fear::fear::fear:

FYI...

MS Security Bulletin MS16-003 - Critical
Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540)
- https://technet.microsoft.com/en-us/library/security/MS16-003
V1.1 (May 25, 2016): Removed redundant rows from the Vulnerability Severity Rating and Maximum Security Impact by Affected Software table, and added the applicable update numbers for clarity. This is an informational change only.
___

Microsoft Security Bulletin MS15-126 - Critical
Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178)
- https://technet.microsoft.com/en-us/library/security/MS15-126
V1.1 (May 25, 2016): Removed redundant rows from the Vulnerability Severity Rating and Maximum Security Impact by Affected Software table, and added the applicable update numbers for clarity. This is an informational change only.
___

Update installs 'Get Windows 10 app' in Windows 8.1 and Windows 7 SP1
- https://support.microsoft.com/en-us/kb/3035583
Last Review: 05/25/2016 17:40:00 - Rev: 14.0

>> http://windowssecrets.com/patch-watch/getting-ready-or-not-for-windows-10/
May 25, 2016

GWX Control Panel
> http://blog.ultimateoutsider.com/2015/08/using-gwx-stopper-to-permanently-remove.html
Version: 1.7.4.1
April 1, 2016
> http://blog.ultimateoutsider.com/2016/03/gwx-control-panel-release-notes-and.html

:fear::fear::fear:

FYI...

- https://technet.microsoft.com/en-us/library/security/ms16-jun
June 14, 2016 - "This bulletin summary lists security bulletins released for June 2016...
(Total of -16-)

Microsoft Security Bulletin MS16-063 - Critical
Cumulative Security Update for Internet Explorer (3163649)
- https://technet.microsoft.com/library/security/MS16-063
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-068 - Critical
Cumulative Security Update for Microsoft Edge (3163656)
- https://technet.microsoft.com/library/security/MS16-068
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-069 - Critical
Cumulative Security Update for JScript and VBScript (3163640)
- https://technet.microsoft.com/library/security/MS16-069
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-070 - Critical
Security Update for Microsoft Office (3163610)
- https://technet.microsoft.com/library/security/MS16-070
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS16-071 - Critical
Security Update for Microsoft Windows DNS Server (3164065)
- https://technet.microsoft.com/library/security/MS16-071
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-072 - Important
Security Update for Group Policy (3163622)
- https://technet.microsoft.com/library/security/MS16-072
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-073 - Important
Security Update for Windows Kernel-Mode Drivers (3164028)
- https://technet.microsoft.com/library/security/MS16-073
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-074 - Important
Security Update for Microsoft Graphics Component (3164036)
- https://technet.microsoft.com/library/security/MS16-074
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-075 - Important
Security Update for Windows SMB Server (3164038)
- https://technet.microsoft.com/library/security/MS16-075
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-076 - Important
Security Update for Netlogon (3167691)
- https://technet.microsoft.com/library/security/MS16-076
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-077 - Important
Security Update for WPAD (3165191)
- https://technet.microsoft.com/library/security/MS16-077
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-078 - Important
Security Update for Windows Diagnostic Hub (3165479)
- https://technet.microsoft.com/library/security/MS16-078
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-079 - Important
Security Update for Microsoft Exchange Server (3160339)
- https://technet.microsoft.com/library/security/MS16-079
Important - Elevation of Privilege - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-080 - Important
Security Update for Microsoft Windows PDF (3164302)
- https://technet.microsoft.com/library/security/MS16-080
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-081 - Important
Security Update for Active Directory (3160352)
- https://technet.microsoft.com/library/security/MS16-081
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-082 - Important
Security Update for Microsoft Windows Search Component (3165270)
- https://technet.microsoft.com/library/security/MS16-082
Important - Denial of Service - Requires restart - Microsoft Windows
___

- https://blogs.technet.microsoft.com/msrc/2016/06/14/june-2016-security-update-release/
June 14, 2016

- https://technet.microsoft.com/en-us/library/security/mt631688.aspx

June 2016 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2016/06/14/june-2016-office-update-release/
June 14, 2016 - "... there are 22 security updates (1 bulletin) and 46 non-security updates.
Security bulletins:
MS16-070: https://technet.microsoft.com/en-us/library/security/ms16-070.aspx
All of the security and non-security updates for June are listed in KB article 3166910*
* http://support.microsoft.com/kb/3166910
A new version of Office 2013 Click-To-Run is available: 15.0.4833.1001
A new version of Office 2010 Click-To-Run is available: 14.0.7170.5000
For information on Office 365 Click-To-Run updates, see Office 365 client update branch releases:
- https://technet.microsoft.com/en-us/mt465751
___

MS16-063: http://www.securitytracker.com/id/1036096
MS16-068: http://www.securitytracker.com/id/1036099
MS16-069: http://www.securitytracker.com/id/1036097
MS16-070: http://www.securitytracker.com/id/1036093
MS16-071: http://www.securitytracker.com/id/1036095
MS16-072: http://www.securitytracker.com/id/1036100
MS16-073: http://www.securitytracker.com/id/1036109
MS16-074: http://www.securitytracker.com/id/1036101
MS16-075: http://www.securitytracker.com/id/1036110
MS16-076: http://www.securitytracker.com/id/1036103
MS16-077: http://www.securitytracker.com/id/1036104
MS16-078: http://www.securitytracker.com/id/1036105
MS16-079: http://www.securitytracker.com/id/1036106
MS16-080:
MS16-081: http://www.securitytracker.com/id/1036108
MS16-082: http://www.securitytracker.com/id/1036102
___

ISC Analysis
- https://isc.sans.edu/mspatchdays.html?viewday=2016-06-14
2016-06-14

Qualys Analysis
- https://blog.qualys.com/laws-of-vulnerabilities/2016/06/14/patch-tuesday-june-2016
June 14, 2016 - "... 16 bulletins fixing over 40 distinct vulnerabilities (CVEs). It brings up the half-year total to 81 which projects to a total of over 160 bulletins for 2016, a new record in terms of patches for the last decade..."

.

FYI...

Microsoft Security Bulletin MS16-039 - Critical
Security Update for Microsoft Graphics Component (3148522)
- https://technet.microsoft.com/library/security/ms16-039.aspx
V3.0 (June 14, 2016): Microsoft has re-released security update 3144427 for affected editions of Microsoft Lync 2010 and Microsoft Lync 2010 Attendee. The re-release addresses issues customers might have experienced downloading security update 3144427. Customers running Microsoft Lync 2010 should install the update to be fully protected from the vulnerability. See Microsoft Knowledge Base Article 3144427* for more information.
* https://support.microsoft.com/en-us/kb/3144427
Last Review: 05/31/2016 00:46:00 - Rev: 4.0
___

Cumulative update for Windows 10
- https://support.microsoft.com/en-us/kb/3163017
Last Review: 06/14/2016 18:16:00 - Rev: 1.0
___

MS16-072 patch/update borks Group Policy...
- http://www.theregister.co.uk/2016/06/15/microsoft_fix_borks_group_policy/
15 Jun 2016 - "... most recent security update is causing problems with Windows Group Policy settings.
Users on Reddit* and Microsoft support forums** are reporting that after the MS16-072 update was installed, changes were made in Group Policy object (GPO) settings that left previously hidden drives and devices accessible..."
* https://www.reddit.com/r/sysadmin/comments/4o78yo/kb3159398_or_kb3164033_seems_to_remove_all/

** https://social.technet.microsoft.com/Forums/en-US/e2ebead9-b30d-4789-a151-5c7783dbbe34/patch-tuesday-kb3159398?forum=winserverGP

MS16-072: Security update for Group Policy
- https://support.microsoft.com/en-gb/kb/3163622
Last Review: 06/16/2016 21:06:00 - Rev: 4.0
Applies to:
Windows 10 ...
Windows Server 2012 ...
Windows 8.1 ...
Windows Server 2008 ...
Windows 7 SP1
Windows Vista SP2...
[ Known issues:
MS16-072 changes the security context with which user group policies are retrieved. This 'by-design' behavior change protects customers’ computers from a security vulnerability. Before MS16-072 is installed, user group policies were retrieved by using the user’s security context. After MS16-072 is installed, user group policies are retrieved by using the machines security context. This issue is applicable for the following KB articles:
• https://support.microsoft.com/en-us/kb/3159398 - MS16-072: Description of the security update for Group Policy: June 14, 2016
• https://support.microsoft.com/en-us/kb/3163017 - Cumulative update for Windows 10: June 14, 2016
• https://support.microsoft.com/en-us/kb/3163018 - Cumulative update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: June 14, 2016
• https://support.microsoft.com/en-us/kb/3163016 - Cumulative Update for Windows Server 2016 Technical Preview 5: June 14 2016
Symptoms: All user Group Policy, including those that have been security filtered on user accounts or security groups, or both, may fail to apply on domain joined computers.
Cause: This issue may occur if the Group Policy Object is missing the Read permissions for the Authenticated Users group or if you are using security filtering and are missing Read permissions for the domain computers group.
Resolution: To resolve this issue, use the Group Policy Management Console (GPMC.MSC) and follow one of the following steps:
Add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO).
If you are using security filtering, add the Domain Computers group with read permission. ]
> https://blogs.technet.microsoft.com/poshchap/2016/06/16/ms16-072-known-issue-use-powershell-to-check-gpos/
June 16, 2016

>> https://social.technet.microsoft.com/Forums/en-US/e2ebead9-b30d-4789-a151-5c7783dbbe34/patch-tuesday-kb3159398?forum=winserverGP
"... uninstalled this update and rebooted, everything was back to normal..."

Related: MS16-072: Description of the security update for Group Policy
> https://support.microsoft.com/en-us/kb/3159398
Last Review: 06/16/2016 21:18:00 - Rev: 2.0
See "Known issues"

> https://support.microsoft.com/en-us/kb/3163016
Last Review: 06/16/2016 21:09:00 - Rev: 2.0
Applies to: Windows Server 2016
See "Known issues"
> https://support.microsoft.com/en-us/kb/3163017
Last Review: 06/16/2016 21:14:00 - Rev: 2.0
Applies to: Windows 10
See "Known issues"
> https://support.microsoft.com/en-us/kb/3163018
Last Review: 06/15/2016 08:02:00 - Rev: 2.0
Applies to: Windows Server 2016... Windows 10

:fear:

FYI...

MS16-083: Security update for Adobe Flash Player
- https://support.microsoft.com/en-us/kb/3167685
Last Review: 06/16/2016 17:19:00 - Rev: 1.0
Applies to:
Windows 10 ...
Windows Server 2012 ...
Windows 8.1 ...

>> https://forums.spybot.info/showthread.php?12890-Adobe-updates-advisories&p=470902&viewfull=1#post470902

:fear::fear:

FYI... Win7SP1 - WinSvr2008R2 updates revised

June 2016 update rollup for Win7SP1 and Windows Svr 2008 R2 SP1
- https://support.microsoft.com/en-us/kb/3161608
Last Review: 06/22/2016 10:00:00 - Rev: 2.0
"The June 2016 update rollup package for Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1 fixes issues and includes performance and reliability improvements. We recommend that you apply this update rollup as part of your regular maintenance routines...
Method 1: Windows Update: This update is provided as an -Optional- update on Windows Update..."

>> http://www.infoworld.com/article/3086811/microsoft-windows/microsoft-releases-kb-3161647-kb-3161608-to-fix-slow-windows-7-update-scans.html
Jun 22, 2016
___

Windows Update Client for Win7 and Windows Svr 2008 R2
- https://support.microsoft.com/en-us/kb/3161647
Last Review: 06/21/2016 17:25:00 - Rev: 2.0
"This update contains some improvements to Windows Update Client in Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This includes the following:
• An optimization that addresses long scan time for updates that's reported on some computers.
• Fix for a Windows Update error 0x8007000E on some computers while they are updating.
• Some reliability improvements..."

:fear::fear:

FYI...

Compatibility update for upgrading Windows 7
- https://support.microsoft.com/en-us/kb/2952664
Last Review: 07/05/2016 16:22:00 - Rev: 23.0
Applies to:
Windows 7 SP1
___

Compatibility update for Windows 8.1 and Windows 8
- https://support.microsoft.com/en-us/kb/2976978
Last Review: 07/05/2016 16:23:00 - Rev: 27.0
Applies to:
Windows 8.1 Enterprise, Windows 8.1, Windows 8.1 Pro, Windows 8 Enterprise, Windows 8, Windows 8 Pro
___

> http://www.infoworld.com/article/3091875/microsoft-windows/four-new-windows-patches-to-avoid-kb-2952664-2976978-2977759-and-windows-journal-3170735.html
Jul 6, 2016

- https://support.microsoft.com/en-us/kb/2977759
Last Review: 07/05/2016 16:24:00 - Rev: 23.0
Applies to:
Windows 7 Enterprise, Windows 7 Home Premium, Windows 7 Home Basic, Windows 7 Professional, Windows 7 Starter, Windows 7 Ultimate

Update for Journal.dll binary in Windows
- https://support.microsoft.com/en-us/kb/3138378
Last Review: 05/10/2016 17:25:00 - Rev: 4.0
Applies to:
Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows RT 8.1, Windows Server 2012 Datacenter, Windows Server 2012 Standard, Windows Server 2012 Essentials, Windows Server 2012 Foundation, Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1, Windows Server 2008 Service Pack 2, Windows Vista Service Pack 2

:fear::fear:

FYI...

July 2016 'Non-Security' Office Update Release
> https://blogs.technet.microsoft.com/office_sustained_engineering/2016/07/05/july-2016-non-security-office-update-release/
July 5, 2016
"Listed below are the non-security updates we released on Microsoft Update and the Download Center today. See the linked KB articles for more information.
Office 2007: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3115307)*
Office 2010: Definition Update for Microsoft Office 2010 (KB3115321)**
Office 2013 ...
Office 2016 ..."

* https://support.microsoft.com/en-us/kb/3115307
Last Review: 07/05/2016 16:32:00 - Rev: 1.0

** https://support.microsoft.com/en-us/kb/3115321
Last Review: 07/05/2016 16:33:00 - Rev: 1.0
___

MS posts -more- details for botched permissions in MS16-072
- http://www.infoworld.com/article/3092236/microsoft-windows/microsoft-posts-more-details-for-botched-permissions-in-ms16-072.html
Jul 6, 2016 - "... The patch caused problems, though - not with client-side computers, but in the way admins have set permissions for Group Policies - on the server side..."

:spider:

FYI...

- https://technet.microsoft.com/library/security/ms16-jul
July 12, 2016
MS16-084 – MS16-094
(Total of -11-)

Microsoft Security Bulletin MS16-084 - Critical
Cumulative Security Update for Internet Explorer (3169991)
- https://technet.microsoft.com/library/security/MS16-084
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-085 - Critical
Cumulative Security Update for Microsoft Edge (3169999)
- https://technet.microsoft.com/library/security/MS16-085
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-086 - Critical
Cumulative Security Update for JScript and VBScript (3169996)
- https://technet.microsoft.com/library/security/MS16-086
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-087 - Critical
Security Update for Windows Print Spooler Components (3170005)
- https://technet.microsoft.com/library/security/MS16-087
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-088 - Critical
Security Update for Microsoft Office (3170008)
- https://technet.microsoft.com/library/security/MS16-088
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS16-089 - Important
Security Update for Windows Secure Kernel Mode (3170050)
- https://technet.microsoft.com/library/security/MS16-089
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-090 - Important
Security Update for Windows Kernel-Mode Drivers (3171481)
- https://technet.microsoft.com/library/security/MS16-090
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-091 - Important
Security Update for .NET Framework (3170048)
- https://technet.microsoft.com/library/security/MS16-091
Important - Information Disclosure - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS16-092 - Important
Security Update for Windows Kernel (3171910)
- https://technet.microsoft.com/library/security/MS16-092
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-093 - Critical
Security Update for Adobe Flash Player (3174060)
- https://technet.microsoft.com/library/security/MS16-093
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player

Microsoft Security Bulletin MS16-094 - Important
Security Update for Secure Boot (3177404)
- https://technet.microsoft.com/library/security/MS16-094
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___

July 2016 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2016/07/12/july-2016-office-update-release/
July 12, 2016 - "... This month, there are -26- security updates (1 bulletin) and -41- non-security updates.
Security bulletins: MS16-088: https://technet.microsoft.com/en-us/library/security/ms16-088.aspx
All of the security and non-security updates for June are listed in KB article 3173835* ..."
* https://support.microsoft.com/en-us/kb/3173835
Last Review: 07/12/2016 16:32:00 - Rev: 1.0
___

MS16-084: http://www.securitytracker.com/id/1036283
MS16-085: http://www.securitytracker.com/id/1036286
MS16-086: http://www.securitytracker.com/id/1036282
MS16-087: http://www.securitytracker.com/id/1036277
MS16-088: http://www.securitytracker.com/id/1036274
- http://www.securitytracker.com/id/1036275
MS16-089: http://www.securitytracker.com/id/1036287
MS16-090: http://www.securitytracker.com/id/1036288
MS16-091: http://www.securitytracker.com/id/1036291
MS16-092: http://www.securitytracker.com/id/1036289
MS16-093:
MS16-094: http://www.securitytracker.com/id/1036290
___

ISC Analysis: https://isc.sans.edu/diary.html?storyid=21249
2016-07-12: https://isc.sans.edu/mspatchdays.html?viewday=2016-07-12

Qualys Analysis: https://blog.qualys.com/laws-of-vulnerabilities/2016/07/12/patch-tuesday-july-2016-microsoft-and-adobe
July 12, 2016 - "... 11 security updates that affect a host of desktop and server systems. Six updates are categorized as Critical while the rest are categorized as Important. All critical updates released today affect desktop systems. Top priority should be given to fixing browsers and Office which includes MS16-084 that affects Internet Explorer, MS16-085 which affects Microsoft Edge and MS16-088 for Office. All three updates fix vulnerabilities that allow an attacker to take complete control of the victim’s machine and therefore these should be patched immediately... Adobe Reader is back after being dormant for three months. Adobe has released APSB16-26 which fixes 30 vulnerabilities on Windows and Mac platforms. Many vulnerabilities fixed by APSB16-26 allows an attacker to take complete control of the victim machine and we recommend applying patch for this critical issue as soon as possible. This is the third Acrobat Reader fix in 2016 while the count of Adobe Flash is more than double. Adobe has also released an update for its Flash Player – APSB16-25 which fixes -52- vulnerabilities... we recommend applying the Flash and Reader update immediately..."

.

FYI...

Update installs 'Get Windows 10 app' in Win8.1 and Win7SP1
- https://support.microsoft.com/en-us/kb/3035583
Last Review: 07/19/2016 20:10:00 - Rev: 16.0
Applies to:
Windows 8.1 Pro
Windows 8.1
Windows 7 SP1

Win10 NAG screen: http://core0.staticworld.net/images/article/2016/06/dont-miss-out-100669527-large.idge.jpg
___

GWX Control Panel
> http://ultimateoutsider.com/downloads/
"... disable 'Upgrade to Windows 10' behavior in the Windows Update control panel"

- http://www.infoworld.com/article/3097521/microsoft-windows/last-gasp-microsoft-updates-get-windows-10-nagster-kb-3035583-yet-again.html
Jul 20, 2016

:fear::fear:

FYI...

Update for Windows Journal component removal
- https://support.microsoft.com/en-us/kb/3161102
Article ID: 3161102 - Last Review: 07/29/2016 03:01:00 - Rev: 2.0
Applies to:
Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows 7 Service Pack 1
"Known issues in this update: This update does not work on Windows Embedded 7 and should not be installed on that operating system.
Remove Windows Journal Component: This update removes the Windows Journal component. We recommend that all users install this update immediately..."
___

Windows 10 upgrade stuck at 99 percent? Here are your options
- http://www.infoworld.com/article/3101726/microsoft-windows/windows-10-upgrade-stuck-at-99-percent-here-are-your-options.html
Jul 28, 2016

> http://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/windows-10-upgrade-assistant-is-stuck-at-99/1708a411-3255-4bec-804a-d2553f2fd645
___

Excel Workbooks may not open after installing MS16-088
- https://blogs.technet.microsoft.com/the_microsoft_excel_support_team_blog/2016/07/22/excel-workbooks-may-not-open-after-installing-ms16-088/
"... Update 7/28/2016
Update: Our dev team is working on options to preserve security and assist customers with their workflow. Currently we do not have any further workarounds.
Additional background: The security update changed how Excel handles documents that are opened from untrusted locations (such the Internet zone) which are not supported in Protected View, such as HTML/XML/XLA files. Opening them without Protected View has led to a security vulnerability, and therefore files open from such locations are now blocked. We realize this breaks compatibility with some existing solutions, and are working on getting these file types supported with Protected View. Until that happens, users will need to manually trust the file before they open them in Excel, as demonstrated in one of the workaround suggestions. Excel can still open these files without an issue if they are trusted.
We strongly recommend against removing the security update..."
See: 'Additional info' for Office 2016, 2013, 2010 on '0ffice Trusted Locations'.

:fear::fear:

FYI...

Win10 'Anniversary Update' woes continue
... Problems with last week’s Anniversary Update keep piling up, and solutions remain elusive
- http://www.infoworld.com/article/3104999/microsoft-windows/windows-10-anniversary-update-woes-continue.html
Aug 8, 2016

- http://www.theregister.co.uk/2016/08/08/windows_10_anniversary_update_is_borking_boxen_everywhere/
8 Aug 2016

Block forced Windows 10 updates
- http://www.infoworld.com/article/2970172/microsoft-windows/block-forced-windows-10-updates-using-a-metered-connection.html

Enable Metered Connection to Delay Windows 10 Updates
- http://lifehacker.com/enable-metered-connection-to-delay-windows-10-updates-1723316525

>> http://www.guidingtech.com/48828/delay-disable-mandatory-updates-windows-10/

>> http://www.howtogeek.com/223864/how-to-uninstall-and-block-updates-and-drivers-on-windows-10/
"... If you want to temporarily prevent Windows from automatically downloading and installing any updates, you can do it without using the above tool to block updates. Just set your current Internet connection as “metered” and Windows won’t download updates while connected to it — at least until you tell Windows the connection isn’t metered anymore."

> http://www.howtogeek.com/224471/how-to-prevent-windows-10-from-automatically-downloading-updates/

:fear::fear:

FYI...

- https://technet.microsoft.com/en-us/library/security/ms16-aug
Aug 9, 2016 - "This bulletin summary lists security bulletins released for August 2016...
(Total of -9-)

Microsoft Security Bulletin MS16-095 - Critical
Cumulative Security Update for Internet Explorer (3177356)
- https://technet.microsoft.com/library/security/MS16-095
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-096 - Critical
Cumulative Security Update for Microsoft Edge (3177358)
- https://technet.microsoft.com/library/security/MS16-096
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-097 - Critical
Security Update for Microsoft Graphics Component (3177393)
- https://technet.microsoft.com/library/security/MS16-097
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office, Microsoft Communications Platforms and Software

Microsoft Security Bulletin MS16-098 - Important
Security Update for Windows Kernel-Mode Drivers (3178466)
- https://technet.microsoft.com/library/security/MS16-098
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-099 - Critical
Security Update for Microsoft Office (3177451)
- https://technet.microsoft.com/library/security/MS16-099
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS16-100 - Important
Security Update for Secure Boot (3179577)
- https://technet.microsoft.com/library/security/MS16-100
Important - Security Feature Bypass - Does not require restart - Microsoft Windows

Microsoft Security Bulletin MS16-101 - Important
Security Update for Windows Authentication Methods (3178465)
- https://technet.microsoft.com/library/security/MS16-101
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-102 - Critical
Security Update for Microsoft Windows PDF Library (3182248)
- https://technet.microsoft.com/library/security/MS16-102
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-103 - Important
Security Update for ActiveSyncProvider (3182332)
- https://technet.microsoft.com/library/security/MS16-103
Important - Information Disclosure - Requires restart - Microsoft Windows
___

MS16-095: http://www.securitytracker.com/id/1036562
MS16-096: http://www.securitytracker.com/id/1036569
MS16-097: http://www.securitytracker.com/id/1036564
MS16-098: http://www.securitytracker.com/id/1036572
MS16-099: http://www.securitytracker.com/id/1036559
MS16-100: http://www.securitytracker.com/id/1036573
MS16-101: http://www.securitytracker.com/id/1036576
MS16-102: http://www.securitytracker.com/id/1036561
MS16-103: http://www.securitytracker.com/id/1036577
___

- https://blogs.technet.microsoft.com/msrc/2016/08/09/august-2016-security-update-release/
Aug 9, 2016

- https://technet.microsoft.com/en-us/library/security/mt631688.aspx

Microsoft Security Advisory 3179528
Update for Kernel Mode Blacklist
- https://technet.microsoft.com/en-us/library/security/3179528.aspx
Aug 9, 2016

August 2016 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2016/08/09/august-2016-office-update-release/
Aug 9, 2016 - "... This month, there are -28- security updates (3 bulletins) and 40 non-security updates.
Security bulletins:
MS16-054 - https://technet.microsoft.com/en-us/library/security/ms16-054.aspx
MS16-097 - https://technet.microsoft.com/en-us/library/security/ms16-097.aspx
MS16-099 - https://technet.microsoft.com/en-us/library/security/ms16-099.aspx
All of the security and non-security updates for August are listed in KB article 3181038:
> http://support.microsoft.com/kb/3181038
A new version of Office 2013 Click-To-Run is available: 15.0.4849.1003
A new version of Office 2010 Click-To-Run is available: 14.0.7172.5001
A new version of Office 2013 Click-To-Run is available: 15.0.4849.1003
For information on Office 365 Click-To-Run updates, see Office 365 client update branch releases:
> https://technet.microsoft.com/en-us/mt465751

Non-Security Office Update Release - August 2016
- https://blogs.technet.microsoft.com/office_sustained_engineering/2016/08/02/august-2016-non-security-office-update-release/
Aug 2, 2016
___

ISC Analysis
- https://isc.sans.edu/mspatchdays.html?viewday=2016-08-09
Aug 9, 2016

Qualys Analysis
- https://blog.qualys.com/laws-of-vulnerabilities/2016/08/09/microsoft-patch-tuesday-august-2016
Aug 9, 2016

.

FYI...

Installing Win10 1607 proves to be a mixed bag
- http://windowssecrets.com/top-story/installing-win10-1607-proves-to-be-a-mixed-bag/
Aug 10, 2016

- http://www.infoworld.com/article/3106057/microsoft-windows/microsofts-massive-update-win10-builds-1439367-1439351-10586545-and-1024017071.html
Aug 10, 2016

August I/E patch is incomplete
- http://windowssecrets.com/patch-watch/microsoft-adds-complications-to-august-patching/
Aug 10, 2016

:fear: :mad:

FYI...

MS16-098: Description of the security update for Windows kernel-mode drivers...
- http://www.infoworld.com/article/3107306/microsoft-windows/microsoft-admits-to-distributing-windows-printing-bugs-in-kb-3177725-and-kb-3176493.html
Aug 15, 2016 - "... Microsoft's latest Patch Tuesday bug appears to affect Vista, Windows 7, 8.1, RT 8.1, as well as Server 2008, 2008 R2, 2012, and 2012 R2. More than that, it appears to clobber all versions of Windows 10. In other words, if you applied the latest cumulative update to any version of Windows 10, your printer won't work right...
Microsoft has admitted to distributing the bug, but there's no indication when it will issue a fix..."
* https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings/kb3176493-for-windows-10-and-kb3177725-for-windows/1280fc29-68ff-4328-83b2-e42704633262?auth=1
Dan Mattson - Microsoft: "... we are actively investigating this issue and have updated some of the KB articles involved with a 'Known Issues' section:
"After you apply this security update and you print multiple documents in succession, the first two documents may print successfully. However, the third and subsequent documents may not print."
Links: https://support.microsoft.com/en-us/kb/3177725
- https://support.microsoft.com/en-us/kb/3178466
If publicly available information on this topic changes, we will provide an update here as well."

- https://support.microsoft.com/en-us/kb/3177725
Last Review: 08/12/2016 17:37:00 - Rev: 3.0
- https://support.microsoft.com/en-us/kb/3178466
Last Review: 08/12/2016 17:38:00 - Rev: 3.0

:fear::fear:

FYI...

> https://technet.microsoft.com/library/security/ms16-aug.aspx
Updated: August 18, 2016 - Version: 1.4
Revisions:
V1.0 (August 9, 2016): Bulletin Summary published.
V1.1 (August 10, 2016): For MS16-101, Bulletin Summary revised to correct the security impact for CVE-2016-3237 from elevation of privilege to security feature bypass. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
V1.2 (August 11, 2016): For MS16-102, Bulletin Summary revised to remove Windows Server 2012 R2 (Server Core installation) from the affected software table because the Server Core version of Windows Server 2012 R2 is not affected. These are informational changes only. Customers who have already successfully installed the update do not need to take any action.
V1.3 (August 12, 2016): For MS16-102, Bulletin Summary revised to remove Windows 10 version 1607 from the affected software table because it is not affected. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
V1.4 (August 18, 2016): For MS16-095, MS16-096, MS16-097, MS16-098, MS16-101, MS16-102, and MS16-103, Bulletin Summary revised to add 'Known Issues' references to the Executive Summaries table. See the relevant Knowledge Base articles for more information.

MS16-097: https://support.microsoft.com/en-us/kb/3177393
"... articles may contain 'known issue' information"
MS16-098: https://support.microsoft.com/en-us/kb/3178466
"Known issues: After you apply this security update and you print multiple documents in succession, the first two documents may print successfully. However, the third and subsequent documents may not print."
MS16-101: https://support.microsoft.com/en-us/kb/3179577
"... articles may contain 'known issue' information"
MS16-102: https://support.microsoft.com/en-us/kb/3182248
"... articles may contain 'known issue' information"
MS16-103: https://support.microsoft.com/en-us/kb/3182332
"... articles may contain 'known issue' information"

:fear::fear: :sad:

FYI...

Print functionality is broken after any of the MS16-098 security updates are installed
- https://support.microsoft.com/en-us/kb/3187022
Last Review: 08/30/2016 16:24:00 - Rev: 3.0
"Prerequisites: To apply this update, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) installed in Windows 8.1 or Windows Server 2012 R2.
Or, install Service Pack 1 for Windows 7 or Windows Server 2008 R2..."
___

Fix for print bug in MS16-098 for Win7 and 8.1 – not Win10
> http://www.infoworld.com/article/3112567/microsoft-windows/kb-3187022-fixes-ms16-098kb-3177725-but-not-for-windows-10.html
Aug 25, 2016 - "... Microsoft rolled out a fix to the bug and assigned a different KB number, KB 3187022:
'Print functionality is broken after any of the MS16-098 security updates are installed'
If you're running Windows 7, Win8.1, or WinRT, that patch should've appeared last night in your Windows Update queue. But here's the rub. Microsoft didn't release the fix for Windows 10 in any version. Instead, Win10 users are stuck with the bug... Vista users, it seems, aren't in the picture..."

:fear:

FYI...

Description of Software Update Services and Windows Server Update Services changes in content for 2016
- https://support.microsoft.com/en-us/kb/894199
Last Review: 08/30/2016 16:24:00 - Rev: 36.0
[See] "... summary of the new and changed content scheduled for release on Tuesday, August 30, 2016..."
> https://support.microsoft.com/en-us/kb/894199#bookmark-ref
___

MS Security Bulletin MS16-099 - Critical
Security Update for Microsoft Office (3177451)
- https://technet.microsoft.com/en-us/library/security/MS16-099
Revisions:
V1.0 (August 9, 2016): Bulletin published.
V1.1 (August 11, 2016): Bulletin revised to correct the Updates Replaced entries for Microsoft Word Viewer updates 3115479 and 3115480. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.
V2.0 (August 22, 2016): Bulletin revised to announce the availability of the 14.6.7 update for Microsoft Office for Mac 2011 (3179162) and the 15.25 update for Microsoft Office 2016 for Mac (3179163). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3179162 and Microsoft Knowledge Base Article 3179163 for more information and download links.
___

MS Security Bulletin MS16-102 - Critical
Security Update for Microsoft Windows PDF Library (3182248)
- https://technet.microsoft.com/en-us/library/security/MS16-102
Revisions:
V1.0 (August 9, 2016): Bulletin published.
V1.1 (August 11, 2016): Bulletin revised to remove Windows Server 2012 R2 (Server Core installation) from the affected software table because the Server Core version of Windows Server 2012 R2 is not affected. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
V1.2 (August 12, 2016): Bulletin revised to correct the updates replaced for Window 8.1, Windows Server 2012, and Windows Server 2012 R2. Bulletin revised to remove Windows 10 version 1607 from the affected software table because it is not affected. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
___

> https://blogs.technet.microsoft.com/askpfeplat/2016/08/30/a-bit-about-the-windows-servicing-model/
Aug 30, 2016 - "... a discussion on the upcoming changes to our monthly patch releases to align down-level supported operating systems, updating practices to coincide with the Windows 10 Service Model... Beginning in October 2016 onwards, don’t expect to see individual KB’s but instead expect to see the following in the monthly patch release cycle:
1. Security-Only Update:
- Collects all of the security patches for that month into a single update
2. Cumulative Update:
- Security Updates from previous bullet point
- Collective update of all Updates, Rollups, Bug Fixes, and Security Updates
3. .Net Framework Security-Only Update:
- Contains only security updates
4. .Net Framework Rollup
- .Net Framework Security Updates from Previous Bullet Point
- Reliability updates
This change brings up a key question: 'With the new Windows as a Service: Service Model, can we back out a single patch (KB) if it causes issues since they are all rolled up?' The short answer is 'No', you can’t control which KB’s can be applied, so the complete roll up would need to be backed out. But the answer is more complex than a simple no. The point of rollups is to correct the fragmentation caused by systems containing a mix of individual updates. It will not be possible to uninstall specific KB’s of a rollup. If there is a problem the partner will need to open up a case and provide business justification to drive the discussion with Microsoft..."

:fear::fear:

FYI...

Windows Journal update for Vista SP2
- https://support.microsoft.com/en-us/kb/3185662
Last Review: 09/06/2016 16:06:00 - Rev: 1.0

:fear:

FYI...

- https://technet.microsoft.com/library/security/ms16-sep
Sep 13, 2016 - "This bulletin summary lists security bulletins released for September 2016...
(Total of -14-)

Microsoft Security Bulletin MS16-104 - Critical
Cumulative Security Update for Internet Explorer (3183038)
- https://technet.microsoft.com/library/security/MS16-104
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-105 - Critical
Cumulative Security Update for Microsoft Edge (3183043)
- https://technet.microsoft.com/library/security/MS16-105
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-106 - Critical
Security Update for Microsoft Graphics Component (3185848)
- https://technet.microsoft.com/library/security/MS16-106
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-107 - Critical
Security Update for Microsoft Office (3185852)
- https://technet.microsoft.com/library/security/MS16-107
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS16-108 - Critical
Security Update for Microsoft Exchange Server (3185883)
- https://technet.microsoft.com/library/security/MS16-108
Critical - Remote Code Execution - May require restart - Microsoft Exchange

Microsoft Security Bulletin MS16-109 - Important
Security Update for Silverlight (3182373)
- https://technet.microsoft.com/library/security/MS16-109
Important - Remote Code Execution - Does not require restart - Microsoft Windows

Microsoft Security Bulletin MS16-110 - Important
Security Update for Microsoft Windows (3178467)
- https://technet.microsoft.com/library/security/MS16-110
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-111 - Important
Security Update for Windows Kernel (3186973)
- https://technet.microsoft.com/library/security/MS16-111
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-112 - Important
Security Update for Windows Lock Screen (3178469)
- https://technet.microsoft.com/library/security/MS16-112
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-112 - Important
Security Update for Windows Lock Screen (3178469)
- https://technet.microsoft.com/library/security/MS16-112
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-113 - Important
Security Update for Windows Secure Kernel Mode (3185876)
- https://technet.microsoft.com/library/security/MS16-113
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-114 - Important
Security Update for Windows SMBv1 Server (3185879)
- https://technet.microsoft.com/library/security/MS16-114
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-115 - Important
Security Update for Microsoft Windows PDF Library (3188733)
- https://technet.microsoft.com/library/security/MS16-115
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-116 - Critical
Security Update in OLE Automation for VBScript Scripting Engine (3188724)
- https://technet.microsoft.com/library/security/MS16-116
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-117 - Critical
Security Update for Adobe Flash Player (3188128)
- https://technet.microsoft.com/library/security/MS16-117
Critical - Remote Code Execution- Requires restart - Microsoft Windows, Adobe Flash Player
___

MS16-104: http://www.securitytracker.com/id/1036788
MS16-105: http://www.securitytracker.com/id/1036789
MS16-106: http://www.securitytracker.com/id/1036786
MS16-107: http://www.securitytracker.com/id/1036785
MS16-108: http://www.securitytracker.com/id/1036778
MS16-109: http://www.securitytracker.com/id/1036795
MS16-110: http://www.securitytracker.com/id/1036798
MS16-111: http://www.securitytracker.com/id/1036802
MS16-112: http://www.securitytracker.com/id/1036799
MS16-113: http://www.securitytracker.com/id/1036800
MS16-114: http://www.securitytracker.com/id/1036803
___

- https://blogs.technet.microsoft.com/msrc/2016/09/13/september-2016-security-update-release/
Sep 13, 2016

Security Advisories:
Microsoft Security Advisory 3174644
Updated Support for Diffie-Hellman Key Exchange
- https://technet.microsoft.com/library/security/3174644
Sep 13, 2016
Microsoft Security Advisory 3181759
Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege
- https://technet.microsoft.com/library/security/3181759
Sep 13, 2016

Sep 2016 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2016/09/13/september-2016-office-update-release/
Sep 13, 2016 - "... This month, there are -34- security updates (1 bulletin) and 35 non-security updates.
Security bulletins:
MS16-107: https://technet.microsoft.com/en-us/library/security/ms16-107.aspx
All of the security and non-security updates for September are listed in KB article 3188548:
> http://support.microsoft.com/kb/3188548
A new version of Office 2013 Click-To-Run is available: 15.0.4859.1002
A new version of Office 2010 Click-To-Run is available: 14.0.7173.5001
For information on Office 365 Click-To-Run updates, see Office 365 client update branch releases:
- https://technet.microsoft.com/en-us/mt465751
___

ISC Analysis: https://isc.sans.edu/mspatchdays.html?viewday=2016-09-13

Qualys Analysis: https://blog.qualys.com/laws-of-vulnerabilities/2016/09/13/large-microsoft-patch-tuesday-update-for-august-2016
"... 14 security bulletins that affect a host of components including desktop operating systems, servers, browsers, Exchange server, Silverlight, SMBv1 and several others. It’s a large update that will keep desktop as well as server administrators busy. Seven updates are rated as critical, while the other seven are rated as Important. One 0-day vulnerability CVE-2016-3352 which was publicly disclosed earlier is also patched in the MS16-110 bulletin..."

.

FYI...

MS16-104: Security update for Internet Explorer
- https://support.microsoft.com/en-us/kb/3185319
"... Known issues in this security update:
• When you open a .URL shortcut in Windows Explorer (such as from the Favorites folder), you receive a "File Download – Security Warning" message.
• Microsoft is aware of limited situations in which an ActiveX installation fails when you use the ActiveX Installer Service (AXIS) together with Internet Explorer 10 or Internet Explorer 11.
To resolve this issue, install update 3192665*..."
Last Review: 09/30/2016 23:43:00 - Rev: 3.0
Applies to: Internet Explorer 11, Internet Explorer 10, Windows Internet Explorer 9

ActiveX installation that uses AXIS fails after you install MS16-104
* https://support.microsoft.com/en-us/kb/3192665
Last Review: 09/22/2016 20:07:00 - Rev: 1.0
Applies to: Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows 7 Service Pack 1

:fear::fear:

FYI...

'Get Windows 10' snooping patch KB 2952664 reappears
- http://www.infoworld.com/article/3127809/microsoft-windows/detested-get-windows-10-snooping-patch-kb-2952664-reappears.html
Oct 5, 2016 - "For whatever reason, our old nemesis KB 2952664 reappeared suddenly yesterday afternoon, and Windows users are livid... For those of you who don't recall, KB 2952664 (and its Windows 8.1 companion KB 2976978)... Bottom line: If you want to upgrade your Windows 7 or 8.1 PC to Windows 10, and haven't already done so, you're being set up to pay-full-price for the privilege. If you want to keep Windows 10 off your machine, don't install KB 2952664 (Win7) or KB 2976978 (Win 8.1)...
Update: A Microsoft spokesperson sent this comment:
'There is no Get Windows 10 or upgrade functionality contained in this update. This KB article is related to the Windows Update and the appraiser systems that enables us to continue to deliver servicing updates to Windows 7 and Windows 8.1 devices, as well as ensure device and application compatibility.'"

- https://support.microsoft.com/en-us/kb/2952664
Last Review: 10/04/2016 17:25:00 - Rev: 25.0
Applies to: Windows 7 Service Pack 1

- https://support.microsoft.com/en-us/kb/2976978
Last Review: 10/04/2016 17:29:00 - Rev: 29.0
Applies to: Windows 8.1 Enterprise, Windows 8.1, Windows 8.1 Pro, Windows 8 Enterprise, Windows 8, Windows 8 Pro

:fear::fear:

FYI...

- https://technet.microsoft.com/library/security/ms16-oct
Oct 11, 2016 - "This bulletin summary lists security bulletins released for October 2016...

Microsoft Security Bulletin MS16-118 - Critical
Cumulative Security Update for Internet Explorer (3192887)
- https://technet.microsoft.com/library/security/MS16-118
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-119 - Critical
Cumulative Security Update for Microsoft Edge (3192890)
- https://technet.microsoft.com/library/security/MS16-119
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-120 - Critical
Security Update for Microsoft Graphics Component (3192884)
- https://technet.microsoft.com/library/security/MS16-120
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync.

Microsoft Security Bulletin MS16-121 - Important
Security Update for Microsoft Office (3194063)
- https://technet.microsoft.com/library/security/MS16-121
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS16-122 - Critical
Security Update for Microsoft Video Control (3195360)
- https://technet.microsoft.com/library/security/MS16-122
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-123 - Important
Security Update for Windows Kernel-Mode Drivers (3192892)
- https://technet.microsoft.com/library/security/MS16-123
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-124 - Important
Security Update for Windows Registry (3193227)
- https://technet.microsoft.com/library/security/MS16-124
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-125 - Important
Security Update for Diagnostics Hub (3193229)
- https://technet.microsoft.com/library/security/MS16-125
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-126 - Moderate
Security Update for Microsoft Internet Messaging API (3196067)
- https://technet.microsoft.com/library/security/MS16-126
Moderate - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-127 - Critical
Security Update for Adobe Flash Player (3194343)
- https://technet.microsoft.com/library/security/MS16-127
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player
___

Re-released:

Compatibility update for keeping Windows up-to-date in Windows 7
- https://support.microsoft.com/en-us/kb/2952664
"This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate compatibility on the Windows ecosystem and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update..."
Last Review: 10/11/2016 16:06:00 - Rev. 27.0
Applies to: Windows 7 Service Pack 1
___

MS16-118: http://www.securitytracker.com/id/1036992
MS16-119: http://www.securitytracker.com/id/1036993
MS16-120: http://www.securitytracker.com/id/1036988
MS16-121: http://www.securitytracker.com/id/1036984
MS16-122: http://www.securitytracker.com/id/1036983
MS16-123: http://www.securitytracker.com/id/1036996
MS16-124:
MS16-125: http://www.securitytracker.com/id/1036997
MS16-126:
MS16-127: http://www.securitytracker.com/id/1036985
___

- https://blogs.technet.microsoft.com/msrc/2016/10/11/october-2016-security-update-release/
Oct 11, 2016

Oct 2016 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2016/10/11/october-2016-office-update-release/
Oct 11, 2016 - "... This month, there are -16- security updates (2 bulletins) and 32 non-security updates.
Security bulletins:
MS16-120: https://technet.microsoft.com/en-us/library/security/ms16-120.aspx
MS16-121: https://technet.microsoft.com/en-us/library/security/ms16-121.aspx
All of the security and non-security updates for October are listed in KB article 3194160:
- https://support.microsoft.com/en-us/kb/3194160
A new version of Office 2013 Click-To-Run is available: 15.0.4867.1003
A new version of Office 2010 Click-To-Run is available: 14.0.7174.5001
For information on Office 365 Click-To-Run updates, see Office 365 client update branch releases*."
* https://technet.microsoft.com/en-us/mt465751

.NET Framework Monthly Rollups Explained
- https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/
Oct 11, 2016
___

ISC Analysis: https://isc.sans.edu/diary.html?storyid=21581
2016-10-11 - "Microsoft published -nine- bulletins plus one bulletin affecting Adobe Flash. These bulletins fix 43 vulnerabilities in Microsoft software, and 11 in Flash. Several of the bulletins address vulnerabilities that are already exploited in the wild. Most of these vulnerabilities are information disclosure vulnerabilities. One of them, CVE 2016-3393 is a remote code execution vulnerability which is why I labeled it as "Patch Now"... summary here:
- https://isc.sans.edu/mspatchdays.html?viewday=2016-10-11 "

Qualys Analysis: https://blog.qualys.com/laws-of-vulnerabilities/2016/10/11/october-b-week-patch-tuesday-five-0-day-fixes
Oct 11, 2016 - "Today Microsoft started rolling out a new way to patch systems, and I explain the different components which are included and their timeline:
> Patch Tuesday (second Tuesday of every month or B week): Two main components will be released on Patch Tuesday:
- A security-only update: This is a single update containing all new security fixes for that month. It will be released on Windows Server Update Services (WSUS) where it can be consumed by other tools like ConfigMgr, and the Windows Update Catalog. This package will NOT be available for consumer PCs which get updated via Windows Update.
- A security monthly rollup: A single update containing all new security fixes for that month (same as the security-only update) as well as fixes from all previous monthly rollups. This will be available for consumer PCs which get updated via Windows Update.
> Third Tuesday of every month (C Week): This is a monthly rollup containing a preview of new non-security fixes that will be included in the next monthly rollup, as well as fixes from all previous monthly rollup. This is included for users to test their systems before next month. This will be available on WSUS, Windows update and Windows Update Catalog.
Internet Explorer updates are included in the security-only -and- monthly security rollup. .NET will follow a similar formula as monthly rollup and security-only updates.
Since today is Patch Tuesday i.e. B week or second Tuesday week, here is a list of security fixes that administrators should focus on:
A total of ten security updates were released affecting Browsers, Office, GDI, Kernel Drivers, Registry, Messaging and also update for Adobe Flash. Five updates are critical, four are important while one is moderate. What’s interesting is that five updated have at least one vulnerability each which a fixes a 0-day. These are the vulnerabilities that are already actively exploited in the wild..."

.

FYI...

October 2016 'security monthly' quality rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
"Summary: This security updates includes improvements and fixes from an update that was shipped earlier by update 3185278. To learn more about the non-security improvements and fixes in this update, see the September 20, 2016 — 3185278 section in Windows 7 SP1 and Windows Server 2008 R2 SP1 update history.
This security update also resolves the following vulnerabilities in Windows:
MS16-101 Security update for Windows authentication methods
MS16-118 Cumulative security update for Internet Explorer
MS16-120 Security update for Microsoft graphics component
MS16-122 Security update for Microsoft video control
MS16-123 Security update for kernel-mode drivers
MS16-124 Security update for Windows registry
MS16-126 Security update for Microsoft Internet Messaging API
More information:
Important:
The security fixes listed above that are included in this security update 3185330 are also included in this October 2016 month’s Security Only Quality Update 3192391*, which only includes those fixes. Installing either update will include the security fixes listed above, and the Security Monthly Quality Rollup also includes improvements and fixes from previous Monthly Rollups.
If you use update management processes other than Windows Update and automatically approve all Security updates classifications for deployment, note that both the Security Only Quality Update 3192391* and the Security Monthly Quality Rollup for the month 3185330 will be deployed. We recommend that you review your update deployment rules to ensure the desired updates are deployed.
If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows."
- https://support.microsoft.com/en-us/kb/3185330
Last Review: 10/11/2016 18:51:00 - Rev: 1.0
Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1
___

October 2016 'security only' quality update for Windows 7 SP1 and Windows Server 2008 R2 SP1
"Summary: This security update resolves the following vulnerabilities in Windows 7 and Windows Server 2008 R2:
MS16-101 Security update for Windows authentication methods
MS16-118 Cumulative security update for Internet Explorer
MS16-120 Security update for Microsoft graphics component
MS16-122 Security update for Microsoft video control
MS16-123 Security update for kernel-mode drivers
MS16-124 Security update for Windows registry
MS16-126 Security update for Microsoft Internet Messaging API
More information..."
* https://support.microsoft.com/en-us/kb/3192391
Last Review: 10/11/2016 17:49:00 - Rev: 1.0
Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1
___

September 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
"The September 2016 update rollup includes some new improvements and fixes for the Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1 platform. We recommend that you apply this update rollup as part of your regular maintenance routines.
Improvements and fixes: To learn more about the non-security improvements and fixes in this update, see the "September 20, 2016 – KB3185278" section in Windows 7 SP1 and Windows Server 2008 R2 SP1 update history[1].
Known issues in this update:
Symptoms: Assume that you are running Enhanced Mitigation Experience Toolkit (EMET) on Windows 7 Service Pack 1 (SP1) on a computer on which update 3175024 is installed. When you try to start an application, the application freezes very early in the process and does not completely start.
Cause: This issue occurs because the Export Address table Filtering (EAF) mitigation is active on the application..." (More...)
- https://support.microsoft.com/en-us/kb/3185278
Last Review: 09/20/2016 16:20:00 - Rev: 1.0

1] http://go.microsoft.com/fwlink/p/?LinkId=821934
Last Review: Oct 10, 2016 - Rev: 41
Applies to: Windows 7
___

- https://krebsonsecurity.com/2016/10/microsoft-no-more-pick-and-choose-patching/
Oct 11, 2016 - "... Consumers on Win7 SP1 and Win8.1 will henceforth receive what Redmond is calling a “Monthly Rollup,” which addresses both security issues and reliability issues in a single update. The “Security-only updates” option — intended for enterprises and -not- available via Windows Update — will only include new security patches that are released for that month. What this means is that if any part of the patch bundle breaks, the only option is to remove the entire bundle (instead of the offending patch, as was previously possible)..."

:fear::fear:

FYI...

New rules for updating Win7
- http://windowssecrets.com/patch-watch/coping-with-the-new-rules-for-updating-windows-7/
Oct 12, 2016 - "Only Microsoft could make Windows updating both easier and harder at the same time. This month we move from individual Win7 security updates to the new roll-up model. But Microsoft also released some individual updates alongside the rollups. To get through this transition, here are some steps to make the updating process less painful. Working with the big change in Win7 updating:
Microsoft’s new roll-up model for Windows 7 has a significant impact... I can no longer give you patch-by-patch recommendations on what to install now and what to put off — or never install. October’s patch release seemed especially confusing because some fixes are being addressed by both roll-up updates and separate patches. (Most of those separate updates are for corporate environments.) Whether this is a temporary expediency by Microsoft is something we’ll have to wait to see. For Patch Watch followers who stuck with Win7, I’m taking a slightly different tack in this column. I’d like you to review your system and determine how “crusty” it is — and how much you depend on it. If you have several Win7 computers, I recommend taking a cue from IT administrators: At least for this first use of the roll-up update system, install the updates on one system and carefully test that machine. Check, for example, that printer connections continue to work and there are no issues with your key applications."
___

> https://technet.microsoft.com/library/security/ms16-oct
Revisions:
•V1.1 (October 12, 2016): Bulletin Summary revised to change the severity of MS16-121 to Critical. This is an informational change only.

:fear:

FYI...

Bugs in latest Windows/Office patch bundles ...
- http://www.infoworld.com/article/3133845/microsoft-windows/bugs-in-latest-windowsoffice-patch-bundles-create-confusion.html
Oct 21, 2016
___

Oct 2016 security monthly quality rollup for Win7 SP1 and Windows Server 2008 R2 SP1
- https://support.microsoft.com/en-us/kb/3185330
Last Review: 10/21/2016 15:17:00 - Rev 2.0

:fear::fear::fear:

FYI...

MS Security Bulletin MS16-128 - Critical
Security Update for Adobe Flash Player (3201860)
- https://technet.microsoft.com/en-us/library/security/ms16-128.aspx
Oct 27, 2016 - "This security update resolves a vulnerability in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
This security update is rated Critical. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge..."

:fear::fear:

FYI...

Oct 2016 security monthly quality rollup for Win7SP1 and Windows Server 2008 R2 SP1
- https://support.microsoft.com/en-us/kb/3185330
Last Review: 10/26/2016 20:28:00 - Rev: 3.0
Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1


:fear::fear::fear:

FYI...

- https://technet.microsoft.com/en-us/library/security/ms16-nov
Nov 8, 2016 - "This bulletin summary lists security bulletins released for November 2016...
(Total of -14-)

Microsoft Security Bulletin MS16-129 - Critical
Cumulative Security Update for Microsoft Edge (3199057)
- https://technet.microsoft.com/library/security/MS16-129
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-130 - Critical
Security Update for Microsoft Windows (3199172)
- https://technet.microsoft.com/library/security/MS16-130
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-131 - Critical
Security Update for Microsoft Video Control (3199151)
- https://technet.microsoft.com/library/security/MS16-131
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-132 - Critical
Security Update for Microsoft Graphics Component (3199120)
- https://technet.microsoft.com/library/security/MS16-132
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-133 - Important
Security Update for Microsoft Office (3199168)
- https://technet.microsoft.com/library/security/MS16-133
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS16-134 - Important
Security Update for Common Log File System Driver (3193706)
- https://technet.microsoft.com/library/security/MS16-134
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-135 - Important
Security Update for Windows Kernel-Mode Drivers (3199135)
- https://technet.microsoft.com/library/security/MS16-135
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-136 - Important
Security Update for SQL Server (3199641)
- https://technet.microsoft.com/library/security/MS16-136
Important - Elevation of Privilege - May require restart - Microsoft SQL Server

Microsoft Security Bulletin MS16-137 - Important
Security Update for Windows Authentication Methods (3199173)
- https://technet.microsoft.com/library/security/MS16-137
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-138 - Important
Security Update for Microsoft Virtual Hard Disk Driver (3199647)
- https://technet.microsoft.com/library/security/MS16-138
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-139 - Important
Security Update for Windows Kernel (3199720)
- https://technet.microsoft.com/library/security/MS16-139
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-140 - Important
Security Update for Boot Manager (3193479)
- https://technet.microsoft.com/library/security/MS16-140
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-141 - Critical
Security Update for Adobe Flash Player (3202790)
- https://technet.microsoft.com/library/security/MS16-141
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-142 - Critical
Cumulative Security Update for Internet Explorer (3198467)
- https://technet.microsoft.com/library/security/MS16-142
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
___

MS16-129: http://www.securitytracker.com/id/1037245
MS16-130: http://www.securitytracker.com/id/1037241
MS16-131: http://www.securitytracker.com/id/1037242
MS16-132: http://www.securitytracker.com/id/1037243
MS16-133: http://www.securitytracker.com/id/1037246
MS16-134: http://www.securitytracker.com/id/1037252
MS16-135: http://www.securitytracker.com/id/1037251
MS16-136: http://www.securitytracker.com/id/1037250
MS16-137: http://www.securitytracker.com/id/1037249
MS16-138: http://www.securitytracker.com/id/1037248
MS16-139: http://www.securitytracker.com/id/1037253
MS16-140: http://www.securitytracker.com/id/1037255
MS16-141: http://www.securitytracker.com/id/1037240
MS16-142: http://www.securitytracker.com/id/1037247
___

- https://blogs.technet.microsoft.com/msrc/2016/11/08/november-2016-security-update-release/
Nov 8, 2016

Nov 2016 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2016/11/08/november-2016-office-update-release/
Nov 8, 2016 - "... there are -25- security updates (1 bulletin) and 39 non-security updates.
Security bulletins: MS16-133:
> https://technet.microsoft.com/en-us/library/security/ms16-133.aspx
All of the security and non-security updates for November are listed in KB article 3200802:
> https://support.microsoft.com/en-us/kb/3200802
A new version of Office 2013 Click-To-Run is available: 15.0.4875.1001
A new version of Office 2010 Click-To-Run is available: 14.0.7176.5000
For information on Office 365 Click-To-Run updates, see Office 365 client update branch releases:
> https://technet.microsoft.com/en-us/mt465751

November 2016 security monthly quality rollup
- https://support.microsoft.com/en-us/search?query=November%202016%20security%20monthly%20quality%20rollup
___

ISC Analysis
- https://isc.sans.edu/forums/diary/November+2016+Microsoft+Patch+Day/21689/
2016-11-08 - "Microsoft today released 13 bulletins (plus one bulletin from Adobe for Flash). 5 of the Microsoft bulletins, and the Adobe Flash bulletin are rated critical. There are a number of vulnerabilities that have either already been known, or have already been exploited:
- https://isc.sans.edu/mspatchdays.html?viewday=2016-11-08
2016-11-08

Qualys Analysis
- https://blog.qualys.com/laws-of-vulnerabilities/2016/11/08/microsoft-patches-actively-exploited-kernel-vulnerability-three-previously-disclosed-browser-issues-and-sql-server
Nov 8, 2016 - "Today Microsoft released 14 security bulletins with six critical and eight important security fixes. It patched 0-day vulnerability CVE-2016-7255 in the MS16-135 which was actively attacked and disclosed by Google in their disclosure blog a few days ago. Since it is publicly disclosed and actively exploited it should be the top priority for organizations. Three more vulnerabilities that were previously disclosed before availability of patches were fixed. These three issues are in IE and Edge browser and were fixed in MS16-142 and MS16-129 respectively (CVE-2016-7227 for IE, CVE-2016-7199 and CVE-2016-7209 for Edge). Microsoft office bulletin MS16-133 contains fixes for 10 vulnerabilities that could allow attackers to take complete control of the system. In addition to these 10 fixes there is an information disclosure as well as a denial-of-service i.e crash which was fixed. Since office documents are prevalent in typical corporate environment I think this bulletin should be treated as critical even if it is rated as ‘Important’..."

.

FYI...

MS to revamp its documentation for security patches
Microsoft has eliminated individual patches from every Windows version, and Security Bulletins will go away soon, replaced by a spreadsheet with tools
> http://www.infoworld.com/article/3139922/microsoft-windows/microsoft-to-revamp-its-documentation-for-security-patches.html
Nov 10, 2016 - "... Starting in January, per the Microsoft Security Response Center*, the Security Bulletins are going away..."
* https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/
"... After the January 2017 Update Tuesday release, we will only publish update information to the Security Updates Guide**."

Software Update Summary
** https://portal.msrc.microsoft.com/en-us/security-guidance/summary

> https://portal.msrc.microsoft.com/en-us/security-guidance

> https://portal.msrc.microsoft.com/en-us/

:fear::fear:

FYI...

Microsoft pulls MS 3197868 Win7 Security Rollup
- https://www.askwoody.com/2016/microsoft-pulls-ms-3197868-the-win7-security-rollup-that-blew-apart-malwarebytes/
Nov 23, 2016

> https://www.catalog.update.microsoft.com/Search.aspx?q=3197868

- https://support.malwarebytes.com/customer/portal/articles/2647220-what-can-i-do-if-i-have-been-affected-by-the-kernel32-dll-false-positive-?b_id=6442
11.11.2016 - "... false positive was caused by Microsoft not digitally signing over 500 files included in "November, 2016 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB3197868)". Malwarebytes triggered on these unsigned files despite efforts in the 1.80 and 2.x releases to enhance safeguards and prevent false positives on legitimate files. We are working on correcting what actions took place to better protect from this in the future..."
___

‘Appears to have been restored:
> https://www.catalog.update.microsoft.com/Search.aspx?q=3197868
Last Updated: 11/23/2016

:fear::fear::fear:

FYI...

- https://technet.microsoft.com/en-us/library/security/ms16-dec
Dec 13, 2016 - "This bulletin summary lists security bulletins released for December 2016...
Note: As a reminder, the 'Security Updates Guide'* will be replacing security bulletins as of February 2017...
* https://portal.msrc.microsoft.com/en-us/security-guidance

Microsoft Security Bulletin MS16-144 - Critical
Cumulative Security Update for Internet Explorer (3204059)
- https://technet.microsoft.com/library/security/ms16-144
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-145 - Critical
Cumulative Security Update for Microsoft Edge (3204062)
- https://technet.microsoft.com/library/security/ms16-145
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-146 - Critical
Security Update for Microsoft Graphics Component (3204066)
- https://technet.microsoft.com/library/security/ms16-146
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-147 - Critical
Security Update for Microsoft Uniscribe (3204063)
- https://technet.microsoft.com/library/security/ms16-147
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-148 - Critical
Security Update for Microsoft Office (3204068)
- https://technet.microsoft.com/library/security/ms16-148
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS16-149 - Important
Security Update for Microsoft Windows (3205655)
- https://technet.microsoft.com/library/security/ms16-149
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-150 - Important
Security Update for Secure Kernel Mode (3205642)
- https://technet.microsoft.com/library/security/ms16-150
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-151 - Important
Security Update for Windows Kernel-Mode Drivers (3205651)
- https://technet.microsoft.com/library/security/ms16-151
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-152 - Important
Security Update for Windows Kernel (3199709)
- https://technet.microsoft.com/library/security/ms16-152
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-153 - Important
Security Update for Common Log File System Driver (3207328)
- https://technet.microsoft.com/library/security/ms16-153
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-154 - Critical
Security Update for Adobe Flash Player (3209498)
- https://technet.microsoft.com/library/security/ms16-154
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player

Microsoft Security Bulletin MS16-155 - Important
Security Update for .NET Framework (3205640)
- https://technet.microsoft.com/library/security/ms16-155
Important - Information Disclosure - Requires restart - Microsoft Windows, Microsoft .NET Framework
___

MS16-144: http://www.securitytracker.com/id/1037448
MS16-145: http://www.securitytracker.com/id/1037444
MS16-146: http://www.securitytracker.com/id/1037438
MS16-147: http://www.securitytracker.com/id/1037440
MS16-148: http://www.securitytracker.com/id/1037441
MS16-149: http://www.securitytracker.com/id/1037450
MS16-150: http://www.securitytracker.com/id/1037451
MS16-151: http://www.securitytracker.com/id/1037452
MS16-152: http://www.securitytracker.com/id/1037453
MS16-153: http://www.securitytracker.com/id/1037454
MS16-154: http://www.securitytracker.com/id/1037449
MS16-155: http://www.securitytracker.com/id/1037455
___

Dec 2016 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2016/12/13/december-2016-office-update-release/
Dec 13, 2016 - "... This month, there are -24- security updates (1 bulletin) and 44 non-security updates.
Security bulletins: MS16-148:
- https://technet.microsoft.com/en-us/library/security/ms16-148.aspx
All of the security and non-security updates are listed in KB article 3208595:
- https://support.microsoft.com/en-us/kb/3208595
A new version of Office 2013 Click-To-Run is available: 15.0.4885.1001
A new version of Office 2010 Click-To-Run is available: 14.0.7177.5000 ..."
___

ISC Analysis
- https://isc.sans.edu/mspatchdays.html?viewday=2016-12-13
2016-12-13

Qualys Analysis
- https://blog.qualys.com/laws-of-vulnerabilities/2016/12/13/microsoft-ends-2016-with-15-increase-in-bulletin-volume
Dec 13, 2016

.

FYI...

- https://technet.microsoft.com/en-us/library/security/ms17-jan
Jan 10, 2017 - "This bulletin summary lists security bulletins released for January 2017...
Note: There are no security fixes or quality improvements for Windows 8.1 or Windows Server 2012 R2 for release on Update Tuesday for January 2017. As such, there is no Security -Only- Quality Update or Security -Monthly- Quality Rollup release for these platforms this month...
(Total of -4-)

Microsoft Security Bulletin MS17-001 - Important
Security Update for Microsoft Edge (3214288)
- https://technet.microsoft.com/library/security/MS17-001
Important - Elevation of Privilege - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS17-002 - Critical
Security Update for Microsoft Office (3214291)
- https://technet.microsoft.com/library/security/ms17-002
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS17-003 - Critical
Security Update for Adobe Flash Player (3214628)
- https://technet.microsoft.com/library/security/ms17-003
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player

Microsoft Security Bulletin MS17-004 - Important
Security Update for Local Security Authority Subsystem Service (3216771)
- https://technet.microsoft.com/library/security/ms17-004
Important - Denial of Service - Requires restart - Microsoft Windows
___

MS17-001: http://www.securitytracker.com/id/1037573
MS17-002: http://www.securitytracker.com/id/1037568
- http://www.securitytracker.com/id/1037569
MS17-003: http://www.securitytracker.com/id/1037570
MS17-004: http://www.securitytracker.com/id/1037571
___

Security Updates Guide
- https://portal.msrc.microsoft.com/en-us/security-guidance
10-Jan-2017 - January 2017 Security Updates
Total items: 34
[Note: There are -some- updates listed for Win8.1 and WinSvr2012 R2 here.]
___

Security Advisories
- https://technet.microsoft.com/en-us/security/advisories#APUMA

- https://technet.microsoft.com/library/security/2755801
1/10/2017 - 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge

- https://technet.microsoft.com/en-us/library/security/mt745127.aspx

- https://technet.microsoft.com/library/security/3214296.aspx
Jan 10, 2017 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege
___

January 2017 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2017/01/10/january-2017-office-update-release/
Jan 10, 2017 - "... This month, there are -2- security updates (1 bulletin) and -31- non-security updates.
Security bulletins: MS17-002: https://technet.microsoft.com/en-us/library/security/ms17-002.aspx
All of the security and non-security updates are listed in KB article 3214449:
- https://support.microsoft.com/en-us/kb/3214449
A new version of Office 2013 Click-To-Run is available: 15.0.4893.1002 ..."
___

ISC Analysis
- https://isc.sans.edu/mspatchdays.html?viewday=2017-01-10
2017-01-10

Qualys Analysis
- https://blog.qualys.com/laws-of-vulnerabilities/2017/01/10/microsoft-starts-2017-with-record-low-security-updates
Jan 10, 2017 - "... in the first Patch Tuesday of 2017 Microsoft fixed only 3 vulnerabilities which makes it one of the smallest patch month ever. Patches were released for Microsoft Office, the Edge browser and LSASS. It’s an unusually small patch update and will definitely make system administrators happy. For Windows server 2008 administrators, on top of the list is the LSASS or Local Security Authority Subsystem Service bulletin MS17-004 which is a denial-of-service condition which could allow unauthenticated attackers to trigger an automatic reboot. To exploit the vulnerability an unauthenticated attacker could send a specially crafted authentication request which would lead in the reboot condition. This vulnerability i.e. CVE-2017-0004 was publically disclosed before the availability of the patch and PoC exploit could become available soon. Windows 7 and Vista are also affected.
Top on the priority list for workstations is the critical Office bulletin MS17-002 which applies to Word 2016 and SharePoint 2016. An attacker could send a malicious file as an attachment and could take complete control of the system if the file is opened with the affected software.
Microsoft Edge bulletin MS17-001 affects Windows 10 and Windows Server 2016. It allows an attacker to access information from one domain and inject it into another domain resulting into getting elevated privileges. This vulnerability i.e. CVE-2017-0002 was publically disclosed before the availability of the patch.
It is also worth noting that starting next month Microsoft will scrap the existing system where users get a document each month in favor of a new ‘single destination for security vulnerability information’ called the Security Updates Guide. The new security portal is driven by an online database and instead of having to poke through an index of documents, users can sort, search, and filter the database to find details about a specific security bulletin and its associated updates..."

.

FYI...

MS WMF 5.1 released - PowerShell 5.1 for Windows 7 and later
- https://blogs.msdn.microsoft.com/powershell/2017/01/19/windows-management-framework-wmf-5-1-released/
Jan 19, 2017 - "... we are releasing the Windows Management Framework (WMF) 5.1 today via the Microsoft download center:
> http://www.microsoft.com/en-us/download/details.aspx?id=54616
WMF 5.1 upgrades Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 to the PowerShell, WMI, WinRM and SIL components that were released with Windows Server 2016 and Windows 10 Anniversary Edition. You can find out more about the WMF 5.1 release in the Release Notes:
> https://msdn.microsoft.com/en-us/powershell/wmf/5.1/release-notes
Please note that for Windows 7 and Windows Server 2008 R2 the installation instructions have changed significantly. Please read the Install and Configure topic in the release notes. We have removed the requirement for pre-installing WMF 4 on Windows 7 and Windows Server 2008 R2, but to do so we had create a script for checking the prerequisites that accompanies the MSU in a ZIP file. This affects only Windows 7 and Windows Server 2008 R2. The Install and Configure topic* in the release notes provides details on using the script..."
* https://msdn.microsoft.com/en-us/powershell/wmf/5.1/install-configure

:fear:

FYI...

Windows 10 v1607 media now available
- https://blogs.technet.microsoft.com/windowsitpro/2017/01/19/windows-10-v1607-media-now-available/
Jan 19, 2017 - "On November 29th, Windows 10, version 1607 was -declared- the Current Branch for Business (CBB), indicating that Microsoft, independent software vendors (ISVs), partners, and customers -believe- that the release is ready for broad deployment. Today we are releasing updated media for Windows 10 v1607 (also known as the Windows 10 Anniversary Update) on Windows Update for Business, Windows Server Update Services (WSUS), and MSDN Subscriptions. We will also be releasing -updated-refreshed- media for Windows 10, version 1607 to the Volume Licensing Service Center (VLSC) on January 26, 2017...
End of servicing for Windows 10, version 1507:
With the availability of Windows 10, version 1607 to the VLSC on January 26th, the 60-day grace period for Windows 10, version 1507 will begin. That means, after March 26th, 2017, Windows 10, version 1507 will no longer be serviced as only the two most Current Branch for Business (CBB) versions are actively serviced...
Additional information:
For the latest list of Windows 10 feature updates, and current versions by servicing option, see our Windows 10 release information page*..."
* https://technet.microsoft.com/en-us/windows/mt679505.aspx
___

Microsoft’s Release Process Prompts Update Confusion
> http://windowssecrets.com/patch-watch/microsofts-release-process-prompts-update-confusion/
Jan 24, 2017
___

Windows 10 Version 1607 and Windows Server 2016
January 26, 2017—KB 3216755 (OS Build 14393.726)
- https://support.microsoft.com/en-us/help/4011347/windows-10-update-kb3216755
. Update replacement information: This update replaces the previously released update KB3213986.
Last Review: Jan 26, 2017 - Rev: 2
___

Windows 10 update KB 3216755
> http://www.infoworld.com/article/3162345/microsoft-windows/microsoft-uses-new-way-to-distribute-windows-10-update-kb-3216755.html
Jan 27, 2017 - "... The latest cumulative update is only available in the Update Catalog":
> http://www.catalog.update.microsoft.com/Search.aspx?q=3216755

:confused: :fear: :spider:

FYI...

Microsoft Security Advisory 4010983
Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service
- https://technet.microsoft.com/library/security/4010983
Jan 27, 2017

:fear::fear:

FYI...

MS Patches delayed
- https://isc.sans.edu/diary.html?storyid=22066
Feb 14, 2017 - "Microsoft delayed the release of all bulletins* scheduled for today. Today was supposed to be the first month of Microsoft using its new update process, which meant that we would no longer see a bulletin summary, and patches would be released as monolithic updates vs. individually. It is possible that this change in process caused the delay... we do not know when Microsoft will release it's February patches. There is still the unpatched SMB 3 DoS vulnerability... hoped to be addressed in this round..."

* https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/
Feb 14, 2017 - "... This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today. After considering all options, we made the decision to delay this month’s updates..."

:fear::fear:

FYI...

Microsoft February Patch Tuesday Now Rolled into March Update
- https://isc.sans.edu/diary.html?storyid=22072
2017-02-16 - "Microsoft earlier today updated its blog post* about the "skipped" February patch Tuesday with a note that "We will deliver updates as part of the planned March Update Tuesday, March 14, 2017." March 14th is the March Patch Tuesday date, so February's updates will be combined with the March update. Probably overall the least disruptive solution at this point."

* https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/
___

Windows Update issues may be at root of February's patch delay
- http://www.computerworld.com/article/3170633/microsoft-windows/windows-update-issues-may-be-at-root-of-februarys-patch-delay.html
Feb 15, 2017

:fear::fear:

FYI...

Microsoft Security Bulletin MS17-005 - Critical
Security Update for Adobe Flash Player (4010250)
- https://technet.microsoft.com/en-us/library/security/MS17-005
Feb 21, 2017 - "This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016..."

- https://support.microsoft.com/en-us/help/4010250/ms17-005-security-update-for-adobe-flash-player-february-21-2017
Last Review: Feb 21, 2017 - Rev: 28

- https://isc.sans.edu/diary.html?storyid=22097
2017-02-21 23:55:22 UTC

- https://blogs.technet.microsoft.com/msrc/2017/02/21/adobe-flash-player-security-vulnerability-release/
Feb 21, 2017
___

Unpatched MS Edge and IE Bug
- https://isc.sans.edu/diary.html?storyid=22115
2017-02-25
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0037
Last revised: 02/26/2017

:fear::fear:

FYI... ("March madness" begins)

March 2017 Non-Security Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2017/03/07/march-2017-non-security-office-update-release/
Mar 7, 2017 - "Listed below are the non-security updates we released on the Download Center and Microsoft Update. See the linked KB articles for more information."

Office 2013
Update for Microsoft Office 2013 (KB3162058)
> http://support.microsoft.com/KB/3162058
Update for Microsoft Office 2013 (KB3162039)
> http://support.microsoft.com/KB/3162039
Update for Microsoft OneDrive for Business (KB3178645)
> http://support.microsoft.com/KB/3178645
Update for Microsoft Project 2013 (KB3178650)
> http://support.microsoft.com/KB/3178650
Update for Microsoft Visio 2013 (KB3172437)
> http://support.microsoft.com/KB/3172437

Office 2016
Update for Microsoft Access 2016 (KB3128054)
> http://support.microsoft.com/KB/3128054
Update for Microsoft Office 2016 (KB3141452)
> http://support.microsoft.com/KB/3141452
Update for Microsoft OneDrive for Business (KB3141458)
> http://support.microsoft.com/KB/3141458
Update for Microsoft Office 2016 (KB3178661)
> http://support.microsoft.com/KB/3178661
Update for Microsoft Office 2016 (KB3178663)
> http://support.microsoft.com/KB/3178663
Update for Microsoft Office 2016 (KB3178668)
> http://support.microsoft.com/KB/3178668
Update for Microsoft Office 2016 (KB3178660)
> http://support.microsoft.com/KB/3178660
Update for Microsoft Office 2016 (KB3178655)
> http://support.microsoft.com/KB/3178655
Update for Microsoft PowerPoint 2016 (KB3178657)
> http://support.microsoft.com/KB/3178657
Update for Microsoft Project 2016 (KB3178669)
> http://support.microsoft.com/KB/3178669
Update for Microsoft Publisher 2016 (KB3128047)
> http://support.microsoft.com/KB/3128047
Update for Microsoft Visio 2016 (KB3178654)
> http://support.microsoft.com/KB/3178654

:fear::fear:

FYI...

- https://blogs.technet.microsoft.com/msrc/2017/03/14/march-2017-security-update-release/
Mar 14, 2017 - "Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide*..."

Security Update Guide
* https://portal.msrc.microsoft.com/en-us/security-guidance
14-Mar-17

March 2017 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
- https://support.microsoft.com/en-us/help/4012215/march-2007-security-monthly-quality-rollup-for-windows-7-sp1-and-windows-server-2008-r2-sp1
Mar 14, 2017 - Rev: 11

Windows 8.1 and Windows Server 2012 R2 update history
- https://support.microsoft.com/en-us/help/24717/windows-8-1-and-windows-server-2012-r2-update-history
Mar 14, 2017 - Rev: 129

March 2017 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2
- https://support.microsoft.com/en-us/help/4012213/march-2017-security-only-quality-update-for-windows-8-1-and-windows-server-2012-r2
Mar 14, 2017 - Rev: 11

Windows 10 Version 1607 and Windows Server 2016
KB4013429 (OS Build 14393.953)
- https://support.microsoft.com/en-us/help/4013429/windows-10-update-kb4013429
Mar 14, 2017 - Rev: 48

> https://www.catalog.update.microsoft.com/Search.aspx?q=KB4012212

> https://www.catalog.update.microsoft.com/Search.aspx?q=KB4012213

> https://www.catalog.update.microsoft.com/Search.aspx?q=KB4013429
___

Microsoft Security Bulletin Summary for March 2017
- https://technet.microsoft.com/en-us/library/security/ms17-mar
Mar 14, 2017 - "This bulletin summary lists security bulletins released for March 2017..."
(18 total)

Microsoft Security Bulletin MS17-006 - Critical
Cumulative Security Update for Internet Explorer (4013073)
- https://technet.microsoft.com/library/security/MS17-006
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Internet Explorer

Microsoft Security Bulletin MS17-007 - Critical
Cumulative Security Update for Microsoft Edge (4013071)
- https://technet.microsoft.com/library/security/MS17-007
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS17-008 - Critical
Security Update for Windows Hyper-V (4013082)
- https://technet.microsoft.com/library/security/MS17-008
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-009 - Critical
Security Update for Microsoft Windows PDF Library (4010319)
- https://technet.microsoft.com/library/security/MS17-009
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-010 - Critical
Security Update for Microsoft Windows SMB Server (4013389)
- https://technet.microsoft.com/library/security/MS17-010
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-011 - Critical
Security Update for Microsoft Uniscribe (4013076)
- https://technet.microsoft.com/library/security/MS17-011
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-012 - Critical
Security Update for Microsoft Windows (4013078)
- https://technet.microsoft.com/library/security/MS17-012
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-013 - Critical
Security Update for Microsoft Graphics Component (4013075)
- https://technet.microsoft.com/library/security/MS17-013
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, Microsoft Silverlight

Microsoft Security Bulletin MS17-014 - Important
Security Update for Microsoft Office (4013241)
- https://technet.microsoft.com/library/security/MS17-014
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps,
Microsoft Server Software, Microsoft Communications Platforms and Software

Microsoft Security Bulletin MS17-015 - Important
Security Update for Microsoft Exchange Server (4013242)
- https://technet.microsoft.com/library/security/MS17-015
Important - Remote Code Execution - Requires restart - Microsoft Exchange

Microsoft Security Bulletin MS17-016 - Important
Security Update for Windows IIS (4013074)
- https://technet.microsoft.com/library/security/MS17-016
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-017 - Important
Security Update for Windows Kernel (4013081)
- https://technet.microsoft.com/library/security/MS17-017
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-018 - Important
Security Update for Windows Kernel-Mode Drivers (4013083)
- https://technet.microsoft.com/library/security/MS17-018
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-019 - Important
Security Update for Active Directory Federation Services (4010320)
- https://technet.microsoft.com/library/security/MS17-019
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-020 - Important
Security Update for Windows DVD Maker (3208223)
- https://technet.microsoft.com/library/security/MS17-020
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-021 - Important
Security Update for Windows DirectShow (4010318)
- https://technet.microsoft.com/library/security/MS17-021
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-022 - Important
Security Update for Microsoft XML Core Services (4010321)
- https://technet.microsoft.com/library/security/MS17-022
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-023 - Critical
Security Update for Adobe Flash Player (4014329)
- https://technet.microsoft.com/library/security/MS17-023
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player
___

MS17-006: http://www.securitytracker.com/id/1038008
MS17-007: http://www.securitytracker.com/id/1038006
MS17-008: http://www.securitytracker.com/id/1037999
MS17-009: http://www.securitytracker.com/id/1037989
MS17-010: http://www.securitytracker.com/id/1037991
MS17-011: http://www.securitytracker.com/id/1037992
MS17-012: http://www.securitytracker.com/id/1038001
MS17-013: http://www.securitytracker.com/id/1038002
MS17-014: http://www.securitytracker.com/id/1038010
- http://www.securitytracker.com/id/1038019
- http://www.securitytracker.com/id/1038020
MS17-015: http://www.securitytracker.com/id/1038011
MS17-016: http://www.securitytracker.com/id/1038012
MS17-017: http://www.securitytracker.com/id/1038013
MS17-018: http://www.securitytracker.com/id/1038017
MS17-019: http://www.securitytracker.com/id/1038018
MS17-020: http://www.securitytracker.com/id/1038015
MS17-021: http://www.securitytracker.com/id/1038016
MS17-022: http://www.securitytracker.com/id/1038014
___

March 2017 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2017/03/14/march-2017-office-update-release/
Mar 14, 2017 - "... This month, there are 28 security updates (2 bulletin) and 27 non-security updates.
Security bulletins:
MS17-013: https://technet.microsoft.com/en-us/library/security/ms17-013.aspx
MS17-014: https://technet.microsoft.com/en-us/library/security/ms17-014.aspx
All of the security and non-security updates are listed in KB article 4013886
- https://support.microsoft.com/en-us/help/4013886/march-14-2017-update-for-microsoft-office
A new version of Office 2013 Click-To-Run is available: 15.0.4911.1002
A new version of Office 2010 Click-To-Run is available: 14.0.7179.5002"
___

ISC Analysis:
- https://isc.sans.edu/diary.html?storyid=22185
Mar 14 2017 - "... large number of bulletins (18 total, which includes the Adobe Flash bulletin)
... You can review the patch summary here:
> https://isc.sans.edu/mspatchdays.html?viewday=2017-03-14 "

Qualys Analysis:
- https://blog.qualys.com/laws-of-vulnerabilities/2017/03/14/massive-security-update-from-microsoft-for-march
Mar 14, 2017 - "Today Microsoft released a massive security update consisting of 17 security bulletins that fixed a total of -134- vulnerabilities. Out of the 17 security bulletins 8 were marked as Critical which could lead to remote code execution while the remaining were marked as Important. Since there were no patches released for February, in one way, a massive update was expected this month. We also liked the fact that Microsoft kept the older way of clubbing KB articles and patches in security bulletins which, in our opinion, is easy to read and provides better overall picture... Overall today is going to be very busy for IT department in organizations of all sizes due to the large number of client as well as server patches to be installed. But most people will be pleasantly surprised as Microsoft kept the older way of clubbing KB articles into security bulletins."

:fear::fear::fear:

FYI...

Microsoft SMBv1 Vulnerability
- https://www.us-cert.gov/ncas/current-activity/2017/03/16/Microsoft-SMBv1-Vulnerability
March 16, 2017 - "Microsoft has released a security update to address a vulnerability in implementations of Server Message Block 1.0 (SMBv1). Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Microsoft Security Bulletin MS17-010* and apply the update. For more information, see the Information Assurance Advisory** and US-CERT's SMB Security Best Practices guidance***."
* https://technet.microsoft.com/library/security/MS17-010
March 14, 2017
** https://www.iad.gov/iad/library/ia-advisories-alerts/iaa-removal-of-server-message-block-1-0.cfm
16 March 2017
*** https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices
Last revised: March 16, 2017
___

- https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices
Last revised: March 16, 2017 - "In response to public reporting of a potential Server Message Block (SMB) vulnerability, US-CERT is providing known best practices related to SMB. This service is universally available for Windows systems, and legacy versions of SMB protocols could allow a remote attacker to obtain sensitive information from affected systems. US-CERT recommends that users and administrators consider:
disabling SMBv1 and
blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.
US-CERT cautions users and administrators that disabling or blocking SMB may create problems by obstructing access to shared files, data, or devices. The benefits of mitigation should be weighed against potential disruptions to users. For more information on SMB, please review Microsoft Security Advisories 2696547* and 204279**."
* https://support.microsoft.com/en-us/kb/2696547
Feb 28, 2017 - Rev: 23
** https://support.microsoft.com/en-us/kb/204279
Jan 7, 2008 - Rev: 1

:fear::fear:

FYI...

March Patching Comes In Like a Lion
- http://windowssecrets.com/windows-secrets/march-patching-comes-in-like-a-lion/
March 16, 2017 - "The lack of patches in February means that March’s updates are numerous. Not helping the situation: While Windows 10 updates are cumulative, Office updates may not be depending on your install. Thus we are getting an extra set. It’s a lot to sort through.
Microsoft finally got back to a bit of normal with this month’s release. Windows 10, 8 and 7 all received their normal large cumulative updates, most with a security bent. For Windows 10, the cumulative update also included many fixes for other issues on that platform. And in a bit of trivia only patch-a-holics like me love to keep track of, we have now jumped to Knowledge Base articles that begin with 4. For example, the Windows 10 1607 update is KB4013198.
In addition we received double the amount of Office updates, but remember, if you are running any of the Office 365 versions that support click-to-run, you won’t see the masses of Office updates, you’ll merely get the click to run update dribbled to you over time.
March also meant changes to Microsoft’s communication regarding security bulletins, with the all new Security Portal* as the new location for security guidance and information. However, they are still posting the traditional security bulletin information in the original format, just to ease in the transition."
* https://portal.msrc.microsoft.com/en-us/security-guidance

- https://arstechnica.com/security/2017/03/microsofts-silence-over-unprecedented-patch-delay-doesnt-smell-right/
3/16/2017

:fear::fear:

FYI...

MS17-014: Description of the security update for Excel 2010
- https://support.microsoft.com/en-us/help/3191855/march-28-2017-update-for-excel-2010-kb3191855
"... Note: To apply this security update, you must have the release version of Service Pack 2 for Office 2010 installed on the computer...
Improvements and fixes:
Fixes an issue that causes Excel 2010 to crash when spreadsheets are recalculated. This issue occurs after you install MS17-014: Description of the security update for Excel 2010: March 14, 2017 (KB3178690*)..."
Last Review: Mar 28, 2017 - Rev: 9

* https://support.microsoft.com/en-us/help/3178690
___

- https://blogs.technet.microsoft.com/office_sustained_engineering/2017/03/28/new-update-available-for-excel-2010/
Mar 28, 2017
___

KB3178690 causing excel 2010 to crash
- https://answers.microsoft.com/en-us/msoffice/forum/msoffice_excel-mso_other/kb3178690-causing-excel-2010-to-crash/a949afa1-0102-4dfa-8634-884b2d7d057b

- https://support.microsoft.com/en-us/help/3191855/march-28-2017-update-for-excel-2010-kb3191855
___

> http://windowssecrets.com/patch-watch/march-patching-not-going-out-like-a-lamb/
March 28, 2017

:fear::fear:

FYI...

Forms in Dynamics CRM 2011 are broken after KB 4013073 for IE11 is installed
- https://support.microsoft.com/en-us/help/4016446/forms-in-dynamics-crm-2011-are-not-displayed-correctly-after-kb-401307
"Forms in Microsoft Dynamics CRM 2011 are not displayed correctly after KB 4013073 is installed on a Windows system that is running Internet Explorer 11... To get the stand-alone package for this update, go to the Microsoft Update Catalog website*..."
Last Review: Mar 22, 2017 - Rev: 29

* http://www.catalog.update.microsoft.com/search.aspx?q=kb4016446

MS17-006: Cumulative security update for Internet Explorer: March 14, 2017
- https://support.microsoft.com/en-us/help/4013073/ms17-006-cumulative-security-update-for-internet-explorer-march-14-201
Last Review: Mar 14, 2017 - Rev: 31
___


MS17-006: Security update for IE: Mar 14, 2017
- https://support.microsoft.com/en-us/help/4012204/ms17-006-security-update-for-internet-explorer-march-14-2017
Last Review: Mar 29, 2017 - Rev: 52

> https://technet.microsoft.com/library/security/MS17-006

:fear::fear:

FYI...

MS Security Update Guide
> https://portal.msrc.microsoft.com/en-us/security-guidance

Release Notes
April 2017 Security Updates
> https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/42b8fa28-9d09-e711-80d9-000d3a32fc99
April 11, 2017 - "The April security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
Visual Studio for Mac
.NET Framework
Silverlight
Adobe Flash Player ..."
> https://portal.msrc.microsoft.com/en-us/security-guidance/summary

Cumulative security update for Internet Explorer: April 11, 2017
> https://support.microsoft.com/en-us/help/4014661/cumulative-security-update-for-internet-explorer-april-11-2017
Last Review: Apr 13, 2017 - Rev: 46
"... Additionally, see Windows 10* and Windows Server 2016 update history for more information on cumulative updates for Windows 10 and Windows Server 2016..."
* https://support.microsoft.com/en-us/help/4000825/windows-10-windows-server-2016-update-history
Last Review: Apr 13, 2017 - Rev: 46
___

April 11, 2017, update for Microsoft Office
- https://support.microsoft.com/en-us/help/4016803/april-11-2017-update-for-microsoft-office
Last Review: Apr 13, 2017 - Rev: 10
___

Qualys analysis:
- https://blog.qualys.com/laws-of-vulnerabilities/2017/04/11/microsoft-fixes-45-vulnerabilities-with-new-security-update-guide-says-goodbye-to-security-updates
April 11, 2017 - "Today is the first month since 1998 in which Microsoft stopped releasing security bulletins with the familiar MSxx-xxx format and replaced it with the new security update guide:
- https://portal.msrc.microsoft.com/en-us/security-guidance
In today’s release Microsoft fixed a total of 45 vulnerabilities that could lead to remote code execution, denial-of-service, elevation of privileges, security feature bypass and spoofing. Top priority goes to the Office and WordPad CVE-2017-0199 which fixed a 0-day vulnerability that is being actively exploited in the wild. Exploitation of this vulnerability requires that a user open or preview a specially crafted file with an affected version of Office or WordPad. Attacker could accomplish this by sending a specially crafted file to the user and then convincing the user to open the file. We recommend administrators patch this as soon as possible..."
(More detail at the qualys URL above.)

ISC analysis:
- https://isc.sans.edu/diary.html?storyid=22286
Apr 11 2017 - "Today on Tuesday 2017-04-11, Microsoft announced its monthly security release (also known as "Patch Tuesday). Reviewing Microsoft's Security Update Guide, it looks like there's 644 updates with 210 of them listed as "Critical" severity..."
(More detail at the ISC URL above.)

'ghacks' analysis:
- https://www.ghacks.net/2017/04/11/microsoft-security-updates-april-2017-release/
April 11, 2017 - "... marks the end of Windows Vista's extended support phase. Microsoft won't release security updates for Windows Vista officially anymore*...
* https://www.ghacks.net/2017/03/11/remember-windows-vista-support-ends-next-month/
... Executive Summary: Security Bulletins are no longer provided. Microsoft switched the information system to the Security Update Guide fully. The April security update patches issues in all supported versions and editions of Microsoft Windows. Other Microsoft products with patches are Microsoft Edge and Internet Explorer, the .NET Framework, Silverlight, and Microsoft Office.
Operating System Distribution:
Windows Vista: 9 vulnerabilities, 1 critical, 8 important
Windows 7: 9 vulnerabilities, 1 critical, 8 important.
Windows 8.1: 23 vulnerabilities, 4 critical, 19 important.
Windows RT 8.1: 11 vulnerabilities, 1 critical, 10 important.
Windows 10 version 1703: 21 vulnerabilities, 5 critical, 16 important..."

:fear::fear::fear:

FYI...

Microsoft Security Bulletin Summary for March 2017
Published: March 14, 2017 | Updated: April 11, 2017
> https://technet.microsoft.com/en-us/library/security/ms17-mar.aspx
V2.0 (April 11, 2017): Bulletin Summary revised to announce the following updates:
For MS17-013, the release of update 4017018 for Windows Vista and Windows Server 2008. The update replaces update 4012583 for CVE-2017-0038 only, to comprehensively address the vulnerability. Microsoft recommends that customers running the affected software install the security update to be fully protected from the vulnerability described in this bulletin. See Microsoft Knowledge Base Article 4017018 for more information.
For MS17-014, to comprehensively address CVE-2017-0027 for Office for Mac 2011 only, Microsoft is releasing security update 3212218. Microsoft recommends that customers running Office for Mac 2011 install update 3212218 to be fully protected from this vulnerability. See Microsoft Knowledge Base Article 3212218 for more information.
For MS17-021, security updates that apply to CVE-2017-0042 for Windows Server 2012 are now available. Customers running Windows Server 2012 should install update 4015548 (Security Only) or 4015551 (Monthly Rollup) to be fully protected from this vulnerability. Customers running other versions of Microsoft Windows do not need to take any further action.
___

- https://www.us-cert.gov/ncas/current-activity/2017/04/12/Microsoft-Releases-April-2017-Security-Updates
April 12, 2017 - "Microsoft has released -61- updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of a system. This Security Update addresses a Microsoft Office vulnerability that is actively being exploited to spread malicious code:
> https://nvd.nist.gov/vuln/detail/CVE-2017-0199
US-CERT encourages users and administrators to review Vulnerability Note #VU921560* and Microsoft's April 2017 Security Update** and apply the necessary updates."

* https://www.kb.cert.org/vuls/id/921560

** https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/42b8fa28-9d09-e711-80d9-000d3a32fc99
___

April 2017 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2017/04/11/april-2017-office-update-release/
April 11, 2017 - "The April 2017 Public Update releases for Office are now available! This month, there are -19- security updates and 33 non-security updates. All of the security and non-security updates are listed in KB article 4016803:
- https://support.microsoft.com/en-us/help/4016803/April-2017-update-for-microsoft-office
A new version of Office 2013 Click-To-Run is available: 15.0.4919.1002
A new version of Office 2010 Click-To-Run is available: 14.0.7180.5002 "

> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199
April 11, 2017

- http://www.securitytracker.com/id/1038224
CVE Reference: CVE-2017-0199
Updated: Apr 12 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 2007 SP3, 2010 SP2, 2013 SP1, 2016 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix, available at:
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4014793
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4015549
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4015551

- http://www.securitytracker.com/id/1038227
CVE Reference: CVE-2017-0106, CVE-2017-0204
Apr 11 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 2007 SP3, 2010 SP2, 2013 SP1, 2016; Outlook for Mac 2011
Impact: A remote user can create an email message that, when loaded or previewed by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix.
The vendor advisories are available at:
- https://support.microsoft.com/en-us/help/3172519/description-of-the-security-update-for-outlook-2013-april-11-2017
- https://support.microsoft.com/en-us/help/3127890/description-of-the-security-update-for-outlook-2007-april-11-2017
- https://support.microsoft.com/en-us/help/3118388/description-of-the-security-update-for-outlook-2010-april-11-2017
- https://support.microsoft.com/en-us/help/3212218/description-of-the-security-update-for-office-for-mac-2011-14-7-3-apri
- https://support.microsoft.com/en-us/help/3178664/description-of-the-security-update-for-outlook-2016-april-11-2017

:fear::fear::fear:

FYI...

Microsoft's critical Windows and Office patches - problems
- http://www.infoworld.com/article/3189776/microsoft-windows/microsofts-critical-windows-and-office-patches-present-a-panoply-of-problems.html
Apr 13, 2017 - "Windows and Office patching have had a horrible three months... just what we've seen in the first 48 hours... The SANS Internet Storm Center*, my go-to source for patch insight, has thrown up its hands, listing all -210- "critical" updates in one massive blob. In addition to the 210 "critical" there's another -434- that aren't so critical, coming to a grand total of -644- patches this month... tip of the -buggy- iceberg..."
(More detail at the infoworld URL above.)

* https://isc.sans.edu/forums/diary/April+2017+Microsoft+Patch+Tuesday/22288/
___

Also see:

Microsoft Addresses Shadow Brokers Exploits
> https://www.us-cert.gov/ncas/current-activity/2017/04/15/Microsoft-Addresses-Shadow-Brokers-Exploits-0
Last revised: April 16, 2017

- https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/
April 14, 2017

- https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/
4/15/2017

:fear::fear: :mad:

FYI...

April 11, 2017 — KB4015549 (Monthly Rollup)
Windows 7 SP1 and Windows Server 2008 R2 SP1
- https://support.microsoft.com/en-us/help/4015549/windows-7-windows-server-2008-r2-sp1-update-kb4015549
Last Review: Apr 12, 2017 - Rev: 21
"... Known issues in this update:
If the PC uses an AMD Carrizo DDR4 processor, installing this update will -block- downloading and installing future Windows updates. Microsoft is working on a resolution and will provide an update in an upcoming release..."
___

- http://www.infoworld.com/article/3189586/microsoft-windows/microsoft-plan-to-force-pcs-with-newer-processors-to-windows-10-backfires.html
Apr 13, 2017 - "Microsoft is working on a fix after Tuesday’s Windows 7 and 8.1 security updates misfired on some users, forcibly locking them -out- of future Windows updates.
Microsoft has acknowledged that the updates’ detection mechanism, intended to force users with newer 7th generation processor chips to move to Windows 10, also caught people with 6th generation AMD Carrizo DDR 4 PCs, which -were- explicitly -allowed- under terms of Microsoft’s Lifecycle Policy FAQ. Microsoft admitted erroneously -blocking- Windows Update on -four- different Tuesday patches:
KB 4015549 (the Win7 Monthly Rollup), KB 4015546 (the Win7 Security-Only patch), KB 4015550 (the Win8.1 Monthly Rollup), and KB 4015547 (the Win8.1 Security-Only patch)..."

:fear::fear::fear:

FYI...

MS - Feedback on the Security Update Guide
- https://blogs.technet.microsoft.com/msrc/2017/04/21/taking-your-feedback-on-the-security-update-guide/
April 21, 2017 - "The Security Update Guide* has been in public preview since November 2016. This month marked our first release when security update information was published entirely in the new format. Over the last few months, customers and partners have provided a lot of feedback on the direction and implementation of the Security Update Guide. As we completed Preview this month, we want to let you know that we are continuing to listen to your feedback, and are working to enhance your experience... If you have questions about the change, or how to accomplish certain tasks, we have a FAQ**, as well as a TechNet support forum*** for the Security Update Guide. If you have questions about how to use the Security Update Guide or a suggestion to improve it, please post to the forum or (even better) upvote someone else’s suggestion if you also like it. We are listening."
* https://portal.msrc.microsoft.com/en-us/security-guidance

FAQ: ** https://technet.microsoft.com/en-us/security/mt791750

Forum: *** https://social.technet.microsoft.com/Forums/security/en-US/home?forum=securityupdateguide
___

Why is Intel allowing this?
- https://software.intel.com/en-us/forums/intel-isa-extensions/topic/731318
4/14/2017

:blink: :confused:

FYI...

MS Ending Security Updates for Windows 10 version 1507
- https://www.us-cert.gov/ncas/current-activity/2017/05/04/Microsoft-Ending-Security-Updates-Windows-10-version-1507
May 04, 2017 - "After May 9, 2017, devices running Windows 10 version 1507 will no longer receive security updates. US-CERT encourages users and administrators to review Microsoft's Windows 10 version 1507 post* for more information and to apply necessary updates."

* https://support.microsoft.com/en-us/help/4015562/windows-10-version-1507-will-no-longer-receive-security-updates
Last Review: Apr 12, 2017 - Rev: 17
"... Microsoft recommends visiting the Software Download site** and selecting 'Update now' to manually update your device..."
** https://www.microsoft.com/software-download/windows10
___

Outlook 2010 (KB3191906)
- https://support.microsoft.com/en-us/help/3191906/may-2-2017-update-for-outlook-2010-kb3191906
Article ID: 3191906 - Last Review: May 2, 2017 - Rev: 11
"... Fixes the following issue: When you add attachments to a saved email message and then send the email message in Outlook 2010, the attachments are missing, corrupted or duplicated..."
> https://www.catalog.update.microsoft.com/Search.aspx?q=3191906

Office 2010 (KB3128031)
- https://support.microsoft.com/en-us/help/3128031/may-2-2017-update-for-office-2010-kb3128031
Article ID: 3128031 - Last Review: May 2, 2017 - Rev: 9
"... Improvements and fixes: Improves the robustness to make sure that the stability of Office 2010 applications in certain scenarios..."
> https://www.catalog.update.microsoft.com/Search.aspx?q=3128031

:fear::fear:

FYI...

MS Security Advisory 4022344
Security Update for Microsoft Malware Protection Engine
- https://technet.microsoft.com/en-us/library/security/4022344.aspx
May 8, 2017 - "Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system... Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration..."
___

- http://www.infoworld.com/article/3194763/endpoint-protection/microsoft-rushes-emergency-fix-for-critical-antivirus-bug.html
May 9, 2017 - "... critical security vulnerability in the Microsoft Malware Protection Engine affects a number of Microsoft products, including Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Forefront Security for SharePoint, Microsoft Endpoint Protection, and Microsoft Forefront Endpoint Protection. These tools are enabled by default in Windows 8, 8.1, 10, and Windows Server 2012..."

- http://www.securitytracker.com/id/1038419
CVE Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-0290
May 9 2017
Fix Available: Yes Vendor Confirmed: Yes
Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13704.0), available via automatic update.
The vendor has also provided information on how to manually update the Microsoft Malware Protection Engine, available at:
- https://support.microsoft.com/kb/2510781
___

- http://www.securitytracker.com/id/1038420
CVE Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-0290
May 9 2017
Fix Available: Yes Vendor Confirmed: Yes
Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13704.0), available via automatic update.
The vendor has also provided information on how to manually update the Microsoft Malware Protection Engine, available at:
- https://support.microsoft.com/kb/2510781
___

- https://www.us-cert.gov/ncas/current-activity/2017/05/08/Microsoft-Releases-Critical-Security-Update
May 08, 2017

:fear::fear:

FYI...

MS Security Updates - May 2017
- https://portal.msrc.microsoft.com/en-us/security-guidance
May 9, 2017
> https://portal.msrc.microsoft.com/en-us/security-guidance/summary

- https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bc365363-f51e-e711-80da-000d3a32fc99
May 09, 2017 - "The May security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
NET Framework
Adobe Flash Player ..."

- https://blogs.technet.microsoft.com/msrc/2017/05/09/may-2017-security-update-release/
May 9, 2017

Coming together to address Encapsulated PostScript (EPS) attacks
- https://blogs.technet.microsoft.com/msrc/2017/05/09/coming-together-to-address-encapsulated-postscript-eps-attacks/
May 9, 2017
"... Related links:
CVE-2017-0261: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261
CVE-2017-0262: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0262
CVE-2017-0263: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0263
Enterprise customers can check here* to see if they have the latest Office 365 updates."
* https://technet.microsoft.com/en-us/office/mt465751

MS Malware Protection Engine Remote Code Execution Vuln
> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290
Internet Explorer Memory Corruption Vuln
> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0222
Scripting Engine Memory Corruption Vuln
> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0229
Windows SMB Remote Code Execution Vuln
> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0277
Windows SMB Remote Code Execution Vuln
> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0278
Windows SMB Remote Code Execution Vuln
> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0279
Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11
> https://technet.microsoft.com/library/security/4010323
May 9, 2017
___

May 2017 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2017/05/09/may-2017-office-update-release/
May 9, 2017 - "... This month, there are -36- security updates and 28 non-security updates. All of the security and non-security updates are listed in KB article 4020152*.
* https://support.microsoft.com/en-us/help/4020152/may-9-2017-update-for-microsoft-office
Last Review: May 9, 2017 - Rev: 10

A new version of Office 2013 Click-To-Run is available: 15.0.4927.1002

A new version of Office 2010 Click-To-Run is available: 14.0.7181.5002"
___

Microsoft Security Bulletin MS17-013 - Critical
Security Update for Microsoft Graphics Component (4013075)
- https://technet.microsoft.com/en-us/library/security/MS17-013
V3.0 (May 9, 2017): "Microsoft has re-released security update 4017018 for affected editions of Windows Server 2008. The re-release has been re-classified as a security update. Microsoft recommends that customers should install update 4017018 to be fully protected from CVE-2017-0038. Customers who have already installed the update do not need to take any further action.
In addition, this security update correction also applies to Windows Server 2008 for Itanium-based Systems."
___

CVE-2017-0290: http://www.securitytracker.com/id/1038419
- http://www.securitytracker.com/id/1038420

CVE-2017-0064: http://www.securitytracker.com/id/1038447

CVE-2017-0077: http://www.securitytracker.com/id/1038454

CVE-2017-0175: http://www.securitytracker.com/id/1038452

CVE-2017-0190: http://www.securitytracker.com/id/1038451

CVE-2017-0213: http://www.securitytracker.com/id/1038457

CVE-2017-0220: http://www.securitytracker.com/id/1038445

CVE-2017-0222: http://www.securitytracker.com/id/1038423

CVE-2017-0227, CVE-2017-0240: http://www.securitytracker.com/id/1038424

CVE-2017-0228: http://www.securitytracker.com/id/1038425
CVE-2017-0228: http://www.securitytracker.com/id/1038426

CVE-2017-0231: http://www.securitytracker.com/id/1038455
- http://www.securitytracker.com/id/1038456

CVE-2017-0234, CVE-2017-0236: http://www.securitytracker.com/id/1038431

CVE-2017-0244: http://www.securitytracker.com/id/1038453

CVE-2017-0246, CVE-2017-0263: http://www.securitytracker.com/id/1038449

CVE-2017-0248: http://www.securitytracker.com/id/1038458

CVE-2017-0254: http://www.securitytracker.com/id/1038443

CVE-2017-0258: http://www.securitytracker.com/id/1038446

CVE-2017-0261: http://www.securitytracker.com/id/1038444

CVE-2017-0265: http://www.securitytracker.com/id/1038448

CVE-2017-0267, CVE-2017-0271, CVE-2017-0275: http://www.securitytracker.com/id/1038432

CVE-2017-0269, CVE-2017-0273: http://www.securitytracker.com/id/1038433
___

MS Security Advisory 4021279
Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/library/security/4021279
Updated: May 10, 2017
V1.1 (May 10, 2017): "Advisory revised to include a table of issue CVEs and their descriptions. This is an informational change only."
___

Description of Software Update Services and Windows Server Update Services changes in content for 2017
- https://support.microsoft.com/en-us/help/894199/description-of-software-update-services-and-windows-server-update-services-changes-in-content-for-2017
Last Review: May 9, 2017 - Rev: 64
___

Qualys Analysis:
- https://blog.qualys.com/laws-of-vulnerabilities/2017/05/09/microsoft-fixes-malware-protection-engine-and-several-0-day-vulnerabilities
May 9, 2017 - "... In today’s patch Tuesday update Microsoft released a total of -57- vulnerability fixes. Highest priority should go to patching 0-day issues which are actively exploited. On top of our list is the Office patch for CVE-2017-0261 which is triggered when a victim opens an office file containing malformed graphics image. The file could be delivered via email or any other means. As this is actively exploited in the wild and attackers can take complete control of the victim system this should be treated with priority...
In Summary today’s release fixed 3 actively exploited and 4 publicly disclosed issues including the malware protection engine, Office, IE, Edge and SMB vulnerabilities."

ISC Analysis:
- https://isc.sans.edu/diary.html?storyid=22396
2017-05-09

ghacks Analysis:
- https://www.ghacks.net/2017/05/09/microsoft-security-updates-may-2017-release/
May 9, 2017 [See 'Executive Summary']

- https://www.thezdi.com/blog/2017/5/5/the-may-2017-security-update-review
May 09, 2017 - "... table of all CVEs released by Microsoft for May, 2017..."

- https://www.askwoody.com/2017/patch-tuesday-is-rolling-out/
May 09, 2017
___

- https://www.us-cert.gov/ncas/current-activity/2017/05/09/Microsoft-Releases-May-2017-Security-Updates
May 09, 2017 - "Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.
US-CERT encourages users and administrators to review Microsoft's May 2017 Security Update Summary* and Deployment Information** and apply the necessary updates."
* https://portal.msrc.microsoft.com/en-us/security-guidance/summary

** https://support.microsoft.com/en-us/help/20170509/security-update-deployment-information-may-9-2017
Last Review: May 9, 2017 - Rev: 22

.

FYI...

MS Security Advisory 4022345
Identifying and correcting failure of Windows Update client to receive updates
- https://technet.microsoft.com/en-us/library/security/4022345
May 9, 2017 - "Microsoft is releasing this security advisory to provide information related to an uncommon deployment scenario in which the Windows Update Client may not properly scan for, or download, updates. This scenario may affect customers who installed a Windows 10 or Windows Server 2016 operating system, and who have never interactively logged in to the system or connected to it through remote desktop services. These systems may not receive Windows updates until a user has completed initial setup by interactively logging in or by logging in through remote desktop services..."
V1.0 (May 9, 2017): Advisory published.
V1.1 (May 10, 2017): Advisory updated to include Logon Type 2 Security Event Log entries. This is an informational change only.
V1.2 (May11, 2017): Advisory updated to clarify the WSUS environment. This is an informational change only.
V1.3 (May 17, 2017): Updated FAQ to clarify the update that needs to be installed: “the current cumulative update”...

:fear::fear:

FYI...

Updating MS antimalware and antispyware software...
> https://www.microsoft.com/en-us/security/portal/definitions/adl.aspx#manual
May 16, 2017 - "... Force a daily update:
If you want Windows to update your software, go to Windows Update or:
Open your Microsoft security software.
Click the Update tab.
Click the Update button.
>> https://www.microsoft.com/en-us/CMSImages/update_client.png?version=0c2cc3f7-1f27-b438-8f31-be4d724584cf&CollectionId=86e1741b-551b-4e7b-9732-0011b7504d55
... Manually download the latest updates:
If you need to get the latest updates available, you can download and install them from here.
For all Microsoft security software, you will need to download the antimalware and antispyware updates.
Antimalware and antispyware updates:
For antimalware and antispyware, the latest definitions are 1.243.529.0, dated May 16, 2017 6:2 PM UTC.
To download these updates:
1. Check whether your version of Windows is 32-bit or 64-bit.
2. In the table below, right-click on the link that will work for your version of Windows and choose Save target as... or Save link as...
3. Save the file to your Desktop.
4. When the file has finished downloading, go to your Desktop and double-click the file (it will be called mpam-fe.exe, mpas-fe.exe, or mpam-feX64.exe).
5. Follow the prompts to install the update..."
___

> https://www.microsoft.com/en-us/security/portal/mmpc/products/default.aspx
"Windows Defender in Windows 10 and Windows 8.1, and Microsoft Security Essentials in Windows 7 and Windows Vista help protect your PC from malware and other threats in exactly the same way. You -can't- use Microsoft-Security-Essentials with Windows-10 or Windows 8.1. Windows Defender in Windows 10 and Windows 8.1 is built into Windows and ready to work as soon as you turn your PC on..."
> https://www.microsoft.com/en-us/safety/pc-security/windows-defender.aspx
___

Do You Need [an Intel] Firmware Update?
- http://windowssecrets.com/windows-secrets/patch-watch-do-you-need-a-firmware-update/
May 11, 2017 - "For those of you with Intel processors, it’s time to see if you are vulnerable. Meanwhile we’re business as usual for Windows updates and Flash updates. And if you use Microsoft’s native antivirus protection, be sure that you’ve received the latest engine update to fix a critical flaw... Intel’s processors are vulnerable to a flaw in Intel’s Active management technology, Small Business Technology or Intel Standard Manageability software, and although I read that this “did not impact consumer PCs” I honestly ignored the warnings: 'I follow security best practices. This can’t impact my workstations'. And then I used the Intel Detection Tool* and determined that many of my workstations – especially in my office -did- have the vulnerable code in my systems. So much for best security practices! Fortunately, while I may have the vulnerable code, the 'Active management technology' is and was not ever -enabled- and I don’t have it set to be accessible from outside of my office. Thus I am not vulnerable to attack even though I may have the vulnerable code on my system. Nevertheless, I recommend that you scan your own system and see if it can detect what chipset you have and if you too may have the vulnerable software. Then contact or view the forums of your OEM vendors and see when they plan to release a bios update to fix this issue. Some like Dell** have posted a listing of impacted systems. HP*** also has a page where you can follow up with more information."
* https://downloadcenter.intel.com/download/26755

** http://en.community.dell.com/techcenter/extras/m/white_papers/20443914

*** http://www8.hp.com/us/en/intelmanageabilityissue.html

:fear::fear::fear:

FYI...

Win7 SP1 and WinSvr2008 R2 SP1 - KB4019264 (Monthly Rollup)
> https://support.microsoft.com/en-us/help/4019264/windows-7-update-kb4019264
Last Review: May 23, 2017 - Rev: 33
___

Where’s My Win10 Creators Update?
- http://windowssecrets.com/windows-secrets/patch-watch-so-wheres-my-creators-update/
May 23, 2017 - "... 'already been tracking a few known issues such as Network printers* failing due to machines having less than 4 GBs of memory:
* https://answers.microsoft.com/en-us/windows/forum/windows_10-hardware/network-printers-may-fail-to-install-on-windows-10/4bdca057-f72a-40f8-94e0-6827f813fa21
There’s also a known issue when certain antivirus is installed while the creator’s update is installed as noted in the Answers forum**. To work around this issue, make sure you update the antivirus or remove it and reinstall it.
** https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/text-may-not-appear-in-the-windows-interface-on/ed1823d3-c82c-4d7f-ba9d-43ecbcf526e9
Because the Creators Update is heavily reliant on 3D and video enhancements, I’m seeing that video drivers are the key item that may need to be updated. In fact a -known- issue with Nvidia video drivers, as noted in the forum***, showcases that you need to update your video drivers..."
*** https://answers.microsoft.com/en-us/windows/forum/windows_10-performance/some-laptop-models-may-boot-to-a-black-screen-in/31b0ff28-85cb-4ca0-a770-9dcb7e45cd9e

Win10’s recovery options:
- https://support.microsoft.com/en-us/help/12415/windows-10-recovery-options
Last Review: May 23, 2017 - Rev: 74

:fear::fear:

FYI...

When You should Disable Server Message Block v1
- http://windowssecrets.com/windows-secrets/when-you-should-disable-server-message-block-v1/
May 25, 2017 - "The recent ransomware attacks have had a inadvertent side effect at my home and office: It has pointed out to me how much I’m still dependent on Server Message Block v1 (SMB v1). Microsoft’s -workaround- for the recent ransomware attacks have recommended the following workaround as noted in KB2696547*: disabling SMB v1, and leaving SMB v2 and SMB v3 -alone- unless you need to troubleshoot your security settings...
* https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows-server
Last Review: May 22, 2017 - Rev: 35
... SMB v1 is a -30-year-old protocol that has seen better days. The recent ransomware attacks using this protocol to amplify their mayhem have some security researchers still unsure of exactly how the initial attack vector took place. It’s unclear at this time if this ransomware came through targeted email attacks (like many other ransomware attacks), or, if this was a unique attack that possibly infected a workstation, which then brought the attack into the impacted networks through some network access point previously used to bring in other worm like attacks. While it’s unclear how the initial infection started out, it’s -clear- that once the infection got into the network, it relied on vulnerabilities in SMB v1 to basically run rampant through the network. This is why so many security sites recommended disabling SMB v1 as an old and out of date protocol. As pointed out on the Vinransomware blog site**, the best way for a consumer or home user to disable SMBv1 is through the graphical user interface."
** http://www.vinransomware.com/blog/how-to-disable-smb-on-windows-machines-to-prevent-wannacry-ransomware
15 May 2017 - "... Please note: -Before- proceeding further it is strongly advised to take a backup of the machine because you will in some case might require to change the Windows Registry. If the steps are not carefully followed it might even crash the machine..."

:fear::fear:

FYI...

Security Update for MS Malware Protection Engine - Critical
- https://technet.microsoft.com/en-us/library/security/4022344
V1.0 (May 8, 2017): Advisory published.
V1.1 (May 11, 2017): Added link to the same information in the Security Update Guide. This is an informational change only.
V1.2 (May 12, 2017): Added entries into the affected software table. This is an informational change only.
"... For more information on how to manually update the Microsoft Malware Protection Engine and malware definitions, refer to Microsoft Knowledge Base Article 2510781* ..."

> https://nvd.nist.gov/vuln/detail/CVE-2017-0290
Last revised: 05/25/2017

Microsoft Malware Protection Engine deployment info
* https://support.microsoft.com/en-us/help/2510781/microsoft-malware-protection-engine-deployment-information

> https://www.microsoft.com/en-us/security/portal/definitions/whatsnew.aspx

> https://www.helpnetsecurity.com/2017/05/30/microsoft-malware-protection-engine-flaws/
May 30, 2017 - "... security issues have been fixed in version 1.1.13804.0 of the Microsoft Malware Protection Engine. The newest version of the engine is usually automatically downloaded and implemented by the security software that uses it... to verify whether the latest version of the MMPE and definition updates are being actively downloaded and installed for their Microsoft antimalware products can do so by clicking on the software’s Help tab, then choosing the 'About [that specific software]' option..."

- http://www.securitytracker.com/id/1038571
CVE Reference: CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, CVE-2017-8538, CVE-2017-8539, CVE-2017-8540, CVE-2017-8541, CVE-2017-8542
May 26 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 1.1.13704.0 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code with LocalSystem privileges on the target system.
A local user can prevent the target Microsoft Malware Protection Engine from monitoring the target system. A service restart is required to return the system to normal operations.
Solution: The vendor has issued a fix (1.1.13804.0)...

- http://www.securitytracker.com/id/1038572

- http://www.securitytracker.com/id/1038573

- http://www.securitytracker.com/id/1038574

:fear::fear:

FYI...

MS Security Updates - June 2017
- https://portal.msrc.microsoft.com/en-us/security-guidance
June 13, 2017
> https://portal.msrc.microsoft.com/en-us/security-guidance/summary
Total items: 85 [June 14, 2017] / Total items: 88 [June 22, 2017] / Total items: 89 [June 23, 2017]

- https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/40969d56-1b2a-e711-80db-000d3a32fc99
June 13, 2017 - "The June security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
Silverlight
Skype for Business and Lync
Adobe Flash Player ..."

June 2017 security update release
- https://blogs.technet.microsoft.com/msrc/2017/06/13/june-2017-security-update-release/
June 13, 2017

MS Security Advisory 4025685
Guidance related to June 2017 security update release
- https://technet.microsoft.com/library/security/4025685.aspx
June 13, 2017

- http://www.securitytracker.com/id/1038667
CVE Reference: CVE-2017-8543
Jun 13 2017
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 7 SP1, 2008 R2 SP1, 2008 SP2, 2012, 8.1, 2012 R2, RT 8.1, 10, 10 Version 1511, 2016, 10 Version 1607, 10 Version 1703
Description: A vulnerability was reported in Windows Search. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted SMB data to trigger an object memory handling error in Windows Search and execute arbitrary code on the target system.
Impact: A remote user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix.
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543
___

June 2017 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2017/06/09/june-2017-office-update-release/
June 9, 2017 - "... This month, there are 51 security updates and 27 non-security updates. All of the security and non-security updates are listed in KB article 4023935*.
A new version of Office 2013 Click-To-Run is available: 15.0.4937.1000
A new version of Office 2010 Click-To-Run is available: 14.0.7182.5000"

* https://support.microsoft.com/en-us/help/4023935/june-13-2017-update-for-microsoft-office
Last Review: Jun 13, 2017 - Rev: 9
___

Additional references:
- http://www.securitytracker.com/id/1038659
- http://www.securitytracker.com/id/1038661
- http://www.securitytracker.com/id/1038662
- http://www.securitytracker.com/id/1038663
- http://www.securitytracker.com/id/1038664
- http://www.securitytracker.com/id/1038666
- http://www.securitytracker.com/id/1038667
- http://www.securitytracker.com/id/1038668
- http://www.securitytracker.com/id/1038669
- http://www.securitytracker.com/id/1038670
- http://www.securitytracker.com/id/1038671
- http://www.securitytracker.com/id/1038673
- http://www.securitytracker.com/id/1038674
- http://www.securitytracker.com/id/1038675
- http://www.securitytracker.com/id/1038676
- http://www.securitytracker.com/id/1038678
- http://www.securitytracker.com/id/1038680

- http://www.securitytracker.com/id/1038701
- http://www.securitytracker.com/id/1038702
Jun 15 2017
___

ghacks Analysis:
- https://www.ghacks.net/2017/06/13/microsoft-security-updates-june-2017-release/
June 13, 2017 - Microsoft Security Patches for June 2017 - [See 'Executive Summary']

- https://www.thezdi.com/blog/2017/6/13/the-june-2017-security-update-review
June 13, 2017 - [Scroll down to: 'Microsoft Patches for June 2017']

Qualys Analysis:
- https://blog.qualys.com/laws-of-vulnerabilities/2017/06/13/microsoft-fixes-94-security-issues-in-massive-june-update
June 13, 2017 - "Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months... Overall its a large security update which is almost double as compared to last two months in the number of patched vulnerabilities. Actively exploited SMB issue CVE-2017-8543* and other Font, Outlook, Office, Edge and IE issues are sure to keep system administrators and security teams busy."
* https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543
___

- https://www.us-cert.gov/ncas/current-activity/2017/06/13/Microsoft-Releases-June-2017-Security-Updates
June 13, 2017

:fear::fear::fear:

FYI...

MS Security Advisory 4025685: Guidance for older platforms
- https://support.microsoft.com/en-in/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms
Last Review: 19-Jun-2017 - Rev: 26
___

Cumulative security update for Internet Explorer
- https://support.microsoft.com/en-us/help/4021558/cumulative-security-update-for-internet-explorer-june-13-2017
Last Review: Jun 23, 2017 - Rev: 5
"... Known issues in this security update:
When you print a specific iframe or frame in a web page, the print output may be blank, or text is printed that resembles the following:
404 – Not Found
(A frame is a part of a web page or browser window that displays content independent of its container. A frame can load content independently.)
This problem has also been observed in both Internet Explorer 11, and in applications that host the IE Web Browser Control.
There is currently no workaround for this issue. However, if you print the entire web page, it will print correctly.
Microsoft is researching this problem and will post more information in this article when the information becomes available."
___

Description of the security update for Outlook 2010
- https://support.microsoft.com/en-us/help/3203467/descriptionofthesecurityupdateforoutlook2010june13,2017
Last Review: Jun 20, 2017 - Rev: 19
"... Known issues in this security update: ..."

:fear::fear:

FYI...

June 2017 Security Updates
> https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/40969d56-1b2a-e711-80db-000d3a32fc99
See: "... Known Issues..." ref. KB numbers listed
Jun 23, 2017
___

CVE-2017-8558 | MS Malware Protection Engine Remote Code Execution Vuln
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8558
6/23/2017
- http://www.securitytracker.com/id/1038783
CVE Reference: CVE-2017-8558
Jun 23 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): Microsoft Malware Protection Engine 1.1.13804.0 and prior ...
The following product versions are affected:
Microsoft Endpoint Protection
Microsoft Forefront Endpoint Protection
Microsoft Forefront Endpoint Protection 2010
Windows Intune Endpoint Protection ...
Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13903.0)...

- http://www.securitytracker.com/id/1038784
CVE Reference: CVE-2017-8558
Jun 23 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): Microsoft Malware Protection Engine 1.1.13804.0 and prior ...
Microsoft Security Essentials is also affected...
Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13903.0)...

CVE-2017-8529 | MS Browser Information Disclosure Vuln
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529
Last Updated: 06/22/2017
v3.0 - 06/22/2017: Microsoft is announcing the release of update 4032782 for Internet Explorer 11 on Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows Server 2012 R2 to address a known issue customers may experience when printing from Internet Explorer. Only customers who are experiencing print issues after installing Internet Explorer Cumulative update 4021558 should install update 4032782 because update 4032782 addresses the known issue by removing the protection from CVE-2017-8529. The update is available via the Microsoft Update Catalog only.
___

- http://windowssecrets.com/windows-secrets/patch-tuesday-a-rundown-of-the-known-side-effects-from-last-week/
June 22, 2017 - "... known issues have been documented... Office known issues... there will be an update expected on June 27th fixing the issue..."

:fear::fear::fear:

FYI...

Security Update Summary
> https://portal.msrc.microsoft.com/en-us/security-guidance/summary
See -all- KB's dated 06/28/2017
___

June 27, 2017, update for Outlook 2010 (KB3015545)
- https://support.microsoft.com/en-us/help/3015545/june-27-2017-update-for-outlook-2010-kb3015545
Last Review: Jun 28, 2017 - Rev. 14
Last Review: Jun 28, 2017 - Rev: 20

June 27, 2017, update for Outlook 2013 (KB3191849)
- https://support.microsoft.com/en-us/help/3191849/june-27-2017-update-for-outlook-2013-kb3191849
Last Review: Jun 27, 2017 - Rev: 13
Last Review: Jun 30, 2017 - Rev: 16
___

New ransomware, old techniques: Petya adds worm capabilities
- https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/
June 27, 2017

Update on Petya malware attacks
- https://blogs.technet.microsoft.com/msrc/2017/06/28/update-on-petya-malware-attacks/
June 28, 2017

- https://www.us-cert.gov/ncas/alerts/TA17-181A
July 01, 2017 - "... Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable... US-CERT received a sample of this Petya ransomware variant and performed a detailed malware analysis. The team found that this Petya variant encrypts the victim’s files with a dynamically generated, 128-bit key and creates a unique ID of the victim. However, there is no evidence of a relationship between the encryption key and the victim’s ID, which means it may not be possible for the attacker to decrypt the victim’s files even if the ransom is paid..."
___

- https://www.catalog.update.microsoft.com/Search.aspx?q=KB4022716
2017-06 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4022716)
Last Modified: 6/28/2017

- https://support.microsoft.com/en-us/help/4022716/windows-10-update-kb4022716
Last Review: Jun 27, 2017 - Rev: 25
___

- https://www.catalog.update.microsoft.com/Search.aspx?q=KB4022723
2017-06 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4022723)
2017-06 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4022723)
2017-06 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4022723)

- https://support.microsoft.com/en-us/help/4022723/windows-10-update-kb4022723
Last Review: Jun 27, 2017 - Rev: 29
Last Review: Jun 29, 2017 - Rev: 36
___

- https://www.catalog.update.microsoft.com/Search.aspx?q=KB4032693
2017-06 Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB4032693)
Last Modified: 6/26/2017
2017-06 Cumulative Update for Windows 10 Version 1511 for x86-based Systems (KB4032693)
Last Modified: 6/26/2017

- https://support.microsoft.com/en-us/help/4032693/windows-10-update-kb4032693
Last Review: Jun 27, 2017 - Rev: 12
Last Review: Jun 29, 2017 - Rev: 19

> https://www.neowin.net/news/windows-10-builds-15063447-143931378-and-10586965-now-available---heres-whats-new
Jun 27, 2017 [More detail...]

:fear::fear::fear:

FYI...

Outlook 2010 (KB3015545)...
- https://support.microsoft.com/en-us/help/3015545/june-27-2017-update-for-outlook-2010-kb3015545
Last Review: Jun 28, 2017 - Rev: 20
"... Note: A new update for 32-bit Outlook 2010 is under development and will be posted in this article when it becomes available. The original download package for the 32-bit version was removed from the Download Center after a problem was discovered that could cause Outlook to crash when you preview messages that have attachments. If you already downloaded and installed the 32-bit update, we recommend that you remove it until a new version is available..."
___

Windows 7 SP1 and Windows Server 2008 R2 SP1 - KB4022719 (Monthly Rollup)
- https://support.microsoft.com/en-us/help/4022719/windows-7-update-kb4022719
Last Review: Jun 27, 2017 - Rev: 41

MS Security Update Summary
> https://portal.msrc.microsoft.com/en-us/security-guidance/summary
Latest dated 06/28/2017 as of date/time of this post.

:fear::fear:

FYI...

MS Security Updates - July 2017

- https://portal.msrc.microsoft.com/en-us/security-guidance
[Total items: 989] [Page: 1/10] - 7/11/2017

MS Security Update Summary
> https://portal.msrc.microsoft.com/en-us/security-guidance/summary
Total items: 63 - 7/11/2017

> https://blogs.technet.microsoft.com/msrc/2017/07/11/july-2017-security-update-release/
July 11, 2017 - "Today, we released security updates to provide additional protections against malicious attackers..."

Release Notes - July 2017 Security Updates
- https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/f2b16606-4945-e711-80dc-000d3a32fc99
July 11, 2017 - "The July security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
.NET Framework
Adobe Flash Player
Microsoft Exchange Server..."
___

MS Office updates
> https://blogs.technet.microsoft.com/office_sustained_engineering/2017/07/11/july-2017-office-update-release/
July 11, 2017 - "... This month, there are -17- security updates and 30 non-security updates. All of the security and non-security updates are listed in KB article 4033107*..."
* - https://support.microsoft.com/en-us/help/4033107/july-11-2017-update-for-microsoft-office
Last Review: Jul 11, 2017 - Rev: 12
"... Microsoft released the following security and nonsecurity updates. These monthly updates are intended to help our customers keep their computers up-to-date. We recommend that you install all updates that apply to you..."
Office 2016, Office 2013, Office 2010, Office 2007
___

Additional information/reference:
- http://www.securitytracker.com/id/1038848
- http://www.securitytracker.com/id/1038849
- http://www.securitytracker.com/id/1038850
- http://www.securitytracker.com/id/1038851
- http://www.securitytracker.com/id/1038852
- http://www.securitytracker.com/id/1038853
- http://www.securitytracker.com/id/1038854
- http://www.securitytracker.com/id/1038855
- http://www.securitytracker.com/id/1038856
- http://www.securitytracker.com/id/1038857
- http://www.securitytracker.com/id/1038858
- http://www.securitytracker.com/id/1038859
- http://www.securitytracker.com/id/1038860
- http://www.securitytracker.com/id/1038861
- http://www.securitytracker.com/id/1038862
- http://www.securitytracker.com/id/1038863
- http://www.securitytracker.com/id/1038864
- http://www.securitytracker.com/id/1038865
- http://www.securitytracker.com/id/1038866
___

ghacks.net:
- https://www.ghacks.net/2017/07/11/microsoft-security-updates-july-2017-release/
July 11, 2017 - "... Executive Summary:
Microsoft released security updates for all client and server versions of Windows that the company supports.
All operating systems are affected by critical vulnerabilities.
Security updates have been released for other Microsoft products as well including Microsoft Office, Microsoft Edge, and Internet Explorer.
Windows 10 version 1507 won't receive security updates anymore.
Operating System Distribution:
Windows 7: 22 vulnerabilities of which 2 are rated critical, 19 important, and 1 moderate
Windows 8.1: 24 vulnerabilities of which 2 are rated critical, 21 important, and 1 moderate
Windows RT 8.1: 21 vulnerabilities of which 2 are rated critical, and 21 important
Windows 10 version 1703: 27 vulnerabilities of which 2 are rated critical, 23 important and 1 moderate ..."
(More at the ghacks URL above.)
___

- https://www.thezdi.com/blog/2017/7/11/the-july-2017-security-update-review
July 11, 2017 - "... 57 security patches impacting Windows, Internet Explorer, Edge, Office, SharePoint, .NET Framework, Exchange, and Hololens... some of these vulns were first disclosed to Microsoft during the most recent Pwn2Own competition back in March... all affected vendors were able to produce patches within 120 days... A few of the CVEs addressed by Microsoft this month deserve some extra attention..."

CVE-2017-8463 | Windows Explorer Remote Code Execution Vulnerability
Security Vulnerability
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8463
7/11/2017
CVE-2017-8584 | HoloLens Remote Code Execution Vulnerability
Security Vulnerability
> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8584
7/11/2017
___

Qualys analysis: https://blog.qualys.com/laws-of-vulnerabilities/2017/07/11/july-patch-tuesday-19-critical-vulnerabilities-from-microsoft-plus-critical-adobe-patches
July 11, 2017 - "Today Microsoft released patches covering 54 vulnerabilities as part of July’s Patch Tuesday, with 26 of them affecting Windows. Patches covering 19 of these vulnerabilities are labeled as Critical, all of which can result in Remote Code execution. According to Microsoft, none of these vulnerabilities are currently being exploited in the wild.
Top priority for patching should go to CVE-2017-8589*, which is a vulnerability in the Windows Search service. This vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations. The issue affects Windows Server 2016, 2012, 2008 R2, 2008 as well as desktop systems like Windows 10, 7 and 8.1. While this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya... Today’s release is normal in size, and covers 54 vulnerabilities in Windows, Internet Explorer, Edge, Office, .net Framework, Adobe Flash, and Exchange..."
* https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8589

.

FYI...

Patch Watch: July’s releases fix June’s Issues
> http://windowssecrets.com/windows-secrets/patch-watch-julys-releases-fix-junes-issues/
July 13, 2017
"... Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply."
___

> https://www.askwoody.com/
"Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it."

:fear::fear::fear:

FYI...

Outlook 2010 (KB4011042)
- https://support.microsoft.com/en-us/help/4011042/july-5-2017-update-for-outlook-2010-kb4011042
Last Review: Jul 11, 2017 - Rev: 17
"Notice: Update 4011042 for Microsoft Outlook 2010 that was released on July 5, 2017, is not currently available. This article will be updated as soon as the update is available again..."

Outlook 2013 (KB3191849)
- https://support.microsoft.com/en-us/help/3191849/june-27-2017-update-for-outlook-2013-kb3191849
Last Review: Jul 11, 2017 - Rev: 19
"Notice: Update 3191849 for Microsoft Outlook 2013 that was released on June 27, 2017, is not currently available. This article will be updated as soon as the update is available again..."

Outlook 2016 (KB3213654)
- https://support.microsoft.com/en-us/help/3213654/june-30-2017-update-for-outlook-2016-kb3213654
Last Review: Jul 11, 2017 - Rev: 21
"Notice: Update 3213654 for Microsoft Outlook 2016 that was released on June 30, 2017, is not currently available. This article will be updated as soon as the update is available again..."

... as of July 17, 2017
___

Win7 SP1 and Windows Server 2008 R2 SP1
... 2017 July monthly rollup
- https://support.microsoft.com/en-us/help/4025341/windows-7-update-kb4025341
Last Review: Jul 14, 2017 - Rev: -40-
___

- https://www.askwoody.com/2017/microsoft-yanks-bad-outlook-patches-of-patches-kb-3191849-3213654-401042/
July 15, 2017
- http://www.computerworld.com/article/3208033/microsoft-windows/microsoft-yanks-bad-outlook-patches-of-patches-kb-3191849-3213654-401042.html
July 15, 2017 - "... earlier versions of the bad patches-of-patches had a nasty habit of crashing Outlook."
___

Win10: https://blogs.msmvps.com/bradley/2017/07/17/getting-1703-on-systems-another-way/
July 17, 2017 - "Next way to get 1703 on systems – again go back to that download page:
- https://www.microsoft.com/en-us/software-download/windows10
and use the download tool to make the iso/media. Park the iso on a network share and expand it out.
Next use the command switches noted in this blog post:
– https://blogs.technet.microsoft.com/home_is_where_i_lay_my_head/2015/09/14/windows-10-setup-command-line-switches/
Specifically you want to ensure that you do -not- trigger a 'clean install' but an upgrade."

Tracking known issues with Win10 1703:
> https://techcommunity.microsoft.com/t5/Windows-10/Tracking-known-issues-with-Windows-10-1703/td-p/67122

:fear::fear::fear:

FYI...

New updates are available for Outlook
- https://blogs.technet.microsoft.com/office_sustained_engineering/2017/07/27/new-updates-are-available-for-outlook/
July 27, 2017 - "We released security updates for Outlook today. See the following KB articles for more information:
- https://support.microsoft.com/en-us/help/4011052
- https://support.microsoft.com/en-us/help/4011078
- https://support.microsoft.com/en-us/help/2956078
- https://support.microsoft.com/en-us/help/3213643
A new version of Office 2013 Click-To-Run is available: 15.0.4953.1001
A new version of Office 2010 Click-To-Run is available: 14.0.7187.5000"
___

CVE-2017-8572 | Microsoft Office Outlook Information Disclosure Vuln
Security Vulnerability
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8572
07/27/2017

- http://www.securitytracker.com/id/1039010
CVE Reference: CVE-2017-8572
Jul 27 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, 2010 C2R, 2013 C2R, 2016 C2R ...
Impact: A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix...
___

CVE-2017-8663 | Microsoft Office Outlook Memory Corruption Vuln
Security Vulnerability
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8663
07/27/2017

- http://www.securitytracker.com/id/1039011
CVE Reference: CVE-2017-8663
Jul 27 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, 2010 C2R, 2013 C2R, 2016 C2R ...
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix...
___

CVE-2017-8571 | Microsoft Office Outlook Security Feature Bypass Vuln
Security Vulnerability
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8571
07/27/2017

- http://www.securitytracker.com/id/1039012
CVE Reference: CVE-2017-8571
Jul 27 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, 2010 C2R, 2013 C2R, 2016 C2R ...
Impact: A remote user can create a file that, when loaded and interacted with by the target user, will execute arbitrary commands on the target user's system.
Solution: The vendor has issued a fix...
___

Description of the security update for Outlook 2007
- https://support.microsoft.com/en-us/help/3213643/description-of-the-security-update-for-outlook-2007-july-27-2017
Last Review: Jul 27, 2017 - Rev: 15

Description of the security update for Outlook 2010
- https://support.microsoft.com/en-us/help/2956078/description-of-the-security-update-for-outlook-2010-july-27-2017
Last Review: Jul 27, 2017 - Rev: 14

Description of the security update for Outlook 2013
- https://support.microsoft.com/en-us/help/4011078/description-of-the-security-update-for-outlook-2013-july-27-2017
Last Review: Jul 27, 2017 - Rev: 18

Description of the security update for Outlook 2016
- https://support.microsoft.com/en-us/help/4011052/description-of-the-security-update-for-outlook-2016-july-27-2017
Last Review: Jul 27, 2017 - Rev: 15
___

MS Security Update Summary
- https://portal.msrc.microsoft.com/en-us/security-guidance/summary
Latest dated: 7/27/2017 - Total items: 68
___

> http://www.computerworld.com/article/3211884/microsoft-windows/microsoft-releases-kb-3213643-2956078-4011078-4011052-to-fix-june-outlook-security-bugs.html
Jul 27, 2017

:fear::fear::fear:

Security Update Summary
https://portal.msrc.microsoft.com/en-us/security-guidance/summary

The August 2017 Security Update Review
August 08, 2017 | Dustin Childs

"For this month, Adobe released two Critical-rated updates for Adobe Flash, Digital Edition, and Reader, and one Important-rated update for Adobe Experience Manager."

"Microsoft released 48 security patches for August covering Windows, Internet Explorer (IE), Edge, the subsystem for Linux, Kernel, SharePoint, SQL Server, and Hyper-V. Of these 48 CVEs, 25 are listed as Critical, 21 are rated Important, and two are Moderate in severity. A total of seven of these CVEs came through the ZDI program. Two of these bugs are listed as publically known prior to release, with one bug listed as having publicly available PoC."

https://www.zerodayinitiative.com/blog/2017/8/8/the-august-2017-security-update-review

FYI...

Win7 August 2017 patches - bugzz
- http://computerworld.com/article/3215194/microsoft-windows/two-of-this-months-win7-patches-causing-second-screen-problems.html
Aug 14, 2017 - "... We now have solid reports of a -bug- in -both- of the Win-7 security patches for this month, KB 4034664* (the monthly rollup, installed by Windows Automatic Update) and KB 4034679** (the manual security-only patch). If you have a Win7 machine with two or more monitors, and there’s something weird happening with the second monitor, you may be able to solve the problem by uninstalling the bad patch..."

* https://support.microsoft.com/en-us/help/4034664/windows-7-sp1-windows-server-2008-r2-sp1-update-kb4034664
Last Review: Aug 9, 2017 - Rev: 21
Last Review: Aug 16, 2017 - Rev: 23
Last Review: Aug 18, 2017 - Rev: 25
Last Review: Aug 25, 2017 - Rev: 26

** https://support.microsoft.com/en-us/help/4034679/windows-7-sp1-windows-server-2008-r2-sp1-update-kb4034679
Last Review: Aug 9, 2017 - Rev: 23
Last Review: Aug 16, 2017 - Rev: 27
Last Review: Aug 18, 2017 - Rev: 28
Last Review: Aug 25, 2017 - Rev: 29

- https://www.askwoody.com/2017/microsoft-patches-buggy-windows-7-patch-kb-4039884-solves-the-dual-monitor-rendering-problem/
Aug 26, 2017

:fear::fear: :sad:

FYI...

Win7 August 2017 patches - bugzz
- http://computerworld.com/article/3215194/microsoft-windows/two-of-this-months-win7-patches-causing-second-screen-problems.html
Aug 14, 2017 - "... We now have solid reports of a -bug- in -both- of the Win-7 security patches for this month, KB 4034664* (the monthly rollup, installed by Windows Automatic Update) and KB 4034679** (the manual security-only patch). If you have a Win7 machine with two or more monitors, and there’s something weird happening with the second monitor, you may be able to solve the problem by uninstalling the bad patch..."

* https://support.microsoft.com/en-us/help/4034664/windows-7-sp1-windows-server-2008-r2-sp1-update-kb4034664
Last Review: Aug 9, 2017 - Rev: 21
Last Review: Aug 16, 2017 - Rev: 23
Last Review: Aug 18, 2017 - Rev: 25
Last Review: Aug 25, 2017 - Rev: 26
Last Review: Aug 29, 2017 - Rev: 27
Last Review: Aug 30, 2017 - Rev: 29

** https://support.microsoft.com/en-us/help/4034679/windows-7-sp1-windows-server-2008-r2-sp1-update-kb4034679
Last Review: Aug 9, 2017 - Rev: 23
Last Review: Aug 16, 2017 - Rev: 27
Last Review: Aug 18, 2017 - Rev: 28
Last Review: Aug 25, 2017 - Rev: 29
Last Review: Aug 29, 2017 - Rev: 30
Last Review: Aug 30, 2017 - Rev: 31

- https://www.askwoody.com/2017/microsoft-patches-buggy-windows-7-patch-kb-4039884-solves-the-dual-monitor-rendering-problem/
Aug 26, 2017
___

Patch Watch: August’s Follow-Up Fixes
> http://windowssecrets.com/windows-secrets/patch-watch-augusts-follow-up-fixes/
Aug 22, 2017 - "I have a phrase I often use with technology: Keep the children on the playground the same age. This means -not- mixing older-and-younger groups; they have different skill levels and abilities. The same goes for .NET 4.7, applications and Windows 7. If you dig into various locations on the web you will see post install side effects such as the following:
Impacting Autocad and earlier versions as noted in a forum[1]
1] https://www.cadnauseam.com/2017/07/15/automated-net-4-7-update-kills-autocad-pre-2017/
.NET 4.7 crashing Quickbooks as noted on a blog[2]
2] http://www.intuitiveaccountant.com/general-ledger/windows-net-framework-crashing-quickbooks/#.WZO9HLpFw2w
Possible issues with Arcgis Pro[3]
3] https://geonet.esri.com/thread/196265-net-47-upgrade-breaks-arcgis-pro
May have issues with touchscreen inputs as notes in this post[4]
4] https://www.reddit.com/r/sysadmin/comments/6immqc/headsup_recent_net_47_update_has_some_issues_and/?st=j6pg42dp&sh=376b604f
Techsmith Snagit impact with .NET 4.7 as noted in this forum[5]
5] https://www.reddit.com/r/sysadmin/comments/6immqc/headsup_recent_net_47_update_has_some_issues_and/?st=j6pg42dp&sh=376b604f
I’ll be investigating and see if the 4.7 update is the trigger for these issues but in the meantime if you are impacted and want to block .NET 4.7 you can use a registry key as noted on the Ghacks site.[6]
6] https://www.ghacks.net/2017/06/12/blocking-net-framework-4-7-installation/
... What to do: Consider -blocking- .NET 4.7 on older operating systems.
Windows 10 1607 Side Effects: The release of 4034658 to Windows 10, version 1607 release had a few noticeable side effects: Naming it wiped-out-your-update-history. As an alternative, to see which quality updates have been applied, you can navigate to the inventory by going to Control Panel -> Programs -> “View Installed Updates.” In addition, the update had additional-side-effects of making any hidden updates pop back up again. So if you hid the 1703 update it -will- offer back up again. Finally in a network setting, WSUS servers will exhibit increased CPU, memory, and network utilization when Windows Update clients perform their first scan after installing KB4034658. Remember this only happens with the KB4034658* for Windows 10 1607 update."
* https://support.microsoft.com/en-hk/help/4034658
Last updated: 11 Aug 2017 - Rev: 21
Last Review: 28 Aug 2017 - Rev: 25
___

Fixes or workarounds for recent issues in Outlook for Windows
- https://support.office.com/en-us/article/Fixes-or-workarounds-for-recent-issues-in-Outlook-for-Windows-ecf61305-f84f-4e13-bb73-95a214ac1230
Last updated: Aug 24, 2017
___

Update for Office 2016 (KB4011093)
- https://support.microsoft.com/en-us/help/4011093/august-22-2017-update-for-office-2016-kb4011093
Last Review: Aug 24, 2017 - Rev: 16
Last Review: Sep 1, 2017 - Rev: 20
___

August 25, 2017 — KB4039884
> https://support.microsoft.com/en-us/help/4039884/windows-7-update-kb4039884
Last Review: Aug 25, 2017 - Rev: 33
Last Review: Aug 30, 2017 - Rev: 34 - "This update addresses an issue where UI elements, including menu bars, are missing from Windows and Java applications running on computers with multiple monitors (multimon). The issue affects console and Remote Desktop logons when the main monitor is -not- in the top left area of the monitor layout in Control Panel. Applications may also stop responding or not work properly when moved between monitors. This issue impacts the following releases:
2017-08 Monthly Rollup - KB4034664
2017-08 Security-only update - KB4034679
2017-08 Preview of Monthly Rollup - KB4034670
Before you install this update, you must install KB4034664 or KB4034679, and then apply this update... Microsoft is working on a resolution and will provide an update in an upcoming release..."

"... If you have problems with a Windows 7 second monitor after installing this month’s KB 4034664, there’s a new manual-install-only fix. But it’s buggy, too"
>> http://www.computerworld.com/article/3219738/microsoft-windows/microsoft-repairs-buggy-win7-security-patch-with-buggy-hotfix-kb-4039884.html
Aug 28, 2017

:fear::fear::fear:

FYI...

MS patch alert: Outstanding problems with recent updates
... Long list of -unresolved- issues
- https://www.computerworld.com/article/3221286/microsoft-windows/microsoft-patch-alert-outstanding-problems-with-recent-updates.html
Aug 31, 2017 - "... Recommendation: Hold off on applying August Windows and Office patches."

:fear::fear::fear:

FYI...

September 2017 Non-Security Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2017/09/05/september-2017-non-security-office-update-release/
Sep 5, 2017 - "Listed below are the non-security updates we released on the Download Center and Microsoft Update. See the linked KB articles for more information.

Office 2013
Update for Microsoft Office 2013 (KB3172484)
- https://support.microsoft.com/help/3172484
Update for Microsoft Office 2013 (KB3172512)
- https://support.microsoft.com/help/3172512
Update for Microsoft Office 2013 (KB3203486)
- https://support.microsoft.com/help/3203486
Update for Microsoft Office 2013 (KB3213536)
- https://support.microsoft.com/help/3213536
Update for Microsoft Office 2013 (KB4011087)
- https://support.microsoft.com/help/4011087
Update for Microsoft Office 2013 (KB4011106)
- https://support.microsoft.com/help/4011106
Update for Microsoft Project 2013 (KB4011109)
- https://support.microsoft.com/help/4011109
Update for Microsoft Visio 2013 (KB3191936)
- https://support.microsoft.com/help/3191936
Update for Microsoft Word 2013 (KB4011105)
- https://support.microsoft.com/help/4011105

Office 2016
Update for Microsoft Access 2016 (KB4011032)
- https://support.microsoft.com/help/4011032
Update for Microsoft Office 2016 (KB3191923)
- https://support.microsoft.com/help/3191923
Update for Microsoft Office 2016 (KB3191924)
- https://support.microsoft.com/help/3191924
Update for Microsoft Office 2016 (KB3203478)
- https://support.microsoft.com/help/3203478
Update for Microsoft Office 2016 (KB3203482)
- https://support.microsoft.com/help/3203482
Update for Microsoft Office 2016 (KB4011093)
- https://support.microsoft.com/help/4011093
Update for Microsoft Office 2016 (KB4011099)
- https://support.microsoft.com/help/4011099
Update for Microsoft Office 2016 (KB4011102)
- https://support.microsoft.com/help/4011102
Update for Microsoft Office 2016 Language Interface Pack (KB4011098)
- https://support.microsoft.com/help/4011098
Update for Microsoft OneNote 2016 (KB4011092)
- https://support.microsoft.com/help/4011092
Update for Microsoft Project 2016 (KB4011101)
- https://support.microsoft.com/help/4011101
Update for Microsoft Visio 2016 (KB4011096)
- https://support.microsoft.com/help/4011096
Update for Microsoft Word 2016 (KB4011039)
- https://support.microsoft.com/help/4011039
___

- https://www.computerworld.com/article/3221371/microsoft-windows/its-time-to-install-august-windows-and-office-patches-carefully.html
Sep 5, 2017 - "August was a banner month for Windows and Office customers. If I counted correctly, we saw patches on -14- different days last month... current list of outstanding problems... it’s time for you to get the August patches out of the way..."
(More detail at the computerworld URL above.)

:fear::fear:

FYI...

- https://blogs.technet.microsoft.com/msrc/2017/09/12/september-2017-security-update-release/
Sep 12, 2017 - "... we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically..."

- https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/5984735e-f651-e711-80dd-000d3a32fc99
Sep 12, 2017 - "The September security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
Adobe Flash Player
Skype for Business and Lync
.NET Framework
Microsoft Exchange Server ..."

> https://portal.msrc.microsoft.com/en-us/security-guidance/summary
Total items: 96 - Page: 1/1
___

Sept 2017 Office Update Release
- https://blogs.technet.microsoft.com/office_sustained_engineering/2017/09/12/september-2017-office-update-release/
Sep 12, 2017 - "... This month, there are -45- security updates and 30 non-security updates. All of the security and non-security updates are listed in KB article 4040279*.
* https://support.microsoft.com/en-us/help/4040279/september-2017-updates-for-microsoft-office
Last Review: Sep 12, 2017 - Rev: 9

A new version of Office 2013 Click-To-Run is available: 15.0.4963.1002

A new version of Office 2010 Click-To-Run is available: 14.0.7188.5002"
___

Description of Software Update Services and Windows Server Update Services changes in content for 2017
- https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in
Last Review: Sep 12, 2017 - Rev: 125
___

Additional info:
- http://www.securitytracker.com/id/1039320
- http://www.securitytracker.com/id/1039322
- http://www.securitytracker.com/id/1039323
- http://www.securitytracker.com/id/1039324
- http://www.securitytracker.com/id/1039325

- http://www.securitytracker.com/id/1039326
- http://www.securitytracker.com/id/1039327
- http://www.securitytracker.com/id/1039328
- http://www.securitytracker.com/id/1039329
- http://www.securitytracker.com/id/1039330

- http://www.securitytracker.com/id/1039331
- http://www.securitytracker.com/id/1039333
- http://www.securitytracker.com/id/1039337
- http://www.securitytracker.com/id/1039338
- http://www.securitytracker.com/id/1039339

- http://www.securitytracker.com/id/1039340
- http://www.securitytracker.com/id/1039341
- http://www.securitytracker.com/id/1039342
- http://www.securitytracker.com/id/1039343
- http://www.securitytracker.com/id/1039344

- http://www.securitytracker.com/id/1039352
- http://www.securitytracker.com/id/1039369
___

Qualys analysis: https://blog.qualys.com/laws-of-vulnerabilities/2017/09/12/september-patch-tuesday-27-critical-vulnerabilities-from-microsoft-plus-critical-adobe-patches
Sep 12, 2017 - "Today Microsoft released a fairly large batch of patches covering 81 vulnerabilities as part of September’s Patch Tuesday update, with 38 of them impacting Windows. Patches covering -27- of these vulnerabilities are labeled as -Critical- and -39- can result in Remote Code Execution (RCE). According to Microsoft, one vulnerability impacting HoloLens has a public exploit.
Top priority for patching should go to CVE-2017-0161, an RCE vulnerability in NetBIOS that impacts both servers and workstations. For users of Microsoft’s DHCP server, priority should also be given to CVE-2017-8686, especially if using failover mode, due to another potential RCE.
Out of the 26 vulnerabilities that are both Critical and RCE, -22- of them impact Microsoft’s browsers. Many of these vulnerabilities involve the Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems that use email and access the internet via a browser. Adobe has also released patches covering 5 critical vulnerabilities, 2 of which are for Flash. The other patches are for Adobe ColdFusion and RoboHelp."

ghacks.net: https://www.ghacks.net/2017/09/12/microsoft-security-updates-september-2017-release/
Sep 12, 2017 - "... Executive Summary:
Microsoft released security patches for all versions of Windows. Security updates were also released for Internet Explorer, Microsoft Edge, Microsoft Office, Skype for Business and Lync, Microsoft Exchange Server, Adobe Flash Player, and the .Net Framework.
Operating System Distribution:
- Windows 7: 22 vulnerabilities of which 3 are rated critical, 19 important
- Windows 8.1: 26 vulnerabilities of which 4 are rated critical, 22 important
- Windows 10 version 1703: 25 vulnerabilities of which 2 are rated critical, 23 important
Windows Server products:
- Windows Server 2008 R2: 23 vulnerabilities, of which 3 are rated critical, 20 important
- Windows Server 2012 and 2012 R2: 26 vulnerabilities, of which 4 are rated critical 21 important and 1 moderate
- Windows Server 2016: 28 vulnerabilities of which 2 are rated critical, 26 important
Other Microsoft Products:
- Internet Explorer 11: 7 vulnerabilities, 5 critical, 2 important
- Microsoft Edge: 28 vulnerabilities, 19 critical, 7 important, 2 moderate..."
___

- https://www.us-cert.gov/ncas/current-activity/2017/09/12/Microsoft-Releases-September-2017-Security-Updates
Sep 12, 2017

:fear::fear: